> ## Documentation Index
> Fetch the complete documentation index at: https://notes.kodekloud.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Section Introduction

> Explains Kyverno reporting using PolicyReport and ClusterPolicyReport to convert policy evaluations into structured, queryable compliance reports with audit-mode entries and background scans.

So far we've written policies to enforce rules, mutate resources, and perform cleanup. A critical question remains: how do we get a clear, consolidated view of the cluster's compliance status?

To understand your security posture you need a reporting system that converts raw policy evaluations into structured, queryable results. In this lesson we'll explore Kyverno's reporting capabilities and how they solve Alex's visibility problem.

Common obstacles Alex faces:

* Log overload: every audit violation becomes a log entry, but logs are raw and hard to query.
* Blind spots: Audit policies only evaluate new or updated resources, leaving existing resources unassessed.
* No formal reporting: security teams require compliance reports, but Alex lacks a way to generate them.

<Frame>
  <img src="https://mintcdn.com/kodekloud-c4ac6d9a/rzUP76niRaOmk997/images/Prep-Course-Kyverno-Certified-Associate-KCA-Certification/Reporting/Section-Introduction/alex-new-challenge-problems-diagram.jpg?fit=max&auto=format&n=rzUP76niRaOmk997&q=85&s=06c02eb65e2c3956e1d2e9f2a35550e4" alt="The image outlines &#x22;Alex's New Challenge&#x22; with three problems: Log Overload, Pre-Existing Resources, and Compliance Reporting, each with a brief description." width="1920" height="1080" data-path="images/Prep-Course-Kyverno-Certified-Associate-KCA-Certification/Reporting/Section-Introduction/alex-new-challenge-problems-diagram.jpg" />
</Frame>

Alex needs to move from reactive log-checking to proactive compliance reporting. He asks: how do I get a consolidated view of my cluster's compliance status that includes both new and pre-existing resources? Kyverno's reporting system is designed to answer exactly that.

What we’ll cover

* Core concepts: PolicyReport and ClusterPolicyReport as Kubernetes custom resources.
* Real-time reporting: how Audit-mode policies generate structured report entries.
* Background scans: how to evaluate existing resources and close the visibility gap so you can produce formal compliance reports.

<Callout icon="lightbulb" color="#1CB2FE">
  PolicyReport and ClusterPolicyReport are standard Kubernetes custom resources. That means they can be queried with `kubectl`, watched by controllers, and exported to external systems via existing Kubernetes integrations.
</Callout>

Why PolicyReport and ClusterPolicyReport matter

* Structured data: reports convert noisy audit logs into typed, queryable objects.
* Integrations: because they're Kubernetes resources, you can use existing exporters, controllers, and tooling to collect and persist them.
* Visibility: reports capture evaluation results so you can answer questions like “How many pods are violating the image tag policy right now?”

Quick commands (querying reports)

```bash theme={null}
# List namespace-scoped reports
kubectl get policyreport --all-namespaces

# List cluster-scoped reports
kubectl get clusterpolicyreport --all-namespaces

# Inspect a single report (replace <name> and <namespace>)
kubectl describe policyreport <name> -n <namespace>
```

Report types at a glance

| Resource Type       | Scope            | Typical Use                                                                                          |
| ------------------- | ---------------- | ---------------------------------------------------------------------------------------------------- |
| PolicyReport        | Namespace-scoped | Details results for policies that apply within a namespace; useful for per-team or per-app reporting |
| ClusterPolicyReport | Cluster-scoped   | Aggregates results across the cluster; ideal for security/ops dashboards and compliance exports      |

How reporting solves Alex’s problems

* Logs → Reports: Audit-mode policies continue to allow developer workflows while emitting structured report entries that are easy to query and aggregate.
* Existing resources: Background scans evaluate the current state of resources and populate reports for pre-existing workloads, closing the visibility gap.
* Compliance artifacts: With reports stored as Kubernetes resources, you can generate formal compliance exports, drive dashboards, and automate notifications.

<Frame>
  <img src="https://mintcdn.com/kodekloud-c4ac6d9a/rzUP76niRaOmk997/images/Prep-Course-Kyverno-Certified-Associate-KCA-Certification/Reporting/Section-Introduction/alex-compliance-cluster-challenge-graphic.jpg?fit=max&auto=format&n=rzUP76niRaOmk997&q=85&s=7e41038ea46ac6de7563d83dfadcc8e0" alt="The image shows a challenge faced by Alex, who is seeking a consolidated view of a cluster's compliance state. There's a graphic of Alex with a speech bubble quoting the dilemma." width="1920" height="1080" data-path="images/Prep-Course-Kyverno-Certified-Associate-KCA-Certification/Reporting/Section-Introduction/alex-compliance-cluster-challenge-graphic.jpg" />
</Frame>

Next steps in this lesson

1. Deep dive into the PolicyReport/ClusterPolicyReport schema and examples.
2. Demonstrate how Audit policies create report entries in real time.
3. Configure and run background scans to populate reports for all existing resources.
4. Export and aggregate reports for compliance dashboards and stakeholder reporting.

References and further reading

* [Kyverno Documentation - PolicyReport](https://kyverno.io/docs/writing-policies/reporting/)
* [Kubernetes API Concepts](https://kubernetes.io/docs/concepts/overview/)

<CardGroup>
  <Card title="Watch Video" icon="video" cta="Learn more" href="https://learn.kodekloud.com/user/courses/kyverno-certified-associate/module/360718cb-5ab8-44a1-bcd2-beae95ede7c9/lesson/58401c97-2b36-4ada-af97-0f40d3ef1d78" />
</CardGroup>
