diff --git a/.github/ISSUE_TEMPLATE/bug-cli.yaml b/.github/ISSUE_TEMPLATE/bug-cli.yaml
index 8806d1a2f791..0b151db7e67a 100644
--- a/.github/ISSUE_TEMPLATE/bug-cli.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-cli.yaml
@@ -44,6 +44,7 @@ body:
         - 1.12.2
         - 1.12.3
         - 1.12.4
+        - 1.12.5
     validations:
       required: true
   - type: textarea
diff --git a/.github/ISSUE_TEMPLATE/bug-other.yaml b/.github/ISSUE_TEMPLATE/bug-other.yaml
index 693bfacc1355..ea3af73841f5 100644
--- a/.github/ISSUE_TEMPLATE/bug-other.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-other.yaml
@@ -43,6 +43,7 @@ body:
         - 1.12.2
         - 1.12.3
         - 1.12.4
+        - 1.12.5
     validations:
       required: true
   - type: textarea
diff --git a/.github/ISSUE_TEMPLATE/bug-webhook.yaml b/.github/ISSUE_TEMPLATE/bug-webhook.yaml
index 46e05eb918b5..e4ba65808bc1 100644
--- a/.github/ISSUE_TEMPLATE/bug-webhook.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-webhook.yaml
@@ -43,6 +43,7 @@ body:
         - 1.12.2
         - 1.12.3
         - 1.12.4
+        - 1.12.5
     validations:
       required: true
   - type: dropdown
diff --git a/.github/workflows/clean-stale-branches.yaml b/.github/workflows/clean-stale-branches.yaml
index af0025905084..48b123cabe17 100644
--- a/.github/workflows/clean-stale-branches.yaml
+++ b/.github/workflows/clean-stale-branches.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Cleanup Stale Branches
-        uses: cbrgm/cleanup-stale-branches-action@d0f8b6440d1a5eb71cec3ebe376d83a74b901ca0 # v1.1.18
+        uses: cbrgm/cleanup-stale-branches-action@03d7d18e1a5ca5663846c6399e0614941d4985c3 # v1.1.19
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ github.repository }}
diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml
index f8055be01d99..5f9efdf6361d 100644
--- a/.github/workflows/conformance.yaml
+++ b/.github/workflows/conformance.yaml
@@ -646,7 +646,7 @@ jobs:
         uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
       # create cluster
       - name: Create kind cluster and setup Sigstore Scaffolding
-        uses: sigstore/scaffolding/actions/setup@bfc40f4d3aa430f28cec9c68b628df983601810e
+        uses: sigstore/scaffolding/actions/setup@634364a897dff805b1a26ab18abaefe379616785
         with:
           version: main
           k8s-version: ${{ matrix.k8s-version.version }}
diff --git a/.github/workflows/devcontainer-build.yaml b/.github/workflows/devcontainer-build.yaml
index fb9090ba9db3..064c2bba4fd6 100644
--- a/.github/workflows/devcontainer-build.yaml
+++ b/.github/workflows/devcontainer-build.yaml
@@ -23,7 +23,7 @@ jobs:
       - name: Build devcontainer image
         run: docker build .devcontainer   
       - name: Trivy Scan Image
-        uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true
diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml
index f28f2ff2e103..41b8c37245b8 100644
--- a/.github/workflows/helm-release.yaml
+++ b/.github/workflows/helm-release.yaml
@@ -25,7 +25,7 @@ jobs:
       - name: Setup build env
         uses: ./.github/actions/setup-build-env
         timeout-minutes: 10
-      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+      - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
         with:
           python-version: 3.7
       - name: Set up chart-testing
diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml
index 4cb8a85f737e..a246d3bcd69d 100644
--- a/.github/workflows/helm-test.yaml
+++ b/.github/workflows/helm-test.yaml
@@ -33,7 +33,7 @@ jobs:
         uses: ./.github/actions/setup-build-env
         timeout-minutes: 10
       - name: Setup python
-        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
         with:
           python-version: 3.7
       - name: Set up chart-testing
diff --git a/.github/workflows/images-build.yaml b/.github/workflows/images-build.yaml
index 3b6f0dfcf46b..90b6b5e45e57 100644
--- a/.github/workflows/images-build.yaml
+++ b/.github/workflows/images-build.yaml
@@ -31,7 +31,7 @@ jobs:
       - name: ko build
         run: VERSION=${{ github.ref_name }} make ko-build-all
       - name: Trivy Scan Image
-        uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true
diff --git a/.github/workflows/images-publish.yaml b/.github/workflows/images-publish.yaml
index 4801aa79c681..3bd54fd9be09 100644
--- a/.github/workflows/images-publish.yaml
+++ b/.github/workflows/images-publish.yaml
@@ -40,7 +40,7 @@ jobs:
         uses: ./.github/actions/setup-build-env
         timeout-minutes: 30
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index ed94164bcb56..0e678289c3c8 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -33,7 +33,7 @@ jobs:
         uses: ./.github/actions/setup-build-env
         timeout-minutes: 10
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v3.7.1
+        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v3.7.1
         with:
           version: v1.54.2
           skip-cache: true
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 8effe82e8aca..72d487649df4 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -35,7 +35,7 @@ jobs:
         uses: ./.github/actions/setup-build-env
         timeout-minutes: 30
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true
@@ -300,7 +300,7 @@ jobs:
           file_glob: true
           tag: ${{ github.ref }}
       - name: Login to GHCR
-        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
diff --git a/.github/workflows/report-on-vulnerabilities.yaml b/.github/workflows/report-on-vulnerabilities.yaml
index f0d0685ac841..aec28c50230d 100644
--- a/.github/workflows/report-on-vulnerabilities.yaml
+++ b/.github/workflows/report-on-vulnerabilities.yaml
@@ -30,7 +30,7 @@ jobs:
         echo "releasebranch2=$releasebranch2" >> $GITHUB_OUTPUT
     
     - name: Scan for vulnerabilities in latest image
-      uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.8.0 (Trivy v0.34.0)
+      uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.8.0 (Trivy v0.34.0)
 
       with: 
         image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
@@ -40,7 +40,7 @@ jobs:
         output: scan1.json
 
     - name: Scan for vulnerabilities in latest-1 image
-      uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.8.0 (Trivy v0.34.0)
+      uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.8.0 (Trivy v0.34.0)
       with: 
         image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-branches.outputs.releasebranch1 }}
         format: json
@@ -49,7 +49,7 @@ jobs:
         output: scan2.json
 
     - name: Scan for vulnerabilities in latest-2 image
-      uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.8.0 (Trivy v0.34.0)
+      uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.8.0 (Trivy v0.34.0)
       with: 
         image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-branches.outputs.releasebranch2 }}
         format: json
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
index 75b81f1e8167..798e0fe53e35 100644
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -27,7 +27,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Run analysis
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -40,6 +40,6 @@ jobs:
           path: results.sarif
           retention-days: 5
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
+        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           sarif_file: results.sarif
diff --git a/.nancy-ignore b/.nancy-ignore
index b52e57abcf50..8bde1744cc5d 100644
--- a/.nancy-ignore
+++ b/.nancy-ignore
@@ -1,6 +1,6 @@
-# golang/k8s.io/apiserver@v0.29.2
-CVE-2020-8561 until=2024-06-30
-# golang/github.com/notaryproject/notation-go@v1.1.0
-CVE-2024-23332 until=2024-06-30
-# golang/github.com/hashicorp/vault/api@v1.12.2
-CVE-2024-2660 until=2024-06-30
+# golang/k8s.io/apiserver@v0.30.1
+CVE-2020-8561 until=2024-12-30
+# golang/github.com/notaryproject/notation-go@v1.1.1
+CVE-2024-23332 until=2024-12-30
+# golang/github.com/hashicorp/vault/api@v1.14.0
+CVE-2024-2660 until=2024-12-30
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
index 7d3ef13fea21..f8848736e2a9 100644
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -1,36 +1,6 @@
-# Kyverno Community Code of Conduct v1.0
+# Code of Conduct
 
-## Contributor Code of Conduct
+[Kyverno and its sub-projects](https://github.com/kyverno#projects) follow the Code of Conduct published and maintained at https://github.com/kyverno/community/blob/main/CODE_OF_CONDUCT.md.
+ 
 
-As contributors and maintainers of this project, and in the interest of fostering
-an open and welcoming community, we pledge to respect all people who contribute
-through reporting issues, posting feature requests, updating documentation,
-submitting pull requests or patches, and other activities.
 
-We are committed to making participation in this project a harassment-free experience for
-everyone, regardless of level of experience, gender, gender identity and expression,
-sexual orientation, disability, personal appearance, body size, race, ethnicity, age,
-religion, or nationality.
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery
-* Personal attacks
-* Trolling or insulting/derogatory comments
-* Public or private harassment
-* Publishing other's private information, such as physical or electronic addresses, without explicit permission
-* Other unethical or unprofessional conduct.
-
-Project maintainers have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions that are not
-aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers
-commit themselves to fairly and consistently applying these principles to every aspect
-of managing this project. Project maintainers who do not follow or enforce the Code of
-Conduct may be permanently removed from the project team.
-
-This code of conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community.
-
-Instances of abusive, harassing, or otherwise unacceptable behavior in Kubernetes may be reported by contacting the project maintainer(s).
-
-This Code of Conduct is adapted from the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md) and the [Contributor Covenant](https://www.contributor-covenant.org/), [version 1.2.0](https://www.contributor-covenant.org/version/1/2/0/code-of-conduct/).
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d7a73ec83b37..414a239e4b29 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,46 +1,24 @@
-# Contributing Guidelines for Kyverno
+# Contributor Guidelines for Kyverno
 
-We welcome all contributions, suggestions, and feedback, so please do not hesitate to reach out!
+[Kyverno and its sub-projects](https://github.com/kyverno#projects) follow the contributor guidelines published at: https://github.com/kyverno/community/blob/main/CODE_OF_CONDUCT.md.
 
-Before you contribute, please take a moment to review and agree to abide by our community [Code of Conduct](/CODE_OF_CONDUCT.md).
+Please review the general guidelines before proceeding further to the project specific information below.
 
-- [Contributing Guidelines for Kyverno](#contributing-guidelines-for-kyverno)
-  - [Engage with us](#engage-with-us)
-  - [Ways you can contribute](#ways-you-can-contribute)
-    - [1. Report issues](#1-report-issues)
-    - [2. Fix or Improve Documentation](#2-fix-or-improve-documentation)
-    - [3. Submit Pull Requests](#3-submit-pull-requests)
-      - [How to Create a PR](#how-to-create-a-pr)
-      - [Developer Certificate of Origin (DCO) Sign off](#developer-certificate-of-origin-dco-sign-off)
-  - [Release Processes](#release-processes)
+### Fix or Improve Kyverno Documentation
 
-## Engage with us
-
-The Kyverno website has the most updated information on [how to engage with the Kyverno community](https://kyverno.io/community/) including its maintainers and contributors. There are three classes of contributors possible: Contributor, Code Owner, and Maintainer. Please see the [Contributing section on the website](https://kyverno.io/community/#contributing) for the requirements and privileges afforded to each.
-
-Join our community meetings to learn more about Kyverno and engage with other contributors.
-
-## Ways you can contribute
-
-### 1. Report issues
-
-Issues to Kyverno help improve the project in multiple ways including the following:
-
-- Report potential bugs
-- Request a feature
-- Request a sample policy
+The [Kyverno website](https://kyverno.io), like the main Kyverno codebase, is stored in its own [git repo](https://github.com/kyverno/website). To get started with contributions to the documentation, [follow the guide](https://github.com/kyverno/website#contributing) on that repository.
 
