- Log overload: every audit violation becomes a log entry, but logs are raw and hard to query.
- Blind spots: Audit policies only evaluate new or updated resources, leaving existing resources unassessed.
- No formal reporting: security teams require compliance reports, but Alex lacks a way to generate them.

- Core concepts: PolicyReport and ClusterPolicyReport as Kubernetes custom resources.
- Real-time reporting: how Audit-mode policies generate structured report entries.
- Background scans: how to evaluate existing resources and close the visibility gap so you can produce formal compliance reports.
PolicyReport and ClusterPolicyReport are standard Kubernetes custom resources. That means they can be queried with
kubectl, watched by controllers, and exported to external systems via existing Kubernetes integrations.- Structured data: reports convert noisy audit logs into typed, queryable objects.
- Integrations: because they’re Kubernetes resources, you can use existing exporters, controllers, and tooling to collect and persist them.
- Visibility: reports capture evaluation results so you can answer questions like “How many pods are violating the image tag policy right now?”
How reporting solves Alex’s problems
- Logs → Reports: Audit-mode policies continue to allow developer workflows while emitting structured report entries that are easy to query and aggregate.
- Existing resources: Background scans evaluate the current state of resources and populate reports for pre-existing workloads, closing the visibility gap.
- Compliance artifacts: With reports stored as Kubernetes resources, you can generate formal compliance exports, drive dashboards, and automate notifications.

- Deep dive into the PolicyReport/ClusterPolicyReport schema and examples.
- Demonstrate how Audit policies create report entries in real time.
- Configure and run background scans to populate reports for all existing resources.
- Export and aggregate reports for compliance dashboards and stakeholder reporting.