Can we get something like this, get result based on single cli which take my policy name and show output for those policy only

Like below command
$ kubectl polr results search --category 'require-read-only-root-filesystem'

Sample policy running as of now, exp

NAMESPACE         KIND       NAME                                  POLICY                            RULE                                    RESULT
default           Deployment deploynginx                           restrict-custom-runtime           autogen-restrict-seccomp                fail
default           Deployment deploynginx                           restrict-default-namespace        validate-podcontroller-namespace        fail
default           Pod        deploynginx-xxxxx-n4r2k             require-read-only-root-filesystem validate-readOnlyRootFilesystem         fail

I have added a flag to filter by policy name. You can filter for one or multiple policy name

Example would be:

kubectl polr results list --source kyverno -A --policy disallow-host-ports

and

kubectl polr results search --source kyverno -A --policy disallow-host-ports

It is released as version v0.4.0

Appreciate your quick response to feature request, but i see some issue here

wget policy-reporter-cli_0.4.0_Linux_x86_64.tar.gz (10.6 MB 15 minutes ago )

[ policy-reporterv4]$ ls -l
total 10808
-rw-r--r-- 1 root root 11067138 Sep 5 16:55 policy-reporter-cli_0.4.0_Linux_x86_64.tar.gz

[ policy-reporterv4]$ tar -xvf policy-reporter-cli_0.4.0_Linux_x86_64.tar.gz
LICENSE.md
README.md
polr
[ policy-reporterv4]$ ll
total 43568
-rw-r--r-- 1 dev 121 1071 Sep 5 16:45 LICENSE.md
-rw-r--r-- 1 root root 11067138 Sep 5 16:55 policy-reporter-cli_0.4.0_Linux_x86_64.tar.gz
-rwxr-xr-x 1 dev 121 33533952 Sep 5 16:48 polr
-rw-r--r-- 1 dev 121 7532 Sep 5 16:45 README.md

[ policy-reporterv4]$ ./polr version
Client Version: 0.3.0

$ md5sum polr
c8ab2dd56e5421a15834d2ab6406f57c polr

The version should be 0.4.0 ?

Was a mistake from my side. Did not dump the version.

so the flag should be available only the version is wrong. I will fix this

I released v0.4.1 to sync the version and automate it. Thanks for your request and trying this tool out. Any feedback Is ver welcome, let me know if you are missing more features.

Thanks for the awesome addition. 👍
I accept that as a valid fix and addition to code.

one observation though, does the plugin polr get result from live data like query api-server ..?

Fail Policy Results

NAMESPACE KIND       NAME                        POLICY                            RULE                            RESULT
ph        Deployment apigateway                  restrict-custom-runtime           autogen-restrict-seccomp        fail
ph        Pod        apigateway-6647cb86dd-ktnnh require-read-only-root-filesystem validate-readOnlyRootFilesystem fail
ph        Pod        apigateway-6647cb86dd-ktnnh require-run-as-non-root           check-containers                fail
ph        Pod        apigateway-6647cb86dd-ktnnh restrict-image-registries         validate-registries             fail
ph        Pod        apigateway-6647cb86dd-sgk4s require-read-only-root-filesystem validate-readOnlyRootFilesystem fail
ph        Pod        apigateway-6647cb86dd-sgk4s require-run-as-non-root           check-containers                fail
ph        Pod        apigateway-6647cb86dd-sgk4s restrict-image-registries         validate-registries             fail
ph        Pod        apigateway-6647cb86dd-znmfg require-read-only-root-filesystem validate-readOnlyRootFilesystem fail
ph        Pod        apigateway-6647cb86dd-znmfg require-run-as-non-root           check-containers                fail
ph        Pod        apigateway-6647cb86dd-znmfg restrict-image-registries         validate-registries             fail

As of now only one pod with this name in this or all nameapsce
$  kubectl get all -A | grep -i apigateway | grep pod
ph                  pod/apigateway-6647cb86dd-ktnnh                       0/1     Running            1 (3m19s ago)    8m19s

as you can see there are 3 Pod's shown there, though only one of them there now, rest two deleted with past deployment
So as of now pod ending -ktnnh is there but no -sgk4s and -znmfg any more (see above output)

This is just a small question fell free to ignore if irreverent. (The issue stand ass close as of now, thx)

It is not the same as query the API Server, the data comes from the REST API of policy-reporter which reflects the value of your PolicyReports.

So if you delete a resource but your PolicyReports still includes results to this resource, it will still be in the output of the CLI.

But after removing a resource, Kyverno should update the PolicyReport in its namespace and remove all results related to this resource as well.

So, can you check if this resources are still part of the PolicyReport in this namespace? If so you could delete the PolicyReport and Kyverno will recreate it without this resources.