-### 2. Fix or Improve Documentation
+### Developer Guides
 
-The [Kyverno website](https://kyverno.io), like the main Kyverno codebase, is stored in its own [git repo](https://github.com/kyverno/website). To get started with contributions to the documentation, [follow the guide](https://github.com/kyverno/website#contributing) on that repository.
+To learn about the code base and developer processes, refer to the [development guide](/DEVELOPMENT.md).
 
-### 3. Submit Pull Requests
+### Good First Issues
 
-[Pull requests](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests) (PRs) allow you to contribute back the changes you've made on your side enabling others in the community to benefit from your hard work. They are the main source by which all changes are made to this project and are a standard piece of GitHub operational flows.
+Maintainers identify issues that are ideal for new contributors with a `good first issue` label.
 
-New contributors may easily view all [open issues labeled as good first issues](https://github.com/kyverno/kyverno/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) allowing you to get started in an approachable manner.
+View all Kyverno [good first issues](https://github.com/kyverno/kyverno/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22).
 
-Once you wish to get started contributing to the code base, please refer to our [development guide](/DEVELOPMENT.md) for a how-to.
+### Pull Request Guidelines
 
 In the process of submitting your PRs, please read and abide by the template provided to ensure the maintainers are able to understand your changes and quickly come up to speed. There are some important pieces that are required outside the code itself. Some of these are up to you, others are up to the maintainers.
 
@@ -49,99 +27,6 @@ In the process of submitting your PRs, please read and abide by the template pro
 3. Test your change with the [Kyverno CLI](https://kyverno.io/docs/kyverno-cli/) and provide a test manifest in the proper format. If your feature/fix does not work with the CLI, a separate issue requesting CLI support must be made. For changes which can be tested as an end user, we require conformance/e2e tests by using the `chainsaw` tool. See [here](https://github.com/kyverno/kyverno/tree/main/test/conformance/chainsaw/README.md) for a specific guide on how and when to write these tests.
 4. Indicate which release this PR is triaged for (maintainers). This step is important especially for the documentation maintainers in order to understand when and where the necessary changes should be made.
 
-#### How to Create a PR
-
-Head over to the project repository on GitHub and click the **"Fork"** button. With the forked copy, you can try new ideas and implement changes to the project.
-
-1. **Clone the repository to your device:**
-
-Get the link of your forked repository, paste it in your device terminal and clone it using the command.
-
-```sh
-git clone https://hostname/YOUR-USERNAME/YOUR-REPOSITORY
-```
-
-2. **Create a branch:**
-
-Create a new brach and navigate to the branch using this command.
-
-```sh
-git checkout -b <new-branch>
-```
-
-Great, it's time to start hacking! You can now go ahead to make all the changes you want.
-
-3. **Stage, Commit, and Push changes:**
-
-Now that we have implemented the required changes, use the command below to stage the changes and commit them.
-
-```sh
-git add .
-```
-
-```sh
-git commit -s -m "Commit message"
-```
-
-The `-s` signifies that you have signed off the commit.
-
-Go ahead and push your changes to GitHub using this command.
-
-```sh
-git push
-```
-
-#### Cherry-pick PRs to release branches
-
-Add repository as remote 
-
-```sh
-git remote add <name> https://github.com/kyverno/kyverno
-```
-Then fetch the branches of remote:
-
-```sh
-git fetch <name>
-```
-
- You will notice that there are a number of branches related to Kyverno's releases such as release-1.7. You can always view the list of remote branches by using the command below:
-
-```sh
-$ git branch -r
-...
-origin/release-1.5
-origin/release-1.6
-origin/release-1.7
-```
-
-Checkout one of the release branch and cherry-pick the PRs you want to merge into the release branch:
-
-```sh
-$ git checkout release-1.7
-
-git cherry-pick <commit-hash> -s
-
-git push --set-upstream origin release-1.7
-```
-
-Once the commit has been cherry-picked, the author will need to open a PR merging to the release branch, release-1.7 for example.
-
-#### Developer Certificate of Origin (DCO) Sign off
-
-For contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project, we are requiring everyone to acknowledge this by signing their work which indicates you agree to the DCO found [here](https://developercertificate.org/).
-
-To sign your work, just add a line like this at the end of your commit message:
-
-```sh
-Signed-off-by: Random J Developer <random@developer.example.org>
-```
-
-This can easily be done with the `-s` command line option to append this automatically to your commit message.
-
-```sh
-git commit -s -m 'This is my commit message'
-```
-
 ## Release Processes
 
 Review the Kyverno release process at: https://kyverno.io/docs/releases/
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
index bfa71a7b9382..9e7fc84072f9 100644
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -455,14 +455,27 @@ You can get at the application in the pod by port forwarding with kubectl, for e
 
 ````shell
 $ kubectl -n kyverno get pod
-NAME                       READY   STATUS    RESTARTS   AGE
-kyverno-7d67c967c6-slbpr   1/1     Running   0          19s
+NAME                                             READY   STATUS      RESTARTS       AGE
+kyverno-admission-controller-57df6c565f-pxpnh    1/1     Running     0              20s
+kyverno-background-controller-766589695-dhj9m    1/1     Running     0              20s
+kyverno-cleanup-controller-54466dfbc6-5mlrc      1/1     Running     0              19s
+kyverno-cleanup-update-requests-28695530-ft975   1/1     Running     0              19s
+kyverno-reports-controller-76c49549f4-tljwm      1/1     Running     0              20s
 ````
 
+Check the port of the pod you'd like to forward using the command below.
+
+````bash
+$ kubectl get pod kyverno-admission-controller-57df6c565f-pxpnh -n kyverno  --template='{{(index (index .spec.containers 0).ports 0).containerPort}}{{"\n"}}'
+9443
+````
+
+Use the exposed port from above to run port-forward with the below command.
+
 ````bash
-$ kubectl -n kyverno port-forward kyverno-7d67c967c6-slbpr 6060
-Forwarding from 127.0.0.1:6060 -> 6060
-Forwarding from [::1]:6060 -> 6060
+$ kubectl -n kyverno port-forward kyverno-admission-controller-57df6c565f-pxpnh 6060:9443
+Forwarding from 127.0.0.1:6060 -> 9443
+Forwarding from [::1]:6060 -> 9443
 ````
 
 The HTTP endpoint will now be available as a local port.
diff --git a/GOVERNANCE.md b/GOVERNANCE.md
index 139a135470ef..66ae53316445 100644
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@@ -1,39 +1,3 @@
 # Kyverno Governance
 
-This document defines governance policies for the Kyverno project.
-
-- [Principles](#principles)
-- [Code of Conduct](#code-of-conduct)
-- [Meetings](#meetings)
-- [Roles and Process in the Kyverno Community](#roles)
-- [Conflict Resolutions](#conflict-resolutions)
-- [Changes](#changes)
-- [Credits](#credits)
-
-## Principles
-The Kyverno project community adheres to the following principles:
-
-- Open: The Kyverno community strives to be open, accessible and welcoming to everyone. Anyone may contribute, and contributions are available to all users according to open source values and licenses.
-- Transparent and accessible: Any changes to the Kyverno source code and collaborations on the project are publicly accessible (GitHub issues, PRs, and discussions).
-- Merit: Ideas and contributions are accepted according to their technical merit and alignment with project objectives, scope, and design principles.
-
-
-## Code of Conduct
-Kyverno follow the [Code of Conduct](CODE_OF_CONDUCT.md), which is aligned with the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
-
-## Meetings
-Kyverno community meetings follow a defined [schedule](https://kyverno.io/community/#community-meetings).
-
-The maintainers will also have closed meetings in order to discuss security reports or Code of Conduct violations. Such meetings should be scheduled by any maintainer on receipt of a security issue or CoC report. All current Maintainers must be invited to such closed meetings, except for any maintainer who is accused of a CoC violation.
-
-## Roles
-The Kyverno project welcomes all contributors and has well-defined roles specified at [Project Roles](https://kyverno.io/community/#project-roles).
-
-## Conflict Resolutions
-Typically, it is assumed that disputes will be resolved amicably by those involved. However, if the situation becomes more serious, conflicts will be resolved through a voting process. A supermajority of votes from project maintainers is required to make a decision, and the project lead has the final say in the ruling.
-
-## Changes
-This Project Governance is a living document. All key project changes including changes in project governance can be proposed by a GitHub PR and then reviewed and voted on by project maintainers.
-
-## Credits
-Sections of this document have been borrowed from the [CoreDNS](https://github.com/coredns/coredns/blob/master/GOVERNANCE.md) and [fluxcd](https://github.com/fluxcd/community/blob/main/GOVERNANCE.md) projects.
\ No newline at end of file
+[Kyverno and its sub-projects](https://github.com/kyverno#projects) follow the governance published and maintained at https://github.com/kyverno/community/blob/main/GOVERNANCE.md.
diff --git a/README.md b/README.md
index 782de911c3b9..75db6e5321fc 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@
 <a href="https://kyverno.io" rel="kyverno.io">![logo](img/Kyverno_Horizontal.png)</a>
 
 <p class="callout info" style="font-size: 100%;">
-Kyverno is a policy engine designed for Kubernetes platform engineering teams. It enables security, automation, compliance, and governance using policy-as-code. Kyverno can validate, mutate, generate, and cleanup configurations using Kubernetes admission controls, background scans, and source code respository scans. Kyverno policies can be managed as Kubernetes resources and do not require learning a new language. Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git.
+Kyverno is a policy engine designed for cloud native platform engineering teams. It enables security, automation, compliance, and governance using policy-as-code. Kyverno can validate, mutate, generate, and cleanup configurations using Kubernetes admission controls, background scans, and source code respository scans. Kyverno policies can also be used to verify OCI images, for software supply chain security. Kyverno policies can be managed as Kubernetes resources and do not require learning a new language. Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git.
 </p>
 
 <a href="https://opensourcesecurityindex.io/" target="_blank" rel="noopener"> <img
@@ -46,9 +46,9 @@ We are here to help!
 
 👉 For discussions or questions, join the [Kyverno Slack channel](https://slack.k8s.io/#kyverno).
 
-👉 For community meeting access, join the [mailing list](https://groups.google.com/g/kyverno).
+👉 For community meeting access, see [mailing list](https://kyverno.io/community/#community-meetings).
 
-👉 To get updates ⭐️ [star this repository](https://github.com/kyverno/kyverno/stargazers).
+👉 To get follow updates ⭐️ [star this repository](https://github.com/kyverno/kyverno/stargazers).
 
