Kubewarden

All

108 repositories

kwctl
Public
Go-to CLI tool for Kubewarden users
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security
Rust
•
Apache License 2.0
•23•88•14•3•Updated Dec 28, 2025Dec 28, 2025
sbomscanner
Public
A SBOM-centric security scanner.
Go
•
Apache License 2.0
•13•16•25•9•Updated Dec 28, 2025Dec 28, 2025
capabilities-psp-policy
Public
A Pod Security Policy that controls Container Capabilities
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•7•6•2•1•Updated Dec 27, 2025Dec 27, 2025
host-namespaces-psp-policy
Public
Replacement for the Kubernetes Pod Security Policy that controls the usage of host namespaces
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•5•1•2•1•Updated Dec 27, 2025Dec 27, 2025
apparmor-psp-policy
Public
A Kubewarden Pod Security Policy that controls usage of AppArmor profiles
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•5•6•3•1•Updated Dec 27, 2025Dec 27, 2025
pod-runtime-class-policy
Public
A Kubewarden Policy that controls the usage of Pod runtimeClass
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•3•4•1•1•Updated Dec 27, 2025Dec 27, 2025
context-aware-demo
Public
A demo policy showing how to access Kubernetes resources at policy evaluation time
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•2•1•1•1•Updated Dec 27, 2025Dec 27, 2025
unique-service-selector-policy
Public
Policy validates that there are no services with the same set of selectors
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•1•0•1•1•Updated Dec 27, 2025Dec 27, 2025
labels-policy
Public
Validates labels
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•1•0•1•1•Updated Dec 27, 2025Dec 27, 2025
volumeMounts-policy
Public
A Kubewarden Policy that controls the usage of `volumeMounts`
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•4•2•1•6•Updated Dec 27, 2025Dec 27, 2025
context-aware-test-policy
Public
A test context-aware policy
Rust
•
Apache License 2.0
•2•0•1•1•Updated Dec 27, 2025Dec 27, 2025
do-not-expose-admission-controller-webhook-services-policy
Public
A policy that detects webhook services used by admission controller that are accidentally exposed outside of the cluster
kubernetes webassembly compliance hacktoberfest policy-as-code kubernetes-security kubewarden-policy admissioncontroller
Rust
•
Apache License 2.0
•2•0•1•1•Updated Dec 27, 2025Dec 27, 2025
user-group-psp-policy
Public
This Kubewarden Policy is a replacement for the Kubernetes Pod Security Policy that controls containers user and groups
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•5•7•2•1•Updated Dec 27, 2025Dec 27, 2025
rancher-project-propagate-labels
Public
Propagate Rancher Project labels to the Namespaces it owns
Rust
•
Apache License 2.0
•3•3•1•1•Updated Dec 27, 2025Dec 27, 2025
env-variable-secrets-scanner-policy
Public
A Kubewarden Policy that detects secrets (ssh private keys, API tokens, etc) leaked via environment variables
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•5•5•1•1•Updated Dec 27, 2025Dec 27, 2025
allow-privilege-escalation-psp-policy
Public
A Kubewarden Pod Security Policy that controls usage of allowPrivilegeEscalation
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•8•6•2•1•Updated Dec 27, 2025Dec 27, 2025
raw-validation-policy
Public
Demo policy showing how to write a raw validating policy
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•1•0•1•1•Updated Dec 27, 2025Dec 27, 2025
deprecated-api-versions-policy
Public
A Kubewarden Policy that detects usage of deprecated and dropped Kubernetes resources
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•5•17•2•2•Updated Dec 27, 2025Dec 27, 2025
flexvolume-drivers-psp-policy
Public
Replacement for the Kubernetes Pod Security Policy that controls the allowed `flexVolume` drivers
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•4•1•3•1•Updated Dec 27, 2025Dec 27, 2025
selinux-psp-policy
Public
Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•4•1•3•1•Updated Dec 27, 2025Dec 27, 2025
pod-ndots-policy
Public
Policy that enforces the usage of ndots in the pod's DNS configuration
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•0•0•1•1•Updated Dec 27, 2025Dec 27, 2025
persistentvolumeclaim-storageclass-policy
Public
Policy that validates and adjusts the usage of StorageClasses in PersistentVolumeClaims
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•3•1•4•1•Updated Dec 27, 2025Dec 27, 2025
priority-class-policy
Public
Validates Pod's priority class
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•3•0•1•1•Updated Dec 27, 2025Dec 27, 2025
high-risk-service-account-policy
Public
Rust
•
Apache License 2.0
•3•0•1•1•Updated Dec 27, 2025Dec 27, 2025
allowed-fsgroups-psp-policy
Public
Replacement for the Kubernetes Pod Security Policy that controls the usage of fsGroup in the pod security context
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•6•4•3•1•Updated Dec 27, 2025Dec 27, 2025
pod-privileged-policy
Public
A Kubewarden Policy that limits the ability to create privileged containers
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•6•10•2•1•Updated Dec 27, 2025Dec 27, 2025
sleeping-policy
Public
A test policy that simulates long running policy evaluations
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•2•0•1•1•Updated Dec 27, 2025Dec 27, 2025
policy-server
Public
Webhook server that evaluates WebAssembly policies to validate Kubernetes requests
kubernetes rust webassembly policy hacktoberfest policy-as-code kubernetes-webhook kubernetes-security
Rust
•
Apache License 2.0
•21•152•17•1•Updated Dec 27, 2025Dec 27, 2025
environment-variable-policy
Public
A Kubewarden Policy that controls the usage of environment variables
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•4•2•1•1•Updated Dec 27, 2025Dec 27, 2025
verify-image-signatures
Public
A Kubewarden Policy that verifies all the signatures of the container images referenced by a Pod
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•8•13•2•1•Updated Dec 27, 2025Dec 27, 2025