--- title: "Policy Reports" diataxis: how-to applies_to: product: "nirmata-control-hub" audience: ["platform-engineer","devsecops"] last_updated: 2026-04-16 url: https://docs.nirmata.io/docs/control-hub/policy-hub/policy-reports/ --- ### View Policy Reports in Nirmata Control Hub Policy Reports provide a comprehensive overview of clusters, namespaces, and repositories. **To access the Policy Reports:** 1. Go to **Policies** > **Policy Reports**. The Policy Reports can be viewed based on Categories, Clusters, Namespaces, or Repositories. ![image](/images/policy_reports.png) 2. To view the Policy Reports in any Category, click on the Category Name (for example, **RBAC Best Practices**). The findings in this category will be displayed with information related to Severity, Findings, Impact (Clusters and Resources), and Status (% Pass or Fail). ![image](/images/rbac_best_practices.png) 3. To view a detailed report of a particular finding, click on any **Findings** link. The details contain violation and policy information such as the policy name, rule name, severity of the violation, and other metadata. The page also lists the impacted resources for this finding. ![image](/images/policy_findings.png) ### Sharing Policy Reports To share policy reports with your team, click on the `Share` icon on the top right of the page. 1. Optionally edit the title of the report. 1. Select either the `Cluster` or `Namespace` scope for the report. 1. Filtered Findings is used to generate the report based on the filters applied on the page. 1. All Findings includes all the results for the given cluster or namespaces. 1. You can either download the report or send email to your team members. 1. To send email, the user need not be present in the Nirmata system. However, the email domain should be pre-configured in Nirmata Control Hub. 1. To schedule periodic emails, click on `Email` and then set the schedule to periodically send the emails to all the recipients. ![image](/images/share-report.png) --- ## Violation Insights ## Prerequisites * This feature uses Nirmata AI to analyze and group violations. * Ensure AI settings are enabled for your tenant under _Settings > AI_. * If the "Insights" tab is not visible: * Confirm that your user role has appropriate permissions. * Contact your Nirmata administrator to enable AI features. ## How to Access To view Violation Summarization and Prioritization: 1. Go to the Clusters or Namespaces page. 1. Select a specific cluster or namespace. 1. By default, you will land on "Insights" tab if AI is enabled for your tenant. ## Key Features The Violations Insights page provides: * Summary view of violations across clusters or namespaces. * Top risks, grouped by policy or category. * Violation count breakdown by severity and namespace. ![image](/images/insights-summary.png) The violations are also classified into different priorities based on their severity and blast radius: * 🔥 Priority 1 – Critical misconfigurations * 🚨 Priority 2 – High importance * ℹ️ Priority 3 – Best practices ![image](/images/prioritized-violations.png) ## Benefits & Usage Use this page to: * Quickly identify the most urgent issues in your cluster or namespace. * Focus remediation efforts on high-impact violations. * Reduce noise and avoid “alert fatigue.” * Create Jira tickets directly for prioritized items with prefilled context. --- ## Suppress Policy Reports Kyverno generates policy reports for all namespaces in the cluster. While system namespaces are ignored during admission scans, they are still included in background scan reports. Similarly, third-party namespaces such as those used for monitoring, logging, or internal services (e.g., monitoring, nirmata, etc.) often generate policy violations that cannot be directly actioned by application teams. These reports can introduce noise, making it harder to focus on issues that truly matter. To help reduce this noise and improve signal clarity, Nirmata Control Hub allows users to suppress policy reports from specific namespaces. ## What Suppressing a Namespace Does * Suppressing a namespace hides its policy reports in the Nirmata Control Hub UI. * Reports are still generated by Kyverno and available if needed. * Suppressed reports are simply filtered out from the default view to allow teams to focus on high-priority workloads and namespaces. ## How to Suppress Policy Reports 1. Go to _Settings>Suppress Policy Reports_ 1. Create one or more Suppression Rules 1. Click on Save ![image](/images/suppress-policy-reports.png) Once