 ## ➕ Contributing
 
diff --git a/SECURITY.md b/SECURITY.md
index 40f7f665d9e9..3bea512b31e6 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,34 +1,3 @@
 # Security Policy
-The Kyverno community has adopted this security disclosures and response policy to ensure we responsibly handle critical issues.
 
-## Security bulletins
-For information regarding the security of this project please join our [slack channel](https://slack.k8s.io/#kyverno).
-
-## Reporting a Vulnerability
-### When you should?
-- You think you discovered a potential security vulnerability in Kyverno.
-- You are unsure how a vulnerability affects Kyverno.
-- You think you discovered a vulnerability in another project that Kyverno depends on. For projects with their own vulnerability reporting and disclosure process, please report it directly there.
-
-### When you should not?
-- You need help tuning Kyverno components for security - please discuss this is in the Kyverno [slack channel](https://slack.k8s.io/#kyverno).
-- You need help applying security-related updates.
-- Your issue is not security-related.
-
-### Please use the below process to report a vulnerability to the project:
-1. Email the **Kyverno security group at kyverno-security@googlegroups.com**
-    * Emails should contain:
-        * description of the problem
-        * precise and detailed steps (include screenshots) that created the problem
-        * the affected version(s)
-        * any possible mitigations, if known
-2. The project security team will send an initial response to the disclosure in 3-5 days. Once the vulnerability and fix are confirmed, the team will plan to release the fix in 7 to 28 days based on the severity and complexity.
-3. You may be contacted by a project maintainer to further discuss the reported item. Please bear with us as we seek to understand the breadth and scope of the reported problem, recreate it, and confirm if there is a vulnerability present.
-
-## Supported Versions
-Kyverno versions follow [Semantic Versioning](https://semver.org/) terminology and are expressed as x.y.z:
-- where x is the major version
-- y is the minor version
-- and z is the patch version
-
-Security fixes, may be backported to the three most recent minor releases, depending on severity and feasibility. Patch releases are cut from those branches periodically, plus additional urgent releases, when required.
\ No newline at end of file
+[Kyverno and its sub-projects](https://github.com/kyverno#projects) follow the security practices published and maintained at https://github.com/kyverno/community/blob/main/SECURITY.md.
diff --git a/api/kyverno/v1/common_types.go b/api/kyverno/v1/common_types.go
index cee5da6d7160..5592dabb307d 100644
--- a/api/kyverno/v1/common_types.go
+++ b/api/kyverno/v1/common_types.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	"github.com/kyverno/kyverno/pkg/engine/variables/regex"
 	"github.com/kyverno/kyverno/pkg/pss/utils"
 	"github.com/sigstore/k8s-manifest-sigstore/pkg/k8smanifest"
@@ -119,7 +120,9 @@ type ContextEntry struct {
 type Variable struct {
 	// Value is any arbitrary JSON object representable in YAML or JSON form.
 	// +optional
-	Value *apiextv1.JSON `json:"value,omitempty" yaml:"value,omitempty"`
+	// +kubebuilder:validation:Schemaless
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Value *kyverno.Any `json:"value,omitempty" yaml:"value,omitempty"`
 
 	// JMESPath is an optional JMESPath Expression that can be used to
 	// transform the variable.
@@ -129,7 +132,25 @@ type Variable struct {
 	// Default is an optional arbitrary JSON object that the variable may take if the JMESPath
 	// expression evaluates to nil
 	// +optional
-	Default *apiextv1.JSON `json:"default,omitempty" yaml:"default,omitempty"`
+	// +kubebuilder:validation:Schemaless
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Default *kyverno.Any `json:"default,omitempty" yaml:"default,omitempty"`
+}
+
+func (v *Variable) GetValue() any {
+	return kyverno.FromAny(v.Value)
+}
+
+func (v *Variable) SetValue(in any) {
+	v.Value = kyverno.ToAny(in)
+}
+
+func (v *Variable) GetDefault() any {
+	return kyverno.FromAny(v.Default)
+}
+
+func (v *Variable) SetDefault(in any) {
+	v.Default = kyverno.ToAny(in)
 }
 
 // ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image
@@ -406,7 +427,16 @@ type ForEachMutation struct {
 
 	// Foreach declares a nested foreach iterator
 	// +optional
-	ForEachMutation *apiextv1.JSON `json:"foreach,omitempty" yaml:"foreach,omitempty"`
+	// +kubebuilder:validation:Schemaless
+	// +kubebuilder:pruning:PreserveUnknownFields
+	ForEachMutation *ForEachMutationWrapper `json:"foreach,omitempty" yaml:"foreach,omitempty"`
+}
+
+func (m *ForEachMutation) GetForEachMutation() []ForEachMutation {
+	if m.ForEachMutation == nil {
+		return nil
+	}
+	return m.ForEachMutation.Items
 }
 
 func (m *ForEachMutation) GetPatchStrategicMerge() apiextensions.JSON {
@@ -669,7 +699,16 @@ type ForEachValidation struct {
 
 	// Foreach declares a nested foreach iterator
 	// +optional
-	ForEachValidation *apiextv1.JSON `json:"foreach,omitempty" yaml:"foreach,omitempty"`
+	// +kubebuilder:validation:Schemaless
+	// +kubebuilder:pruning:PreserveUnknownFields
+	ForEachValidation *ForEachValidationWrapper `json:"foreach,omitempty" yaml:"foreach,omitempty"`
+}
+
+func (v *ForEachValidation) GetForEachValidation() []ForEachValidation {
+	if v.ForEachValidation == nil {
+		return nil
+	}
+	return v.ForEachValidation.Items
 }
 
 func (v *ForEachValidation) GetPattern() apiextensions.JSON {
diff --git a/api/kyverno/v1/wrappers.go b/api/kyverno/v1/wrappers.go
new file mode 100644
index 000000000000..710bfd0dcccc
--- /dev/null
+++ b/api/kyverno/v1/wrappers.go
@@ -0,0 +1,79 @@
+package v1
+
+import (
+	"encoding/json"
+
+	"github.com/jinzhu/copier"
+)
+
+// ForEachValidationWrapper contains a list of ForEach descriptors.
+// +k8s:deepcopy-gen=false
+type ForEachValidationWrapper struct {
+	// Item is a descriptor on how to iterate over the list of items.
+	// +optional
+	Items []ForEachValidation `json:"-"`
+}
+
+func (in *ForEachValidationWrapper) DeepCopyInto(out *ForEachValidationWrapper) {
+	if err := copier.Copy(out, in); err != nil {
+		panic("deep copy failed")
+	}
+}
+
+func (in *ForEachValidationWrapper) DeepCopy() *ForEachValidationWrapper {
+	if in == nil {
+		return nil
+	}
+	out := new(ForEachValidationWrapper)
+	in.DeepCopyInto(out)
+	return out
+}
+
+func (a *ForEachValidationWrapper) MarshalJSON() ([]byte, error) {
+	return json.Marshal(a.Items)
+}
+
+func (a *ForEachValidationWrapper) UnmarshalJSON(data []byte) error {
+	var res []ForEachValidation
+	if err := json.Unmarshal(data, &res); err != nil {
+		return err
+	}
+	a.Items = res
+	return nil
+}
+
+// ForEachMutationWrapper contains a list of ForEach descriptors.
+// +k8s:deepcopy-gen=false
+type ForEachMutationWrapper struct {
+	// Item is a descriptor on how to iterate over the list of items.
+	// +optional
+	Items []ForEachMutation `json:"-"`
+}
+
+func (in *ForEachMutationWrapper) DeepCopyInto(out *ForEachMutationWrapper) {
+	if err := copier.Copy(out, in); err != nil {
+		panic("deep copy failed")
+	}
+}
+
+func (in *ForEachMutationWrapper) DeepCopy() *ForEachMutationWrapper {
+	if in == nil {
+		return nil
+	}
+	out := new(ForEachMutationWrapper)
+	in.DeepCopyInto(out)
+	return out
+}
+
+func (a *ForEachMutationWrapper) MarshalJSON() ([]byte, error) {
+	return json.Marshal(a.Items)
+}
+
+func (a *ForEachMutationWrapper) UnmarshalJSON(data []byte) error {
+	var res []ForEachMutation
+	if err := json.Unmarshal(data, &res); err != nil {
+		return err
+	}
+	a.Items = res
+	return nil
+}
diff --git a/api/kyverno/v1/zz_generated.deepcopy.go b/api/kyverno/v1/zz_generated.deepcopy.go
index 571a9df4910a..a2e740189167 100755
--- a/api/kyverno/v1/zz_generated.deepcopy.go
+++ b/api/kyverno/v1/zz_generated.deepcopy.go
@@ -565,8 +565,7 @@ func (in *ForEachMutation) DeepCopyInto(out *ForEachMutation) {
 	}
 	if in.ForEachMutation != nil {
 		in, out := &in.ForEachMutation, &out.ForEachMutation
-		*out = new(apiextensionsv1.JSON)
-		(*in).DeepCopyInto(*out)
+		*out = (*in).DeepCopy()
 	}
 	return
 }
@@ -618,8 +617,7 @@ func (in *ForEachValidation) DeepCopyInto(out *ForEachValidation) {
 	}
 	if in.ForEachValidation != nil {
 		in, out := &in.ForEachValidation, &out.ForEachValidation
-		*out = new(apiextensionsv1.JSON)
-		(*in).DeepCopyInto(*out)
+		*out = (*in).DeepCopy()
 	}
 	return
 }
@@ -1678,13 +1676,11 @@ func (in *Variable) DeepCopyInto(out *Variable) {
 	*out = *in
 	if in.Value != nil {
 		in, out := &in.Value, &out.Value
-		*out = new(apiextensionsv1.JSON)
-		(*in).DeepCopyInto(*out)
+		*out = (*in).DeepCopy()
 	}
 	if in.Default != nil {
 		in, out := &in.Default, &out.Default
-		*out = new(apiextensionsv1.JSON)
-		(*in).DeepCopyInto(*out)
+		*out = (*in).DeepCopy()
 	}
 	return
 }
diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index cc4df33b3b54..25dbe344b173 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -728,7 +728,7 @@ The chart values are organised per component.
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| cleanupJobs.updateRequests.enabled | bool | `true` | Enable cleanup cronjob |
+| cleanupJobs.updateRequests.enabled | bool | `false` | Enable cleanup cronjob |
 | cleanupJobs.updateRequests.backoffLimit | int | `3` | Maximum number of retries before considering a Job as failed. Defaults to 3. |
 | cleanupJobs.updateRequests.ttlSecondsAfterFinished | string | `""` | Time until the pod from the cronjob is deleted |
 | cleanupJobs.updateRequests.image.registry | string | `nil` | Image registry |
diff --git a/charts/kyverno/templates/hooks/pre-delete-configmap.yaml b/charts/kyverno/templates/hooks/pre-delete-configmap.yaml
index 1e225c93615e..116fdc848537 100644
--- a/charts/kyverno/templates/hooks/pre-delete-configmap.yaml
+++ b/charts/kyverno/templates/hooks/pre-delete-configmap.yaml
@@ -36,7 +36,6 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: {{ template "kyverno.fullname" . }}:remove-configmap
-  namespace: {{ template "kyverno.namespace" . }}
 subjects:
   - kind: ServiceAccount
     name: {{ template "kyverno.fullname" . }}-remove-configmap
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index 42f0d0974e90..02de664dfe7d 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -687,7 +687,7 @@ cleanupJobs:
   updateRequests:
 
