Unlock zero-trust policy with SUSE Security Admission Controller now available from the SUSE Application Collection

Is your Kubernetes security policy slowing innovation? At KubeCon North America 2025, SUSE announced the General Availability of the SUSE Security Admission Controller, now delivered exclusively through the SUSE Application Collection for easy trusted consumption complete with VEX, SBOMs, SLSA-3 and more. This enterprise grade distribution of Kubewarden, a project donated by SUSE to the CNCF in 2022, redefines how organizations manage Kubernetes policy and compliance.

The challenge balancing innovation and control

Every platform and security team faces a dilemma. Adopting a powerful policy engine often introduces new complexity. Traditional tools like OPA/Gatekeeper or Kyverno force teams to learn niche policy languages like Rego or YAML formats, creating bottlenecks that slow down development and strain security operations. Only a handful of specialists can author or audit critical policies, leaving developers waiting and compliance teams frustrated.

SUSE believes that you should never have to choose between innovation and security. With the SUSE Security Admission Controller, we make policy enforcement both powerful and practical.

Streamlined for enterprise trust

By delivering the Admission Controller through the SUSE Application Collection, SUSE removes risk, complexity, and maintenance overhead. And a main differentiator with the open source project, Admission Controller is a fully supported, lifecycle managed enterprise solution that can be deployed in minutes. It represents a major shift in how enterprises adopt security policy engines, offering simplicity, speed, and trust.

End the Skills Gap with WebAssembly (Wasm)

The biggest challenge in policy enforcement has always been the language barrier. The SUSE Security Admission Controller is built on WebAssembly (Wasm), which acts as a universal runtime for policies.

This approach gives you unparalleled flexibility, allowing you to write and run policies using the tools that best fit your team’s skills—all without needing specialized Rego expertise.

• Use the Languages You Already Know: Empower developers to write security policies directly in the general-purpose languages they use every day, such as Go, Rust, JavaScript, TypeScript, or C#. This eliminates the learning curve and lets them contribute to security immediately.
• Bring Your Existing Policies: You don’t have to throw away your existing work. Kubewarden can run your current OPA/Gatekeeper policies by compiling them directly to Wasm. Your investment is preserved, and no rewrite is required. We also offer experimental support for running certain types of Kyverno policies.
• Use an SRE-Friendly Language: For DevOps and Sysadmins who find languages like Go or Rust intimidating, you can use CEL (Common Expression Language). CEL is rapidly gaining popularity in the Kubernetes ecosystem as a powerful, expressive alternative that is far easier to learn and tame than Rego.

This Wasm-based strategy embeds policy into your everyday CI/CD workflows and empowers your entire team to contribute to security, leveraging the skills and policies you already have.

The secure supply chain promise

Adopting Wasm based policy engines once meant relying on unsupported community tools. With SUSE’s enterprise delivery model, that risk disappears.

Secure, vetted artifacts 

SUSE Security Admission Controller components are pulled from SUSE’s trusted Application Collection, built and signed by SUSE engineers.

Compliance ready 

Each Controller includes SLSA provenance, SBOMs, and automated dependency updates for lower CVEs.

Enterprise support 

Backed by SUSE’s world class SLAs, the Controller provides predictable, dependable performance for mission critical workloads.

Frictionless for SUSE customers

For existing SUSE customers, adoption is effortless. The Controller installs directly through the same trusted Application Collection used for other SUSE products, eliminating new procurement processes or complex setup steps.

Real world impact trusted compliance and agility

A financial services customer struggling with PCI DSS compliance and a lack of Rego skills deployed the SUSE Security Admission Controller. Within weeks, their developers were leveraging the ready-to-use policies maintained by SUSE, or writing in Go their own policies, and seamlessly integrating them into existing pipelines. Compliance auditors gained the traceability they needed, and the organization achieved secure, automated enforcement without disruption.

The result is compliance met, bottlenecks removed, and teams empowered to innovate securely.

Start building trusted security today

The next era of Kubernetes security is here. Platform and security teams can now deploy a developer friendly policy engine that’s vetted, supported, and built for enterprise scale.

If you’re a SUSE customer the SUSE Security Admission Controller is available now through your familiar Application Collection channel.

Want to learn more? Contact your SUSE representative to see how the SUSE Application Collection delivers secure, enterprise grade components that save time, reduce risk, and accelerate modernization.

Start your journey to freedom Today

Want to hear more about how SUSE can support you to modernize your business with cloud native and AI solutions?

Get in touch with your local SUSE sales team and read about all the KubeCon + CloudNativeCon North America 2025 announcements.

Explore how SUSE Rancher Prime is redefining enterprise Kubernetes operations:

• Learn how SUSE Rancher Prime was recognized in the Gartner® Magic Quadrant™ for Container Management
• Discover insights from the Forrester Wave™ Report on Kubernetes and hybrid cloud strategy
• Read IDC’s ROI study showing 258% ROI and multimillion-dollar benefits for SUSE Rancher Prime customers

Unify your identity. Secure your fleet. Choose Rancher Prime.