Kyverno policy engine designed for Kubernetes by Nirmata

Additional Info

Company size (employees)10 to 49
Type of solutionCloud/SaaS


Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. In August 2021, Nirmata raised $4.0 million in pre-series A funding to accelerate the growth of Kyverno. The funding comes as Kyverno achieved considerable growth punctuated by the increased adoption of open source. Since the beginning of 2021, Kyverno’s adoption quickly soared to over seven million downloads, with a growing number of users including Novartis, The New York Times, Duke Energy, TriNet and is used by open source projects like Flux and KubeArmor.

Key Milestones
– Accepted by the Cloud Native Computing Foundation as a sandbox project in November 2020
– More than 7 million downloads since launched in early 2021
– More than 1200 GitHub stars

How we are different

Generating value in the infrastructure supporting businesses’ digital workloads requires DevSecOps teams to gain visibility into what's happening in each cluster and implement necessary guardrails as the organization scales. To do this requires a policy management solution that is built to handle the scale and complexity of Kubernetes environments which Kyverno, addresses through the following three key functionalities:

--Validate: The primary function of any policy management engine is confirming that all resource configurations are compliant and secure. Kyverno’s validate function allows high-level IT stakeholders to ensure that their DevOps and security teams are navigating their role securely and according to the cloud-native best practices.

-- Mutate: Given the dynamic nature of digital infrastructure and cloud services, enterprise IT departments are constantly updating their policy requests to maintain the proper use of resources in every environment. Kyverno’s mutation function automates the adjustment of these requests so they are in accordance with validation rules. Instead of simply rejecting non-compliant requests, the mutate function tacitly adjusts them to an acceptable format.

-- Generate: A feature exclusive to Kyverno, generate rules allow for the creation of supplementary and supporting policies in the event that a new policy is created (or an existing one is updated).

Unlike other solutions that require users to learn a specific programming language, Nirmata offers native-language coding to its default security and GitOps-style workflow making it easy to use.

Continuous compliance within Kubernetes environments is crucial to maintaining successful enterprise operations within multi-cloud systems. The Nirmata team has intimate knowledge of Kyverno’s inner workings and combines this expertise with industry best practices in both container and policy resource management. The process of continuous compliance is born from this combination, and is the foundation of Nirmata’s Policy Manager service that provides enterprises the guidelines they need to maintain CI/CD.