     # -- Enable cleanup cronjob
-    enabled: true
+    enabled: false
 
     # -- Maximum number of retries before considering a Job as failed. Defaults to 3.
     backoffLimit: 3
diff --git a/cmd/cli/kubectl-kyverno/commands/test/output.go b/cmd/cli/kubectl-kyverno/commands/test/output.go
index d37d955c2aee..eee1cb17e197 100644
--- a/cmd/cli/kubectl-kyverno/commands/test/output.go
+++ b/cmd/cli/kubectl-kyverno/commands/test/output.go
@@ -90,7 +90,7 @@ func printCheckResult(
 					// patchedTargetSubresourceName string
 					// podSecurityChecks contains pod security checks (only if this is a pod security rule)
 					"podSecurityChecks": rule.PodSecurityChecks(),
-					"exception ":        rule.Exception(),
+					"exceptions":        rule.Exceptions(),
 				}
 				if check.Assert.Value != nil {
 					errs, err := assert.Assert(ctx, nil, assert.Parse(ctx, check.Assert.Value), data, nil)
diff --git a/cmd/cli/kubectl-kyverno/processor/policy_processor.go b/cmd/cli/kubectl-kyverno/processor/policy_processor.go
index 415191dfed23..f7235f4c93df 100644
--- a/cmd/cli/kubectl-kyverno/processor/policy_processor.go
+++ b/cmd/cli/kubectl-kyverno/processor/policy_processor.go
@@ -254,7 +254,7 @@ func (p *PolicyProcessor) makePolicyContext(
 			return nil, fmt.Errorf("failed to update old resource in json context (%w)", err)
 		}
 	}
-	if p.Client != nil && len(namespaceLabels) == 0 && resource.GetKind() != "Namespace" {
+	if p.Client != nil && len(namespaceLabels) == 0 && resource.GetKind() != "Namespace" && resource.GetNamespace() != "" {
 		ns, err := p.Client.GetResource(context.TODO(), "v1", "Namespace", "", resource.GetNamespace())
 		if err != nil {
 			log.Log.Error(err, "failed to get the resource's namespace")
diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml
index f061435a6a5a..0ca855e3a4c0 100644
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@@ -45333,53 +45333,3 @@ spec:
       volumes:
       - name: sigstore
         emptyDir: {}
----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: kyverno-cleanup-update-requests
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: cleanup
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: latest
-spec:
-  schedule: "*/10 * * * *"
-  concurrencyPolicy: Forbid
-  successfulJobsHistoryLimit: 1
-  failedJobsHistoryLimit: 1
-  jobTemplate:
-    spec:
-      backoffLimit: 3
-      template:
-        metadata:
-        spec:
-          serviceAccountName: kyverno-cleanup-jobs
-          containers:
-          - name: cleanup
-            image: "bitnami/kubectl:1.30.2"
-            imagePullPolicy: 
-            command:
-            - /bin/bash
-            - -c
-            - |
-              set -euo pipefail
-              COUNT=$(kubectl get updaterequests.kyverno.io -A | wc -l)
-              if [ "$COUNT" -gt 10000 ]; then
-                echo "too many updaterequests found ($COUNT), cleaning up..."
-                kubectl delete updaterequests.kyverno.io --all -n kyverno
-              else
-                echo "($COUNT) reports found, no clean up needed"
-              fi
-            securityContext:
-              allowPrivilegeEscalation: false
-              capabilities:
-                drop:
-                - ALL
-              privileged: false
-              readOnlyRootFilesystem: true
-              runAsNonRoot: true
-              seccompProfile:
-                type: RuntimeDefault
-          restartPolicy: OnFailure
diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html
index d755e58da8c8..13d4807a30bd 100644
--- a/docs/user/crd/index.html
+++ b/docs/user/crd/index.html
@@ -1615,6 +1615,7 @@ <h3 id="kyverno.io/v1.ForEachMutation">ForEachMutation
 </h3>
 <p>
 (<em>Appears on:</em>
+<a href="#kyverno.io/v1.ForEachMutationWrapper">ForEachMutationWrapper</a>, 
 <a href="#kyverno.io/v1.Mutation">Mutation</a>)
 </p>
 <p>
@@ -1718,8 +1719,8 @@ <h3 id="kyverno.io/v1.ForEachMutation">ForEachMutation
 <td>
 <code>foreach</code><br/>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
-Kubernetes apiextensions/v1.JSON
+<a href="#kyverno.io/v1.ForEachMutationWrapper">
+ForEachMutationWrapper
 </a>
 </em>
 </td>
@@ -1731,10 +1732,45 @@ <h3 id="kyverno.io/v1.ForEachMutation">ForEachMutation
 </tbody>
 </table>
 <hr />
+<h3 id="kyverno.io/v1.ForEachMutationWrapper">ForEachMutationWrapper
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v1.ForEachMutation">ForEachMutation</a>)
+</p>
+<p>
+<p>ForEachMutationWrapper contains a list of ForEach descriptors.</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>-</code><br/>
+<em>
+<a href="#kyverno.io/v1.ForEachMutation">
+[]ForEachMutation
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Item is a descriptor on how to iterate over the list of items.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
 <h3 id="kyverno.io/v1.ForEachValidation">ForEachValidation
 </h3>
 <p>
 (<em>Appears on:</em>
+<a href="#kyverno.io/v1.ForEachValidationWrapper">ForEachValidationWrapper</a>, 
 <a href="#kyverno.io/v1.Validation">Validation</a>, 
 <a href="#kyverno.io/v2beta1.Validation">Validation</a>)
 </p>
@@ -1852,8 +1888,8 @@ <h3 id="kyverno.io/v1.ForEachValidation">ForEachValidation
 <td>
 <code>foreach</code><br/>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
-Kubernetes apiextensions/v1.JSON
+<a href="#kyverno.io/v1.ForEachValidationWrapper">
+ForEachValidationWrapper
 </a>
 </em>
 </td>
@@ -1865,6 +1901,40 @@ <h3 id="kyverno.io/v1.ForEachValidation">ForEachValidation
 </tbody>
 </table>
 <hr />
+<h3 id="kyverno.io/v1.ForEachValidationWrapper">ForEachValidationWrapper
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v1.ForEachValidation">ForEachValidation</a>)
+</p>
+<p>
+<p>ForEachValidationWrapper contains a list of ForEach descriptors.</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>-</code><br/>
+<em>
+<a href="#kyverno.io/v1.ForEachValidation">
+[]ForEachValidation
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Item is a descriptor on how to iterate over the list of items.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
 <h3 id="kyverno.io/v1.ForeachOrder">ForeachOrder
 (<code>string</code> alias)</p></h3>
 <p>
@@ -4593,9 +4663,7 @@ <h3 id="kyverno.io/v1.Variable">Variable
 <td>
 <code>value</code><br/>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
-Kubernetes apiextensions/v1.JSON
-</a>
+github.com/kyverno/kyverno/api/kyverno.Any
 </em>
 </td>
 <td>
@@ -4620,9 +4688,7 @@ <h3 id="kyverno.io/v1.Variable">Variable
 <td>
 <code>default</code><br/>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
-Kubernetes apiextensions/v1.JSON
-</a>
+github.com/kyverno/kyverno/api/kyverno.Any
 </em>
 </td>
 <td>
diff --git a/docs/user/crd/kyverno.v1.html b/docs/user/crd/kyverno.v1.html
index 0b7d70cb9dbc..dc349e3865e7 100644
--- a/docs/user/crd/kyverno.v1.html
+++ b/docs/user/crd/kyverno.v1.html
@@ -3318,6 +3318,7 @@ <H3 id="kyverno-io-v1-ForEachMutation">ForEachMutation
   
     <p>
       (<em>Appears in:</em>
+        <a href="#kyverno-io-v1-ForEachMutationWrapper">ForEachMutationWrapper</a>, 
         <a href="#kyverno-io-v1-Mutation">Mutation</a>)
     </p>
   
@@ -3529,7 +3530,9 @@ <H3 id="kyverno-io-v1-ForEachMutation">ForEachMutation
           
           
             
-              <span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span>
+              <a href="#kyverno-io-v1-ForEachMutationWrapper">
+                <span style="font-family: monospace">ForEachMutationWrapper</span>
+              </a>
             
           
         </td>
@@ -3548,6 +3551,71 @@ <H3 id="kyverno-io-v1-ForEachMutation">ForEachMutation
   
 
 
+      </tbody>
+    </table>
+  
+
+  <H3 id="kyverno-io-v1-ForEachMutationWrapper">ForEachMutationWrapper
+    </H3>
+
+  
+    <p>
+      (<em>Appears in:</em>
+        <a href="#kyverno-io-v1-ForEachMutation">ForEachMutation</a>)
+    </p>
+  
+
+  <p><p>ForEachMutationWrapper contains a list of ForEach descriptors.</p>
+</p>
+
+  
+    <table class="table table-striped">
+      <thead class="thead-dark">
+        <tr>
+          <th>Field</th>
+          <th>Description</th>
+        </tr>
+      </thead>
+      <tbody>
+        
+        
+
+        
+        
+
+  
+  
+    
+    
+      <tr>
+        <td><code>-</code>
+          
+          </br>
+
+          
+          
+            
+              <a href="#kyverno-io-v1-ForEachMutation">
+                <span style="font-family: monospace">[]ForEachMutation</span>
+              </a>
+            
+          
+        </td>
+        <td>
+          
+
+          <p>Item is a descriptor on how to iterate over the list of items.</p>
+
+
+          
+
+          
+        </td>
+      </tr>
+    
+  
+
+
       </tbody>
     </table>
   
@@ -3558,6 +3626,7 @@ <H3 id="kyverno-io-v1-ForEachValidation">ForEachValidation
   
     <p>
       (<em>Appears in:</em>
+        <a href="#kyverno-io-v1-ForEachValidationWrapper">ForEachValidationWrapper</a>, 
         <a href="#kyverno-io-v1-Validation">Validation</a>)
     </p>
   
@@ -3795,7 +3864,9 @@ <H3 id="kyverno-io-v1-ForEachValidation">ForEachValidation
           
           
             
-              <span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span>
+              <a href="#kyverno-io-v1-ForEachValidationWrapper">
+                <span style="font-family: monospace">ForEachValidationWrapper</span>
+              </a>
             
           
         </td>
@@ -3814,6 +3885,71 @@ <H3 id="kyverno-io-v1-ForEachValidation">ForEachValidation
   
 
 
