The Kyverno Policy Reporter REST API provides endpoints for querying PolicyReport and ClusterPolicyReport custom resources generated by Kyverno. It exposes policy results, status counts, and resource-level violation data, and serves as the backend for the Policy Reporter UI.
openapi: 3.1.0
info:
title: Kyverno Policy Reporter API
description: >-
The Kyverno Policy Reporter REST API provides endpoints for querying
PolicyReport and ClusterPolicyReport custom resources generated by Kyverno.
It exposes policy results, status counts, and resource-level violation data,
serving as the backend for the Policy Reporter UI. The API enables
programmatic access to policy compliance status across namespaces and
clusters.
version: '2.0.0'
contact:
name: Kyverno Community
url: https://kyverno.io/community/
termsOfService: https://kyverno.io/
externalDocs:
description: Policy Reporter API Reference
url: https://kyverno.github.io/policy-reporter/core/api-reference/
servers:
- url: http://localhost:8080
description: Default Policy Reporter server
tags:
- name: ClusterPolicyReports
description: Cluster-scoped policy report endpoints
- name: Health
description: Health and readiness endpoints
- name: Namespaces
description: Namespace listing endpoints
- name: Policies
description: Policy listing and detail endpoints
- name: PolicyReports
description: Namespaced policy report endpoints
- name: Results
description: Policy result query endpoints
- name: Sources
description: Policy source listing endpoints
paths:
/healthz:
get:
operationId: getHealthz
summary: Kyverno Health check
description: >-
Returns the health status of the Policy Reporter server. Used by
Kubernetes liveness and readiness probes to confirm the server is
operational.
tags:
- Health
responses:
'200':
description: Policy Reporter is healthy
content:
application/json:
schema:
$ref: '#/components/schemas/HealthStatus'
'503':
description: Policy Reporter is not healthy
/api/v1/targets:
get:
operationId: listTargets
summary: Kyverno List notification targets
description: >-
Returns a list of configured notification targets such as Slack, Teams,
Loki, Elasticsearch, and others. Each target entry includes its name,
minimum priority filter, and enabled sources.
tags:
- Policies
responses:
'200':
description: List of notification targets
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Target'
/api/v1/namespaces:
get:
operationId: listNamespaces
summary: Kyverno List namespaces with policy reports
description: >-
Returns a list of namespace names that have associated PolicyReport
resources. Useful for filtering result queries by namespace.
tags:
- Namespaces
responses:
'200':
description: List of namespace names
content:
application/json:
schema:
type: array
items:
type: string
example: default
/api/v1/sources:
get:
operationId: listSources
summary: Kyverno List policy sources
description: >-
Returns a list of policy source names that have generated reports. Policy
sources include kyverno, kube-bench, trivy, and other policy engines that
produce PolicyReport resources.
tags:
- Sources
responses:
'200':
description: List of policy source names
content:
application/json:
schema:
type: array
items:
type: string
example: kyverno
/api/v1/policies:
get:
operationId: listPolicies
summary: Kyverno List policies
description: >-
Returns a list of policies with result counts grouped by status. Supports
filtering by namespace, source, and category. Each entry includes counts
of pass, fail, warn, error, and skip results.
tags:
- Policies
parameters:
- $ref: '#/components/parameters/namespaceParam'
- $ref: '#/components/parameters/sourceParam'
- $ref: '#/components/parameters/categoryParam'
responses:
'200':
description: List of policies with result counts
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/PolicySummary'
/api/v1/rules:
get:
operationId: listRules
summary: Kyverno List policy rules
description: >-
Returns a list of policy rule names that have results across all
namespaces. Can be filtered by namespace and source to narrow the results.
tags:
- Policies
parameters:
- $ref: '#/components/parameters/namespaceParam'
- $ref: '#/components/parameters/sourceParam'
responses:
'200':
description: List of policy rule names
content:
application/json:
schema:
type: array
items:
type: string
example: require-labels
/api/v1/categories:
get:
operationId: listCategories
summary: Kyverno List policy categories
description: >-
Returns a list of policy category names used to group related policies.
Categories are defined in policy metadata and may include values such as
Pod Security Standards or Best Practices.
tags:
- Policies
parameters:
- $ref: '#/components/parameters/sourceParam'
responses:
'200':
description: List of category names
content:
application/json:
schema:
type: array
items:
type: string
example: Pod Security Standards
/api/v1/policy-reports:
get:
operationId: listPolicyReports
summary: Kyverno List namespaced policy reports
description: >-
Returns a paginated list of PolicyReport resources across all namespaces
or filtered by a specific namespace. Each report includes summary counts
and metadata about the namespace and source.
