Skip to main content


Where does the policy evaluation occur?

Datree's evaluation process in entirely local. Your files and their contents are not sent to our backend, as the CLI performs the policy check on your machine. Only metadata is sent to our backend, which is used to display your policy check history on your dashboard.

What is considered a policy check?

Every time a scan is executed, it's counted as one policy check. If a file pattern that represents several files is passed to the test command (i.e. $ datree test <filePattern>) this scan still counts as one policy check execution. The same goes for a Kubernetes config file that contains several configurations.

For example, if you have two Kubernetes configuration files - demo-app.yaml and prod-app.yaml

If those files are scanned with a single execution:

$ datree test *-app.yaml

*It will be counted as one policy check execution.*

If those files are scanned with two executions:

$ datree test demo-app.yaml

$ datree test prod-app.yaml

*It will be counted as two policy checks executions.*

What is a policy?

A set of rules that is executed together on one or several Kubernetes configurations. Each policy is running as a separate entity and has its own result.

Where can I report a bug or ask for a feature request?

Bugs and features can be opened in the project GitHub repository. All tickets will be answered within three working days max.

Where can I get support?

Do not open issues for general support questions as we want to keep GitHub issues for bug reports and feature requests. Instead, we recommend using "Discussions" to ask support-related questions.

Does the CLI integration support Helm charts?

Yes. Datree also has a Helm plugin that can be accessed through the helm CLI, to provide a seamless experience to Helm users.

Why should I enable a rule that is already validated by kubectl when deploying?

You should always inspire to "shift-left" any validation process. This way, the end-user (e.g. a developer) can receive feedback as soon as possible without the cost of context switching. With Datree, the validation process can start at the CI (and even earlier), instead of waiting for the CD.

Also, the kubectl validation process does not always have a clear-cut error message when failing. This can create confusion for the end-user about what he should fix and how. With Datree, the Kubernetes owner can control the error message and instruct the end-user the appropriate action to take

To conclude, the best practice is to run Datree's policy check before any kubectl validation check.

Do you have an Admission Controller integration?

No, but this is on our roadmap. If you want to join our preview community and be part of our Early Adopter Community, send an email to

Can I customize or add my own rules to a policy?

Yes, you can write any custom rule that you desire and add it to your policies.

Can I host the Dashboard data myself?

No, although we are looking to build an on-premise version of the Dashboard for use in private clouds.