+      </tbody>
+    </table>
+  
+
+  <H3 id="kyverno-io-v1-ForEachValidationWrapper">ForEachValidationWrapper
+    </H3>
+
+  
+    <p>
+      (<em>Appears in:</em>
+        <a href="#kyverno-io-v1-ForEachValidation">ForEachValidation</a>)
+    </p>
+  
+
+  <p><p>ForEachValidationWrapper contains a list of ForEach descriptors.</p>
+</p>
+
+  
+    <table class="table table-striped">
+      <thead class="thead-dark">
+        <tr>
+          <th>Field</th>
+          <th>Description</th>
+        </tr>
+      </thead>
+      <tbody>
+        
+        
+
+        
+        
+
+  
+  
+    
+    
+      <tr>
+        <td><code>-</code>
+          
+          </br>
+
+          
+          
+            
+              <a href="#kyverno-io-v1-ForEachValidation">
+                <span style="font-family: monospace">[]ForEachValidation</span>
+              </a>
+            
+          
+        </td>
+        <td>
+          
+
+          <p>Item is a descriptor on how to iterate over the list of items.</p>
+
+
+          
+
+          
+        </td>
+      </tr>
+    
+  
+
+
       </tbody>
     </table>
   
@@ -9213,7 +9349,7 @@ <H3 id="kyverno-io-v1-Variable">Variable
           
           
             
-              <span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span>
+              <span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
             
           
         </td>
@@ -9268,7 +9404,7 @@ <H3 id="kyverno-io-v1-Variable">Variable
           
           
             
-              <span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span>
+              <span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
             
           
         </td>
diff --git a/go.mod b/go.mod
index 5cc53535799b..b551b1ea1aa3 100644
--- a/go.mod
+++ b/go.mod
@@ -7,13 +7,13 @@ require (
 	github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d
 	github.com/IGLOU-EU/go-wildcard v1.0.3
 	github.com/Masterminds/sprig/v3 v3.2.3
-	github.com/alitto/pond v1.9.0
+	github.com/alitto/pond v1.9.1
 	github.com/aquilax/truncate v1.0.0
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240525144225-0fe7eafab216
 	github.com/blang/semver/v4 v4.0.0
 	github.com/cenkalti/backoff v2.2.1+incompatible
-	github.com/cyphar/filepath-securejoin v0.2.5
+	github.com/cyphar/filepath-securejoin v0.3.1
 	github.com/dgraph-io/ristretto v0.1.1
 	github.com/distribution/reference v0.6.0
 	github.com/evanphx/json-patch/v5 v5.9.0
@@ -25,7 +25,7 @@ require (
 	github.com/go-logr/logr v1.4.2
 	github.com/go-logr/zapr v1.3.0
 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49
-	github.com/google/go-containerregistry v0.20.0
+	github.com/google/go-containerregistry v0.20.1
 	github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20240530172801-3764db238e3e
 	github.com/in-toto/in-toto-golang v0.9.0
 	github.com/jmoiron/jsonq v0.0.0-20150511023944-e874b168d07e
@@ -37,7 +37,7 @@ require (
 	github.com/notaryproject/notation-core-go v1.0.3
 	github.com/notaryproject/notation-go v1.1.1
 	github.com/onsi/ginkgo v1.16.5
-	github.com/onsi/gomega v1.33.1
+	github.com/onsi/gomega v1.34.0
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.0
 	github.com/pkg/errors v0.9.1
@@ -74,21 +74,21 @@ require (
 	gopkg.in/inf.v0 v0.9.1
 	gopkg.in/yaml.v2 v2.4.0
 	gotest.tools v2.2.0+incompatible
-	k8s.io/api v0.30.2
+	k8s.io/api v0.30.3
 	k8s.io/apiextensions-apiserver v0.30.1
-	k8s.io/apimachinery v0.30.2
+	k8s.io/apimachinery v0.30.3
 	k8s.io/apiserver v0.30.1
-	k8s.io/cli-runtime v0.30.2
-	k8s.io/client-go v0.30.2
+	k8s.io/cli-runtime v0.30.3
+	k8s.io/client-go v0.30.3
 	k8s.io/klog/v2 v2.130.1
 	k8s.io/kube-aggregator v0.30.1
 	k8s.io/pod-security-admission v0.30.1
 	k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0
 	sigs.k8s.io/controller-runtime v0.18.4
 	sigs.k8s.io/kubectl-validate v0.0.4
-	sigs.k8s.io/kustomize/api v0.17.2
-	sigs.k8s.io/kustomize/kyaml v0.17.1
-	sigs.k8s.io/release-utils v0.8.3
+	sigs.k8s.io/kustomize/api v0.17.3
+	sigs.k8s.io/kustomize/kyaml v0.17.2
+	sigs.k8s.io/release-utils v0.8.4
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
 	sigs.k8s.io/yaml v1.4.0
 )
@@ -390,5 +390,5 @@ replace (
 	github.com/prometheus/client_golang v1.19.0 => github.com/prometheus/client_golang v1.18.0
 	github.com/prometheus/common v0.48.0 => github.com/prometheus/common v0.44.0
 	github.com/sigstore/cosign/v2 v2.2.4 => github.com/kyverno/cosign/v2 v2.2.4-deps-fix
-	k8s.io/pod-security-admission v0.30.1 => github.com/YTGhost/pod-security-admission v0.22.0-beta.0.0.20240603173423-11663473ae49
+	k8s.io/pod-security-admission v0.30.1 => github.com/kyverno/pod-security-admission v0.0.0-20240715131510-7fb54a8d376d
 )
diff --git a/go.sum b/go.sum
index c77def66cbe4..adcfd12f90e1 100644
--- a/go.sum
+++ b/go.sum
@@ -88,8 +88,6 @@ github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0k
 github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/ThalesIgnite/crypto11 v1.2.5 h1:1IiIIEqYmBvUYFeMnHqRft4bwf/O36jryEUpY+9ef8E=
 github.com/ThalesIgnite/crypto11 v1.2.5/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE=
-github.com/YTGhost/pod-security-admission v0.22.0-beta.0.0.20240603173423-11663473ae49 h1:dwYC6vA5cR+2YFeEasNoJGVj/NrsXCSIWww3qQxeQFY=
-github.com/YTGhost/pod-security-admission v0.22.0-beta.0.0.20240603173423-11663473ae49/go.mod h1:wJpTzOGwDdTbVbIqwBuAX7io1eDQIuW/UfMaK5/Xzn0=
 github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8=
 github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo=
 github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
@@ -135,8 +133,8 @@ github.com/alibabacloud-go/tea-utils v1.4.5/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5
 github.com/alibabacloud-go/tea-xml v1.1.2/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
 github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=
 github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
-github.com/alitto/pond v1.9.0 h1:B8BrvXyKe97NK9LHuRsQAOmpRnsp6GJ7mCg1Cgitczo=
-github.com/alitto/pond v1.9.0/go.mod h1:xQn3P/sHTYcU/1BR3i86IGIrilcrGC2LiS+E2+CJWsI=
+github.com/alitto/pond v1.9.1 h1:OfCpIrMyrWJpn34f647DcFmUxjK8+7Nu3eoVN/WTP+o=
+github.com/alitto/pond v1.9.1/go.mod h1:xQn3P/sHTYcU/1BR3i86IGIrilcrGC2LiS+E2+CJWsI=
 github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw=
 github.com/aliyun/credentials-go v1.3.4 h1:X5nse+8s7ft00ANpoG3+bFJIqZVpjHbOg7G9gWQshVY=
 github.com/aliyun/credentials-go v1.3.4/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM=
@@ -251,8 +249,8 @@ github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
 github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f h1:eHnXnuK47UlSTOQexbzxAZfekVz6i+LKRdj1CU5DPaM=
 github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
-github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo=
-github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
+github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciWFrgfCLS8XrE=
+github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc=
 github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs=
 github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -453,8 +451,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.20.0 h1:wRqHpOeVh3DnenOrPy9xDOLdnLatiGuuNRVelR2gSbg=
-github.com/google/go-containerregistry v0.20.0/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI=
+github.com/google/go-containerregistry v0.20.1 h1:eTgx9QNYugV4DN5mz4U8hiAGTi1ybXn0TPi4Smd8du0=
+github.com/google/go-containerregistry v0.20.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI=
 github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20240530172801-3764db238e3e h1:4HrYlQDhLjT1ys3ts5xGT2XKhK3qh0kbpxE8sw6Au7I=
 github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20240530172801-3764db238e3e/go.mod h1:8oYKXummIO/NNasXRCKr4DBziuA1MZ+VEhSQMYI8aJ0=
 github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg=
@@ -613,6 +611,8 @@ github.com/kyverno/kyverno-json v0.0.3 h1:EImI/YV41dG4hDQer/W0qMZHfxqul1yiHrBEXx
 github.com/kyverno/kyverno-json v0.0.3/go.mod h1:KUgXPXwUh0Sm/UgtHPomZAfEX8v79I3B5RZbUlzNihg=
 github.com/kyverno/pkg/ext v0.0.0-20240418121121-df8add26c55c h1:lAolpR9H8BwM5lRRvgCQ8JowswyxZRH+fgtIQzHFVCk=
 github.com/kyverno/pkg/ext v0.0.0-20240418121121-df8add26c55c/go.mod h1:02vxM0GNXz9+B/i6+rMfWAIwibUuAH+qFsd73IFskgQ=
+github.com/kyverno/pod-security-admission v0.0.0-20240715131510-7fb54a8d376d h1:JNgsQw8TtxEeGA3lkra0qMG+B4fMhUwZiMRdJ8NQah4=
+github.com/kyverno/pod-security-admission v0.0.0-20240715131510-7fb54a8d376d/go.mod h1:wJpTzOGwDdTbVbIqwBuAX7io1eDQIuW/UfMaK5/Xzn0=
 github.com/lensesio/tableprinter v0.0.0-20201125135848-89e81fc956e7 h1:k/1ku0yehLCPqERCHkIHMDqDg1R02AcCScRuHbamU3s=
 github.com/lensesio/tableprinter v0.0.0-20201125135848-89e81fc956e7/go.mod h1:YR/zYthNdWfO8+0IOyHDcIDBBBS2JMnYUIwSsnwmRqU=
 github.com/letsencrypt/boulder v0.0.0-20240127020530-97a19b18d21e h1:7QjzPboPE+0pVMsZP1sz1mN26m6vew78YmcIZz1FMrg=
@@ -692,14 +692,14 @@ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vv
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g=
-github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc=
+github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
+github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
-github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
-github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
+github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os=
+github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo=
 github.com/open-policy-agent/gatekeeper/v3 v3.14.0 h1:bQV5temnG6lQHk0Bm7paT2T3oV5cZqtjp4MjiWwiKrE=
 github.com/open-policy-agent/gatekeeper/v3 v3.14.0/go.mod h1:F8UlPaPg/6TuZcVoYLj1+1ptnxOCOxKyasEIv4IzSOs=
 github.com/open-policy-agent/opa v0.61.0 h1:nhncQ2CAYtQTV/SMBhDDPsCpCQsUW+zO/1j+T5V7oZg=
@@ -1204,18 +1204,18 @@ gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI=
-k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI=
+k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ=
+k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04=
 k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws=
 k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4=
-k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg=
-k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
+k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc=
+k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
 k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8=
 k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo=
-k8s.io/cli-runtime v0.30.2 h1:ooM40eEJusbgHNEqnHziN9ZpLN5U4WcQGsdLKVxpkKE=
-k8s.io/cli-runtime v0.30.2/go.mod h1:Y4g/2XezFyTATQUbvV5WaChoUGhojv/jZAtdp5Zkm0A=
-k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50=
-k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs=
+k8s.io/cli-runtime v0.30.3 h1:aG69oRzJuP2Q4o8dm+f5WJIX4ZBEwrvdID0+MXyUY6k=
+k8s.io/cli-runtime v0.30.3/go.mod h1:hwrrRdd9P84CXSKzhHxrOivAR9BRnkMt0OeP5mj7X30=
+k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k=
+k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U=
 k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ=
 k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
@@ -1240,12 +1240,12 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMm
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kubectl-validate v0.0.4 h1:tGKuv0awYHn11Cb6KPsZKxUmHgavF46K3NvVH0Nse9U=
 sigs.k8s.io/kubectl-validate v0.0.4/go.mod h1:JTm3G+JZLPISqABh73uV7s/sW28q2zZqnTghOzahEKA=
-sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g=
-sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0=
-sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ=
-sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U=
-sigs.k8s.io/release-utils v0.8.3 h1:KtOtA4qDmzJyeQ2zkDsFVI25+NViwms/o5eL2NftFdA=
-sigs.k8s.io/release-utils v0.8.3/go.mod h1:fp82Fma06OXBhEJ+GUJKqvcplDBomruK1R/1fWJnsrQ=
+sigs.k8s.io/kustomize/api v0.17.3 h1:6GCuHSsxq7fN5yhF2XrC+AAr8gxQwhexgHflOAD/JJU=
+sigs.k8s.io/kustomize/api v0.17.3/go.mod h1:TuDH4mdx7jTfK61SQ/j1QZM/QWR+5rmEiNjvYlhzFhc=
+sigs.k8s.io/kustomize/kyaml v0.17.2 h1:+AzvoJUY0kq4QAhH/ydPHHMRLijtUKiyVyh7fOSshr0=
+sigs.k8s.io/kustomize/kyaml v0.17.2/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U=
+sigs.k8s.io/release-utils v0.8.4 h1:4QVr3UgbyY/d9p74LBhg0njSVQofUsAZqYOzVZBhdBw=
+sigs.k8s.io/release-utils v0.8.4/go.mod h1:m1bHfscTemQp+z+pLCZnkXih9n0+WukIUU70n6nFnU0=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
diff --git a/pkg/autogen/autogen.go b/pkg/autogen/autogen.go
index 4d6db9f2bfde..ebeced6693e1 100644
--- a/pkg/autogen/autogen.go
+++ b/pkg/autogen/autogen.go
@@ -1,9 +1,9 @@
 package autogen
 