tags:
- PolicyReports
parameters:
- $ref: '#/components/parameters/namespaceParam'
- $ref: '#/components/parameters/sourceParam'
- $ref: '#/components/parameters/pageParam'
- $ref: '#/components/parameters/perPageParam'
responses:
'200':
description: Paginated list of policy reports
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyReportList'
/api/v1/cluster-policy-reports:
get:
operationId: listClusterPolicyReports
summary: Kyverno List cluster-scoped policy reports
description: >-
Returns a paginated list of ClusterPolicyReport resources. These reports
cover cluster-scoped resources such as Nodes, Namespaces, and
ClusterRoles that are not bound to a specific namespace.
tags:
- ClusterPolicyReports
parameters:
- $ref: '#/components/parameters/sourceParam'
- $ref: '#/components/parameters/pageParam'
- $ref: '#/components/parameters/perPageParam'
responses:
'200':
description: Paginated list of cluster policy reports
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyReportList'
/api/v1/namespace-scoped/results:
get:
operationId: listNamespaceScopedResults
summary: Kyverno List namespace-scoped policy results
description: >-
Returns a paginated list of individual policy result entries from
PolicyReport resources. Results can be filtered by namespace, policy,
rule, status, severity, category, source, and resource kind or name.
tags:
- Results
parameters:
- $ref: '#/components/parameters/namespaceParam'
- $ref: '#/components/parameters/sourceParam'
- $ref: '#/components/parameters/policyParam'
- $ref: '#/components/parameters/ruleParam'
- $ref: '#/components/parameters/statusParam'
- $ref: '#/components/parameters/severityParam'
- $ref: '#/components/parameters/categoryParam'
- $ref: '#/components/parameters/kindParam'
- $ref: '#/components/parameters/pageParam'
- $ref: '#/components/parameters/perPageParam'
responses:
'200':
description: Paginated policy results
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyResultList'
'400':
description: Invalid query parameters
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
/api/v1/cluster-scoped/results:
get:
operationId: listClusterScopedResults
summary: Kyverno List cluster-scoped policy results
description: >-
Returns a paginated list of individual policy result entries from
ClusterPolicyReport resources. Results can be filtered by policy, rule,
status, severity, category, source, and resource kind or name.
tags:
- Results
parameters:
- $ref: '#/components/parameters/sourceParam'
- $ref: '#/components/parameters/policyParam'
- $ref: '#/components/parameters/ruleParam'
- $ref: '#/components/parameters/statusParam'
- $ref: '#/components/parameters/severityParam'
- $ref: '#/components/parameters/categoryParam'
- $ref: '#/components/parameters/kindParam'
- $ref: '#/components/parameters/pageParam'
- $ref: '#/components/parameters/perPageParam'
responses:
'200':
description: Paginated cluster-scoped policy results
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyResultList'
'400':
description: Invalid query parameters
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
/api/v1/namespace-scoped/summary:
get:
operationId: getNamespaceScopedSummary
summary: Kyverno Get namespace-scoped result summary
description: >-
Returns aggregated result counts grouped by status for namespace-scoped
policy reports. Supports the same filtering options as the results
endpoint. Useful for dashboard and summary views.
tags:
- Results
parameters:
- $ref: '#/components/parameters/namespaceParam'
- $ref: '#/components/parameters/sourceParam'
- $ref: '#/components/parameters/categoryParam'
responses:
'200':
description: Result summary counts
content:
application/json:
schema:
$ref: '#/components/schemas/ResultSummary'
/api/v1/cluster-scoped/summary:
get:
operationId: getClusterScopedSummary
summary: Kyverno Get cluster-scoped result summary
description: >-
Returns aggregated result counts grouped by status for cluster-scoped
policy reports. Supports the same filtering options as the cluster results
endpoint.
