Nirmata Partners with Chainguard to Deliver Zero-CVE Policy Management and Secure Kyverno Deployments

New integration through Chainguard Commercial Builds ensures organizations leveraging the CNCF policy engine can instantly deploy on a hardened, verifiable foundation

 

SAN JOSE, Calif. — March 17, 2026 — Nirmata, the pioneer of Infrastructure Governance and creator of the popular CNCF Kyverno project, today announced a strategic partnership with Chainguard, the trusted source for open source. By joining the newly launched Chainguard Commercial Builds program, Nirmata is delivering hardened, zero- to low-CVE container images of Kyverno, ensuring organizations can enforce infrastructure governance without inheriting base-layer risk.

 

Built and maintained by Nirmata, Kyverno is a cornerstone of cloud-native governance, currently used or evaluated by 42% of CNCF members according to the 2025 CNCF Annual Survey. Through this partnership with Chainguard, organizations can now instantly deploy a verifiable, zero- to low-CVE version of Kyverno, ensuring their critical policy engine is built on a hardened foundation right out of the box—without the operational overhead of patching upstream OS vulnerabilities.

 

Key benefits of the partnership include:

  • Kyverno Deployments with Zero Known CVEs: Kyverno delivered as minimal, hardened container images with zero known vulnerabilities, drastically reducing the attack surface for Kubernetes environments.
  • Verifiable Provenance: Gives security teams cryptographically signed, verifiable evidence that their governance layer meets strict federal and enterprise compliance mandates, including SLSA and FIPS readiness.
  • Eliminated Security Toil: Platform engineering and security teams no longer need to spend cycles tracking, patching, or rebuilding the underlying Linux containers hosting their policy engine to meet strict regulatory standards.

 

“Kyverno is the frontline of defense for continuous compliance and infrastructure governance,” said Ritesh Patel, VP of Product and Co-Founder at Nirmata. “But you cannot secure your infrastructure if your governance tools sit on vulnerable foundations. Chainguard bridges this critical gap for us. By delivering Kyverno on Chainguard’s zero-CVE images, we are ensuring our users can enforce automated, secure-by-default policies without inheriting any underlying infrastructure risk.”

 

“Kyverno has become a cornerstone of Kubernetes governance, helping organizations turn security intent into enforceable policy,” said Brad Bock, Director, Product Management at Chainguard. “Through our Chainguard Commercial Builds partnership with Nirmata, we’re making it easier for teams to deploy Kyverno on a hardened foundation with zero-to-low CVEs and verifiable provenance. Together, we’re helping organizations strengthen their infrastructure security while reducing the operational burden of maintaining the underlying software stack.”

 

To learn more about how Nirmata and Chainguard are delivering secure Kyverno images for modern cloud-native infrastructure, visit the launch blog.

 

About Nirmata 

Nirmata is the pioneer of Infrastructure Governance and the original creators of Kyverno, the CNCF policy-as-code project. We provide the AI-powered enterprise-grade governance layer that operationalizes security intent into enforced platform standards. By bridging the gap between security discovery and automated enforcement, Nirmata helps world-class organizations—including the Fortune 500—eliminate infrastructure risk while accelerating developer velocity.