 import (
+	"encoding/json"
 	"strings"
 
-	jsoniter "github.com/json-iterator/go"
 	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
@@ -190,23 +190,14 @@ func generateRules(spec *kyvernov1.Spec, controllers string) []kyvernov1.Rule {
 }
 
 func convertRule(rule kyvernoRule, kind string) (*kyvernov1.Rule, error) {
-	json := jsoniter.ConfigCompatibleWithStandardLibrary
-
 	if bytes, err := json.Marshal(rule); err != nil {
 		return nil, err
 	} else {
-		bytes = updateGenRuleByte(bytes, kind)
-		if err := json.Unmarshal(bytes, &rule); err != nil {
-			return nil, err
-		}
-
 		// CEL variables are object, oldObject, request, params and authorizer.
 		// Therefore CEL expressions can be either written as object.spec or request.object.spec
-		if rule.Validation != nil && rule.Validation.CEL != nil {
-			bytes = updateCELFields(bytes, kind)
-			if err := json.Unmarshal(bytes, &rule); err != nil {
-				return nil, err
-			}
+		bytes = updateFields(bytes, kind, rule.Validation != nil && rule.Validation.CEL != nil)
+		if err := json.Unmarshal(bytes, &rule); err != nil {
+			return nil, err
 		}
 	}
 
diff --git a/pkg/autogen/autogen_test.go b/pkg/autogen/autogen_test.go
index 6c5523aec46f..b7c70283bbae 100644
--- a/pkg/autogen/autogen_test.go
+++ b/pkg/autogen/autogen_test.go
@@ -343,7 +343,7 @@ func TestUpdateGenRuleByte(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		got := updateGenRuleByte(tt.pbyte, tt.kind)
+		got := updateFields(tt.pbyte, tt.kind, false)
 		if !reflect.DeepEqual(got, tt.want) {
 			t.Errorf("updateGenRuleByte() = %v, want %v", string(got), string(tt.want))
 		}
@@ -384,7 +384,7 @@ func TestUpdateCELFields(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		got := updateCELFields(tt.pbyte, tt.kind)
+		got := updateFields(tt.pbyte, tt.kind, true)
 		if !reflect.DeepEqual(got, tt.want) {
 			t.Errorf("updateCELFields() = %v, want %v", string(got), string(tt.want))
 		}
diff --git a/pkg/autogen/rule.go b/pkg/autogen/rule.go
index 07c97fdf5a13..698bfe2010b1 100644
--- a/pkg/autogen/rule.go
+++ b/pkg/autogen/rule.go
@@ -1,6 +1,7 @@
 package autogen
 
 import (
+	"bytes"
 	"sort"
 	"strings"
 
@@ -312,34 +313,56 @@ func generateCronJobRule(rule *kyvernov1.Rule, controllers string) *kyvernov1.Ru
 	)
 }
 
-func updateGenRuleByte(pbyte []byte, kind string) (obj []byte) {
-	if kind == "Pod" {
-		obj = []byte(strings.ReplaceAll(string(pbyte), "request.object.spec", "request.object.spec.template.spec"))
-		obj = []byte(strings.ReplaceAll(string(obj), "request.oldObject.spec", "request.oldObject.spec.template.spec"))
-		obj = []byte(strings.ReplaceAll(string(obj), "request.object.metadata", "request.object.spec.template.metadata"))
-		obj = []byte(strings.ReplaceAll(string(obj), "request.oldObject.metadata", "request.oldObject.spec.template.metadata"))
-	}
-	if kind == "Cronjob" {
-		obj = []byte(strings.ReplaceAll(string(pbyte), "request.object.spec", "request.object.spec.jobTemplate.spec.template.spec"))
-		obj = []byte(strings.ReplaceAll(string(obj), "request.oldObject.spec", "request.oldObject.spec.jobTemplate.spec.template.spec"))
-		obj = []byte(strings.ReplaceAll(string(obj), "request.object.metadata", "request.object.spec.jobTemplate.spec.template.metadata"))
-		obj = []byte(strings.ReplaceAll(string(obj), "request.oldObject.metadata", "request.oldObject.spec.jobTemplate.spec.template.metadata"))
-	}
-	return obj
-}
+var (
+	podReplacementRules [][2][]byte = [][2][]byte{
+		{[]byte("request.object.spec"), []byte("request.object.spec.template.spec")},
+		{[]byte("request.oldObject.spec"), []byte("request.oldObject.spec.template.spec")},
+		{[]byte("request.object.metadata"), []byte("request.object.spec.template.metadata")},
+		{[]byte("request.oldObject.metadata"), []byte("request.oldObject.spec.template.metadata")},
+	}
+	podCELReplacementRules [][2][]byte = [][2][]byte{
+		{[]byte("object.spec"), []byte("object.spec.template.spec")},
+		{[]byte("oldObject.spec"), []byte("oldObject.spec.template.spec")},
+		{[]byte("object.metadata"), []byte("object.spec.template.metadata")},
+		{[]byte("oldObject.metadata"), []byte("oldObject.spec.template.metadata")},
+	}
+	cronJobReplacementRules [][2][]byte = [][2][]byte{
+		{[]byte("request.object.spec"), []byte("request.object.spec.jobTemplate.spec.template.spec")},
+		{[]byte("request.oldObject.spec"), []byte("request.oldObject.spec.jobTemplate.spec.template.spec")},
+		{[]byte("request.object.metadata"), []byte("request.object.spec.jobTemplate.spec.template.metadata")},
+		{[]byte("request.oldObject.metadata"), []byte("request.oldObject.spec.jobTemplate.spec.template.metadata")},
+	}
+	cronJobCELReplacementRules [][2][]byte = [][2][]byte{
+		{[]byte("object.spec"), []byte("object.spec.jobTemplate.spec.template.spec")},
+		{[]byte("oldObject.spec"), []byte("oldObject.spec.jobTemplate.spec.template.spec")},
+		{[]byte("object.metadata"), []byte("object.spec.jobTemplate.spec.template.metadata")},
+		{[]byte("oldObject.metadata"), []byte("oldObject.spec.jobTemplate.spec.template.metadata")},
+	}
+)
+
+func updateFields(data []byte, kind string, cel bool) []byte {
+	switch kind {
+	case "Pod":
+		if cel {
+			for _, replacement := range podCELReplacementRules {
+				data = bytes.ReplaceAll(data, replacement[0], replacement[1])
+			}
+		} else {
+			for _, replacement := range podReplacementRules {
+				data = bytes.ReplaceAll(data, replacement[0], replacement[1])
+			}
+		}
+	case "Cronjob":
+		if cel {
+			for _, replacement := range cronJobCELReplacementRules {
+				data = bytes.ReplaceAll(data, replacement[0], replacement[1])
+			}
+		} else {
+			for _, replacement := range cronJobReplacementRules {
+				data = bytes.ReplaceAll(data, replacement[0], replacement[1])
+			}
+		}
+	}
 
-func updateCELFields(pbyte []byte, kind string) (obj []byte) {
-	if kind == "Pod" {
-		obj = []byte(strings.ReplaceAll(string(pbyte), "object.spec", "object.spec.template.spec"))
-		obj = []byte(strings.ReplaceAll(string(obj), "oldObject.spec", "oldObject.spec.template.spec"))
-		obj = []byte(strings.ReplaceAll(string(obj), "object.metadata", "object.spec.template.metadata"))
-		obj = []byte(strings.ReplaceAll(string(obj), "oldObject.metadata", "oldObject.spec.template.metadata"))
-	}
-	if kind == "Cronjob" {
-		obj = []byte(strings.ReplaceAll(string(pbyte), "object.spec", "object.spec.jobTemplate.spec.template.spec"))
-		obj = []byte(strings.ReplaceAll(string(obj), "oldObject.spec", "oldObject.spec.jobTemplate.spec.template.spec"))
-		obj = []byte(strings.ReplaceAll(string(obj), "object.metadata", "object.spec.jobTemplate.spec.template.metadata"))
-		obj = []byte(strings.ReplaceAll(string(obj), "oldObject.metadata", "oldObject.spec.jobTemplate.spec.template.metadata"))
-	}
-	return obj
+	return data
 }
diff --git a/pkg/client/applyconfigurations/kyverno/v1/foreachmutation.go b/pkg/client/applyconfigurations/kyverno/v1/foreachmutation.go
index 96df14f47951..d6f56a66968a 100644
--- a/pkg/client/applyconfigurations/kyverno/v1/foreachmutation.go
+++ b/pkg/client/applyconfigurations/kyverno/v1/foreachmutation.go
@@ -32,7 +32,7 @@ type ForEachMutationApplyConfiguration struct {
 	AnyAllConditions       *AnyAllConditionsApplyConfiguration `json:"preconditions,omitempty"`
 	RawPatchStrategicMerge *apiextensionsv1.JSON               `json:"patchStrategicMerge,omitempty"`
 	PatchesJSON6902        *string                             `json:"patchesJson6902,omitempty"`
-	ForEachMutation        *apiextensionsv1.JSON               `json:"foreach,omitempty"`
+	ForEachMutation        *v1.ForEachMutationWrapper          `json:"foreach,omitempty"`
 }
 