tags:
- Results
parameters:
- $ref: '#/components/parameters/sourceParam'
- $ref: '#/components/parameters/categoryParam'
responses:
'200':
description: Cluster result summary counts
content:
application/json:
schema:
$ref: '#/components/schemas/ResultSummary'
components:
parameters:
namespaceParam:
name: namespace
in: query
description: Filter results by Kubernetes namespace
required: false
schema:
type: string
example: default
sourceParam:
name: source
in: query
description: Filter results by policy source (e.g., kyverno, trivy)
required: false
schema:
type: string
example: kyverno
policyParam:
name: policy
in: query
description: Filter results by policy name
required: false
schema:
type: string
example: require-labels
ruleParam:
name: rule
in: query
description: Filter results by rule name
required: false
schema:
type: string
example: check-for-labels
statusParam:
name: status
in: query
description: Filter results by result status
required: false
schema:
type: string
enum:
- pass
- fail
- warn
- error
- skip
severityParam:
name: severity
in: query
description: Filter results by severity level
required: false
schema:
type: string
enum:
- info
- low
- medium
- high
- critical
categoryParam:
name: category
in: query
description: Filter results by policy category
required: false
schema:
type: string
example: Pod Security Standards
kindParam:
name: kind
in: query
description: Filter results by Kubernetes resource kind
required: false
schema:
type: string
example: Pod
pageParam:
name: page
in: query
description: Page number for paginated results (1-based)
required: false
schema:
type: integer
minimum: 1
default: 1
perPageParam:
name: perPage
in: query
description: Number of results per page
required: false
schema:
type: integer
minimum: 1
maximum: 250
default: 20
schemas:
HealthStatus:
type: object
properties:
status:
type: string
description: Health status of the server
example: ok
Target:
type: object
description: A notification target configured to receive policy results
properties:
name:
type: string
description: Name of the notification target
example: slack
minimumPriority:
type: string
description: Minimum result severity that triggers a notification
enum:
- info
- low
- medium
- high
- critical
example: medium
sources:
type: array
description: List of policy sources this target receives notifications from
items:
type: string
example:
- kyverno
skipExistingOnStartup:
type: boolean
description: Whether to skip existing results when the server starts
example: true
PolicySummary:
type: object
description: A policy with aggregated result counts
properties:
policy:
type: string
description: Name of the policy
example: require-labels
namespace:
type: string
description: Namespace of the policy (empty for cluster-scoped)
example: default
source:
type: string
description: Policy engine that created the policy
example: kyverno
category:
type: string
description: Category the policy belongs to
example: Best Practices
severity:
type: string
description: Severity level of the policy
enum:
- info
- low
- medium
- high
- critical
results:
$ref: '#/components/schemas/ResultCounts'
PolicyReportList:
type: object
description: Paginated list of policy reports
properties:
items:
type: array
description: List of policy report summaries
items:
$ref: '#/components/schemas/PolicyReport'
count:
type: integer
description: Total number of policy reports matching the query
example: 42
PolicyReport:
type: object
description: A PolicyReport or ClusterPolicyReport resource summary
properties:
name:
type: string
description: Name of the policy report resource
example: cpol-require-labels
namespace:
type: string
description: Namespace of the report (empty for cluster-scoped reports)
example: default
source:
type: string
description: Policy engine that generated the report
example: kyverno
summary:
$ref: '#/components/schemas/ResultCounts'
creationTimestamp:
type: string
format: date-time
description: Timestamp when the policy report was created
PolicyResultList:
type: object
description: Paginated list of individual policy results
properties:
items:
type: array
description: List of individual policy result entries
items:
$ref: '#/components/schemas/PolicyResult'
count:
type: integer
description: Total number of results matching the query
example: 150
PolicyResult:
type: object
description: An individual policy evaluation result for a specific resource
properties:
id:
type: string
description: Unique identifier for the result
example: abc123
policy:
type: string
description: Name of the policy that generated the result
example: require-labels
rule:
type: string
description: Name of the policy rule that generated the result
example: check-for-labels
message:
type: string
description: Human-readable message describing the result
example: 'validation error: Label app is required.'
status:
type: string
description: Outcome of the policy evaluation
enum:
- pass
- fail
- warn
- error
- skip
example: fail
severity:
type: string
description: Severity level of the result
enum:
- info
- low
- medium
- high
- critical
example: medium
category:
type: string
description: Category of the policy rule
example: Best Practices
source:
type: string
description: Policy engine source
example: kyverno
namespace:
type: string
description: Kubernetes namespace of the affected resource
example: default
resource:
$ref: '#/components/schemas/ResourceReference'
timestamp:
type: string
format: date-time
description: Timestamp when the result was recorded
ResourceReference:
type: object
description: A reference to the Kubernetes resource evaluated by the policy
properties:
apiVersion:
type: string
description: API version of the resource
example: v1
kind:
type: string
description: Kind of the Kubernetes resource
example: Pod
name:
type: string
description: Name of the resource
example: my-pod
namespace:
type: string
description: Namespace of the resource (empty for cluster-scoped)
example: default
uid:
type: string
description: UID of the Kubernetes resource
example: 550e8400-e29b-41d4-a716-446655440000
ResultCounts:
type: object
description: Aggregated counts of policy results grouped by status
properties:
pass:
type: integer
description: Number of passing results
example: 45
fail:
type: integer
description: Number of failing results
example: 3
warn:
type: integer
description: Number of warning results
example: 1
error:
type: integer
description: Number of error results
example: 0
skip:
type: integer
description: Number of skipped results
example: 2
ResultSummary:
type: object
description: Aggregated summary of policy results
properties:
items:
type: array
description: List of status and count pairs
items:
type: object
properties:
status:
type: string
enum:
- pass
- fail
- warn
- error
- skip
count:
type: integer
description: Number of results with this status
Error:
type: object
description: An error response
properties:
message:
type: string
description: Human-readable error message
example: Invalid query parameter value
required:
- message