Kyverno has reached CNCF Graduated status, the highest maturity level in the CNCF project lifecycle. The announcement came at KubeCon + CloudNativeCon Europe 2026 in Amsterdam on March 24, 2026.
What Graduation Actually Requires
This isn’t a rubber stamp. Graduation required a third-party security audit and a full security assessment led by CNCF TAG Security & Compliance. These validate that the project can handle production workloads and has a defensible security posture.
Full CEL Adoption
With its latest release, Kyverno has fully adopted Common Expression Language (CEL), matching the direction Kubernetes itself is heading for admission controls.
The practical upside: Kyverno policies and Kubernetes ValidatingAdmissionPolicies now use the same expression language. Platform teams don’t need to context-switch between two policy syntaxes anymore.
Beyond Kubernetes
Kyverno started as a Kubernetes-native admission controller, but it’s grown into something broader. Declarative policies are now usable across a wide range of payloads and enforcement points across the cloud native stack.
Growth Since 2020
Since joining CNCF in 2020, Kyverno has gone from 574 GitHub stars to more than 9,000. The contributor base has expanded significantly, with adopters spanning startups to large enterprises.
The CEL alignment is really the key story here. As Kubernetes moves toward CEL-based admission control, Kyverno’s adoption of the same expression language makes it a natural extension of the platform rather than a competing paradigm. That’s a smart bet on where the ecosystem is going.