 // ForEachMutationApplyConfiguration constructs an declarative configuration of the ForEachMutation type for use with
@@ -97,7 +97,7 @@ func (b *ForEachMutationApplyConfiguration) WithPatchesJSON6902(value string) *F
 // WithForEachMutation sets the ForEachMutation field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the ForEachMutation field is set to the value of the last call.
-func (b *ForEachMutationApplyConfiguration) WithForEachMutation(value apiextensionsv1.JSON) *ForEachMutationApplyConfiguration {
+func (b *ForEachMutationApplyConfiguration) WithForEachMutation(value v1.ForEachMutationWrapper) *ForEachMutationApplyConfiguration {
 	b.ForEachMutation = &value
 	return b
 }
diff --git a/pkg/client/applyconfigurations/kyverno/v1/foreachvalidation.go b/pkg/client/applyconfigurations/kyverno/v1/foreachvalidation.go
index c18cd3240c0b..04bf1f4f8b96 100644
--- a/pkg/client/applyconfigurations/kyverno/v1/foreachvalidation.go
+++ b/pkg/client/applyconfigurations/kyverno/v1/foreachvalidation.go
@@ -19,6 +19,7 @@ limitations under the License.
 package v1
 
 import (
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 )
 
@@ -32,7 +33,7 @@ type ForEachValidationApplyConfiguration struct {
 	RawPattern        *apiextensionsv1.JSON               `json:"pattern,omitempty"`
 	RawAnyPattern     *apiextensionsv1.JSON               `json:"anyPattern,omitempty"`
 	Deny              *DenyApplyConfiguration             `json:"deny,omitempty"`
-	ForEachValidation *apiextensionsv1.JSON               `json:"foreach,omitempty"`
+	ForEachValidation *kyvernov1.ForEachValidationWrapper `json:"foreach,omitempty"`
 }
 
 // ForEachValidationApplyConfiguration constructs an declarative configuration of the ForEachValidation type for use with
@@ -105,7 +106,7 @@ func (b *ForEachValidationApplyConfiguration) WithDeny(value *DenyApplyConfigura
 // WithForEachValidation sets the ForEachValidation field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the ForEachValidation field is set to the value of the last call.
-func (b *ForEachValidationApplyConfiguration) WithForEachValidation(value apiextensionsv1.JSON) *ForEachValidationApplyConfiguration {
+func (b *ForEachValidationApplyConfiguration) WithForEachValidation(value kyvernov1.ForEachValidationWrapper) *ForEachValidationApplyConfiguration {
 	b.ForEachValidation = &value
 	return b
 }
diff --git a/pkg/client/applyconfigurations/kyverno/v1/variable.go b/pkg/client/applyconfigurations/kyverno/v1/variable.go
index 53c44723b52f..59f292479663 100644
--- a/pkg/client/applyconfigurations/kyverno/v1/variable.go
+++ b/pkg/client/applyconfigurations/kyverno/v1/variable.go
@@ -19,15 +19,15 @@ limitations under the License.
 package v1
 
 import (
-	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	kyverno "github.com/kyverno/kyverno/api/kyverno"
 )
 
 // VariableApplyConfiguration represents an declarative configuration of the Variable type for use
 // with apply.
 type VariableApplyConfiguration struct {
-	Value    *v1.JSON `json:"value,omitempty"`
-	JMESPath *string  `json:"jmesPath,omitempty"`
-	Default  *v1.JSON `json:"default,omitempty"`
+	Value    *kyverno.Any `json:"value,omitempty"`
+	JMESPath *string      `json:"jmesPath,omitempty"`
+	Default  *kyverno.Any `json:"default,omitempty"`
 }
 
 // VariableApplyConfiguration constructs an declarative configuration of the Variable type for use with
@@ -39,7 +39,7 @@ func Variable() *VariableApplyConfiguration {
 // WithValue sets the Value field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Value field is set to the value of the last call.
-func (b *VariableApplyConfiguration) WithValue(value v1.JSON) *VariableApplyConfiguration {
+func (b *VariableApplyConfiguration) WithValue(value kyverno.Any) *VariableApplyConfiguration {
 	b.Value = &value
 	return b
 }
@@ -55,7 +55,7 @@ func (b *VariableApplyConfiguration) WithJMESPath(value string) *VariableApplyCo
 // WithDefault sets the Default field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Default field is set to the value of the last call.
-func (b *VariableApplyConfiguration) WithDefault(value v1.JSON) *VariableApplyConfiguration {
+func (b *VariableApplyConfiguration) WithDefault(value kyverno.Any) *VariableApplyConfiguration {
 	b.Default = &value
 	return b
 }
diff --git a/pkg/controllers/report/background/controller.go b/pkg/controllers/report/background/controller.go
index ca03bb91ac51..66caea91acc0 100644
--- a/pkg/controllers/report/background/controller.go
+++ b/pkg/controllers/report/background/controller.go
@@ -2,6 +2,7 @@ package background
 
 import (
 	"context"
+	"strings"
 	"time"
 
 	"github.com/go-logr/logr"
@@ -361,8 +362,8 @@ func (c *controller) reconcileReport(
 			}
 			policyNameToLabel[key] = reportutils.PolicyLabel(policy)
 		}
-		for _, exception := range exceptions {
-			key, err := cache.MetaNamespaceKeyFunc(exception)
+		for i, exception := range exceptions {
+			key, err := cache.MetaNamespaceKeyFunc(&exceptions[i])
 			if err != nil {
 				return err
 			}
@@ -376,13 +377,24 @@ func (c *controller) reconcileReport(
 			policyNameToLabel[key] = reportutils.ValidatingAdmissionPolicyBindingLabel(binding)
 		}
 		for _, result := range observed.GetResults() {
-			// if the policy did not change, keep the result
+			// The result is kept as it is if:
+			// 1. The Kyverno policy and its matched exceptions are unchanged
+			// 2. The ValidatingAdmissionPolicy and its matched binding are unchanged
+			keepResult := true
+			exception := result.Properties["exceptions"]
+			exceptions := strings.Split(exception, ",")
+			for _, exception := range exceptions {
+				exceptionLabel := policyNameToLabel[exception]
+				if exceptionLabel != "" && expected[exceptionLabel] != actual[exceptionLabel] {
+					keepResult = false
+					break
+				}
+			}
+
 			label := policyNameToLabel[result.Policy]
-			exceptionLabel := policyNameToLabel[result.Properties["exception"]]
 			vapBindingLabel := policyNameToLabel[result.Properties["binding"]]
 			if (label != "" && expected[label] == actual[label]) ||
-				(exceptionLabel != "" && expected[exceptionLabel] == actual[exceptionLabel]) ||
-				(vapBindingLabel != "" && expected[vapBindingLabel] == actual[vapBindingLabel]) {
+				(vapBindingLabel != "" && expected[vapBindingLabel] == actual[vapBindingLabel]) || keepResult {
 				ruleResults = append(ruleResults, result)
 			}
 		}
diff --git a/pkg/controllers/webhook/controller.go b/pkg/controllers/webhook/controller.go
index 4c2a2a87861a..a0411f64be4e 100644
--- a/pkg/controllers/webhook/controller.go
+++ b/pkg/controllers/webhook/controller.go
@@ -820,12 +820,14 @@ func (c *controller) buildDefaultResourceValidatingWebhookConfiguration(_ contex
 func addOpnForMutatingWebhookConf(rules []kyvernov1.Rule, mapResourceToOpnType map[string][]admissionregistrationv1.OperationType) map[string][]admissionregistrationv1.OperationType {
 	var mapResourceToOpn map[string]map[string]bool
 	for _, r := range rules {
-		var resources []string
-		operationStatusMap := getOperationStatusMap()
-		operationStatusMap = computeOperationsForMutatingWebhookConf(r, operationStatusMap)
-		resources = computeResourcesOfRule(r)
-		for _, r := range resources {
-			mapResourceToOpn, mapResourceToOpnType = appendResource(r, mapResourceToOpn, operationStatusMap, mapResourceToOpnType)
+		if r.HasMutate() || r.HasVerifyImages() {
+			var resources []string
+			operationStatusMap := getOperationStatusMap()
+			operationStatusMap = computeOperationsForMutatingWebhookConf(r, operationStatusMap)
+			resources = computeResourcesOfRule(r)
+			for _, r := range resources {
+				mapResourceToOpn, mapResourceToOpnType = appendResource(r, mapResourceToOpn, operationStatusMap, mapResourceToOpnType)
+			}
 		}
 	}
 	return mapResourceToOpnType
diff --git a/pkg/controllers/webhook/controller_test.go b/pkg/controllers/webhook/controller_test.go
index 6c4a3d917442..76d632019261 100644
--- a/pkg/controllers/webhook/controller_test.go
+++ b/pkg/controllers/webhook/controller_test.go
@@ -4,10 +4,12 @@ import (
 	"cmp"
 	"reflect"
 	"slices"
+	"sort"
 	"testing"
 