saved, policy reports from matching namespaces will be hidden from the default Policy Reports views. ## Example Use Cases * Hide reports from `kube-system`, `monitoring`, or `nirmata` namespaces. * Focus attention on application namespaces like `team-a`, `frontend`, or `orders`. ## Notes * This suppression is Nirmata Control Hub-level filtering only. It does not affect Kyverno's scan behavior or the actual generation of reports. * All reports remain accessible through the Nirmata Control Hub backend and APIs. --- ## Assign Namespace Owners Assigning owners to namespaces allows restricted access to specific users. This is typically applicable to users with the DevOps Role, as they need explicit access to namespaces. ### Manual Assignment To manually assign a namespace to a user or team, go to the *Policy Reports > Namespaces* tab. Click on the user icon to assign owners for that namespace. ![image](/images/assign-ns-owner.png) You can add new owners or remove existing ones for a given namespace. ![image](/images/add-remove-owner.png) ### Automatic Assignment To automatically assign owners to a namespace, follow [this workflow](../../../how-to/Auto_Namespace_Assignment/). --- ## Create Jira tickets for Violations Nirmata Control Hub allows teams to directly create and manage Jira tickets from policy violation reports, making it easier to track and resolve security or compliance issues. You can also configure automatic rules to create Jira tickets based on violation severity and scope. ## Prerequisites Before creating Jira tickets from Nirmata Control Hub, ensure the following: * You have administrative access to configure integrations in Nirmata Control Hub. * You have the necessary Jira project access and credentials (API token or user credentials with appropriate permissions). ## Configure Jira Integration 1. Navigate to _Settings>Integrations_. 1. Select Jira from the list of available integrations. 1. Click on **+ Jira Account**. 1. Enter the required access and project details. 1. Click `Save` to validate and store the configuration. ![image](/images/add-jira-account.png) ## Creating a Jira Ticket Manually from a Policy Report 1. Go to _Policy Reports>Cluster_ or _Policy Reports>Namespaces_. 1. Locate the cluster or namespace with violations, for example: `banking-app`. 1. Click `Create Jira Issue` next to the namespace entry. * Any existing Jira issues will be displayed. Click on the Jira link and then click on `Create New Issue`. 1. Fill in the Jira ticket details: * **Namespace** or **Cluster**: Auto-filled with the selected namespace (e.g., `banking-app`). * **Project**: Select the Jira project where the issue should be created. * **Type**: Choose the Jira issue type (e.g., Bug, Task, Story). * **Title**: Customize the issue title. The default is Cluster / Namespace violations for `banking-app`. * **Assignee**: (Optional) Assign the issue to a specific Jira user. * **Priority**: Set the issue priority (e.g., High, Medium, Low). 1. Click `Create` to create the ticket. A confirmation message will appear, and a link to the Jira issue will be displayed. The ticket will also include a summary of violations detected for the cluster or namespace, allowing development or platform teams to take corrective action. ## Configuring Automatic Jira Issue Creation Rules You can define rules for automatic ticket creation based on policy violation severity and target scope (e.g., cluster or namespace). This helps streamline ticketing workflows and ensure timely tracking. 1. Go to _Settings>Integrations>Jira_. 1. Select any Jira account. 1. Select the `Rules` tab. 1. Under `Automatic Jira Issue Creation Rules`, configure your rule: * **FOR EACH:** Select the target scope (e.g., Cluster or Namespace). * **WHERE:** Define filter conditions such as `Severity in Medium`. * **CREATE:** Choose the issue type (e.g., Task), set `Priority`, and assign the issue. 1. Click `+` to add multiple rules or conditions. 1. Click Save to enable the rule. ![image](/images/configure-jira-rule.png) In the example above, the system is configured to: * Create a Task for each Cluster where Severity is Medium. * Set the ticket Priority to Trivial. * Assign the ticket to Damien Toledo. ## Benefits * **Seamless Integration**: Avoid context switching by tracking policy issues within Jira. * **Automated Tracking**: Ensure that policy violations are not missed and are tracked to closure. * **Team Collaboration**: Assign violations directly to responsible teams with all necessary context.