 	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 )
 
 func TestAddOperationsForValidatingWebhookConfMultiplePolicies(t *testing.T) {
@@ -354,3 +356,87 @@ func TestAddOperationsForMutatingtingWebhookConf(t *testing.T) {
 		})
 	}
 }
+
+func TestAddOperationsForMutatingtingWebhookConfMultiplePolicies(t *testing.T) {
+	testCases := []struct {
+		name           string
+		policies       []kyverno.ClusterPolicy
+		expectedResult map[string][]admissionregistrationv1.OperationType
+	}{
+		{
+			name: "test-1",
+			policies: []kyverno.ClusterPolicy{
+				{
+					Spec: kyverno.Spec{
+						Rules: []kyverno.Rule{
+							{
+								Mutation: kyverno.Mutation{
+									RawPatchStrategicMerge: &apiextensionsv1.JSON{Raw: []byte(`"nodeSelector": {<"public-ip-type": "elastic"}, +"priorityClassName": "elastic-ip-required"`)}},
+								MatchResources: kyverno.MatchResources{
+									ResourceDescription: kyverno.ResourceDescription{
+										Kinds: []string{"Pod"},
+									},
+								},
+							},
+						},
+					},
+				},
+				{
+					Spec: kyverno.Spec{
+						Rules: []kyverno.Rule{
+							{
+								Generation: kyverno.Generation{},
+								MatchResources: kyverno.MatchResources{
+									ResourceDescription: kyverno.ResourceDescription{
+										Kinds: []string{"Deployments", "StatefulSet", "DaemonSet", "Job"},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			expectedResult: map[string][]admissionregistrationv1.OperationType{
+				"Pod": {"CREATE", "UPDATE"},
+			},
+		},
+	}
+
+	var mapResourceToOpnType map[string][]admissionregistrationv1.OperationType
+	for _, test := range testCases {
+		t.Run(test.name, func(t *testing.T) {
+			for _, p := range test.policies {
+				mapResourceToOpnType = addOpnForMutatingWebhookConf(p.GetSpec().Rules, mapResourceToOpnType)
+			}
+			if !compareMaps(mapResourceToOpnType, test.expectedResult) {
+				t.Errorf("Expected %v, but got %v", test.expectedResult, mapResourceToOpnType)
+			}
+		})
+	}
+}
+
+func compareMaps(a, b map[string][]admissionregistrationv1.OperationType) bool {
+	if len(a) != len(b) {
+		return false
+	}
+
+	for key, aValue := range a {
+		bValue, ok := b[key]
+		if !ok {
+			return false
+		}
+
+		sort.Slice(aValue, func(i, j int) bool {
+			return cmp.Compare(aValue[i], aValue[j]) < 0
+		})
+		sort.Slice(bValue, func(i, j int) bool {
+			return cmp.Compare(bValue[i], bValue[j]) < 0
+		})
+
+		if !reflect.DeepEqual(aValue, bValue) {
+			return false
+		}
+	}
+
+	return true
+}
diff --git a/pkg/engine/api/ruleresponse.go b/pkg/engine/api/ruleresponse.go
index c45f6a6494da..b1927122af48 100644
--- a/pkg/engine/api/ruleresponse.go
+++ b/pkg/engine/api/ruleresponse.go
@@ -43,8 +43,8 @@ type RuleResponse struct {
 	patchedTargetSubresourceName string
 	// podSecurityChecks contains pod security checks (only if this is a pod security rule)
 	podSecurityChecks *PodSecurityChecks
-	// exception is the exception applied (if any)
-	exception *kyvernov2.PolicyException
+	// exceptions are the exceptions applied (if any)
+	exceptions []kyvernov2.PolicyException
 	// binding is the validatingadmissionpolicybinding (if any)
 	binding *v1alpha1.ValidatingAdmissionPolicyBinding
 	// emitWarning enable passing rule message as warning to api server warning header
@@ -88,8 +88,8 @@ func RuleFail(name string, ruleType RuleType, msg string) *RuleResponse {
 	return NewRuleResponse(name, ruleType, msg, RuleStatusFail)
 }
 
-func (r RuleResponse) WithException(exception *kyvernov2.PolicyException) *RuleResponse {
-	r.exception = exception
+func (r RuleResponse) WithExceptions(exceptions []kyvernov2.PolicyException) *RuleResponse {
+	r.exceptions = exceptions
 	return &r
 }
 
@@ -129,8 +129,8 @@ func (r *RuleResponse) Stats() ExecutionStats {
 	return r.stats
 }
 
-func (r *RuleResponse) Exception() *kyvernov2.PolicyException {
-	return r.exception
+func (r *RuleResponse) Exceptions() []kyvernov2.PolicyException {
+	return r.exceptions
 }
 
 func (r *RuleResponse) ValidatingAdmissionPolicyBinding() *v1alpha1.ValidatingAdmissionPolicyBinding {
@@ -138,7 +138,7 @@ func (r *RuleResponse) ValidatingAdmissionPolicyBinding() *v1alpha1.ValidatingAd
 }
 
 func (r *RuleResponse) IsException() bool {
-	return r.exception != nil
+	return len(r.exceptions) > 0
 }
 
 func (r *RuleResponse) PodSecurityChecks() *PodSecurityChecks {
diff --git a/pkg/engine/background.go b/pkg/engine/background.go
index 96b29fd5e4b4..2a6124ed9d0e 100644
--- a/pkg/engine/background.go
+++ b/pkg/engine/background.go
@@ -2,6 +2,7 @@ package engine
 
 import (
 	"context"
+	"strings"
 
 	"github.com/go-logr/logr"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
@@ -64,17 +65,21 @@ func (e *engine) filterRule(
 		logger.Error(err, "failed to get exceptions")
 		return nil
 	}
-	// check if there is a policy exception matches the incoming resource
-	exception := engineutils.MatchesException(exceptions, policyContext, logger)
-	if exception != nil {
-		key, err := cache.MetaNamespaceKeyFunc(exception)
-		if err != nil {
-			logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
-			return engineapi.RuleError(rule.Name, ruleType, "failed to compute exception key", err)
-		} else {
-			logger.V(3).Info("policy rule skipped due to policy exception", "exception", key)
-			return engineapi.RuleSkip(rule.Name, ruleType, "rule skipped due to policy exception "+key).WithException(exception)
+	// check if there are policy exceptions that match the incoming resource
+	matchedExceptions := engineutils.MatchesException(exceptions, policyContext, logger)
+	if len(matchedExceptions) > 0 {
+		var keys []string
+		for i, exception := range matchedExceptions {
+			key, err := cache.MetaNamespaceKeyFunc(&matchedExceptions[i])
+			if err != nil {
+				logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
+				return engineapi.RuleError(rule.Name, ruleType, "failed to compute exception key", err)
+			}
+			keys = append(keys, key)
 		}
+
+		logger.V(3).Info("policy rule is skipped due to policy exceptions", "exceptions", keys)
+		return engineapi.RuleSkip(rule.Name, ruleType, "rule is skipped due to policy exception "+strings.Join(keys, ", ")).WithExceptions(matchedExceptions)
 	}
 
 	newResource := policyContext.NewResource()
diff --git a/pkg/engine/context/loaders/variable.go b/pkg/engine/context/loaders/variable.go
index 22e002464d79..270f9890455b 100644
--- a/pkg/engine/context/loaders/variable.go
+++ b/pkg/engine/context/loaders/variable.go
@@ -62,24 +62,24 @@ func (vl *variableLoader) loadVariable() (err error) {
 	}
 
 	var defaultValue interface{} = nil
-	if entry.Variable.Default != nil {
-		value, err := jsonutils.DocumentToUntyped(entry.Variable.Default)
+	if entry.Variable.GetDefault() != nil {
+		value, err := jsonutils.DocumentToUntyped(entry.Variable.GetDefault())
 		if err != nil {
 			return fmt.Errorf("invalid default for variable %s", entry.Name)
 		}
 		defaultValue, err = variables.SubstituteAll(logger, ctx, value)
 		if err != nil {
-			return fmt.Errorf("failed to substitute variables in context entry %s %s: %v", entry.Name, entry.Variable.Default, err)
+			return fmt.Errorf("failed to substitute variables in context entry %s %s: %v", entry.Name, entry.Variable.GetDefault(), err)
 		}
 		logger.V(4).Info("evaluated default value", "variable name", entry.Name, "jmespath", defaultValue)
 	}
 
 	var output interface{} = defaultValue
-	if entry.Variable.Value != nil {
-		value, _ := jsonutils.DocumentToUntyped(entry.Variable.Value)
+	if entry.Variable.GetValue() != nil {
+		value, _ := jsonutils.DocumentToUntyped(entry.Variable.GetValue())
 		variable, err := variables.SubstituteAll(logger, ctx, value)
 		if err != nil {
-			return fmt.Errorf("failed to substitute variables in context entry %s %s: %v", entry.Name, entry.Variable.Value, err)
+			return fmt.Errorf("failed to substitute variables in context entry %s %s: %v", entry.Name, entry.Variable.GetValue(), err)
 		}
 		if path != "" {
 			variable, err := applyJMESPath(vl.jp, path, variable)
diff --git a/pkg/engine/forceMutate.go b/pkg/engine/forceMutate.go
index e6ca6edd1148..741de18b117c 100644
--- a/pkg/engine/forceMutate.go
+++ b/pkg/engine/forceMutate.go
@@ -1,15 +1,12 @@
 package engine
 
 import (
-	"fmt"
-
 	"github.com/go-logr/logr"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/engine/context"
 	"github.com/kyverno/kyverno/pkg/engine/internal"
 	"github.com/kyverno/kyverno/pkg/engine/mutate"
 	"github.com/kyverno/kyverno/pkg/engine/variables"
-	"github.com/kyverno/kyverno/pkg/utils/api"
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
@@ -64,13 +61,9 @@ func ForceMutate(
 func applyForEachMutate(name string, foreach []kyvernov1.ForEachMutation, resource unstructured.Unstructured, logger logr.Logger) (patchedResource unstructured.Unstructured, err error) {
 	patchedResource = resource
 	for _, fe := range foreach {
-		if fe.ForEachMutation != nil {
-			nestedForEach, err := api.DeserializeJSONArray[kyvernov1.ForEachMutation](fe.ForEachMutation)
-			if err != nil {
-				return patchedResource, fmt.Errorf("failed to deserialize foreach: %w", err)
-			}
-
-			return applyForEachMutate(name, nestedForEach, patchedResource, logger)
+		fem := fe.GetForEachMutation()
+		if len(fem) > 0 {
+			return applyForEachMutate(name, fem, patchedResource, logger)
 		}
 
 		patchedResource, err = applyPatches(fe.GetPatchStrategicMerge(), fe.PatchesJSON6902, patchedResource, logger)
diff --git a/pkg/engine/forceMutate_test.go b/pkg/engine/forceMutate_test.go
index 6508e18a9511..ff8704754019 100644
--- a/pkg/engine/forceMutate_test.go
+++ b/pkg/engine/forceMutate_test.go
@@ -113,6 +113,87 @@ func Test_ForceMutateSubstituteVars(t *testing.T) {
 	assert.DeepEqual(t, expectedResource, mutatedResource.UnstructuredContent())
 }
 
+func Test_ApplyForEachMutate(t *testing.T) {
+	rawPolicy := []byte(`
+    {
+        "apiVersion": "kyverno.io/v1",
+        "kind": "ClusterPolicy",
+        "metadata": {
+            "name": "add-label"
+        },
+        "spec": {
+            "rules": [
+                {
+                    "name": "add-name-label",
+                    "match": {
+                        "resources": {
+                            "kinds": [
+                                "Pod"
+                            ]
+                        }
+                    },
+                    "mutate": {
+                        "forEach": [
+                            {
+                                "patchStrategicMerge": {
+                                    "metadata": {
+                                        "labels": {
+                                            "appname": "{{request.object.metadata.name}}"
+                                        }
+                                    }
+                                },
+                                "forEach": [
+                                    {
+                                        "patchStrategicMerge": {
+                                            "metadata": {
+                                                "labels": {
+                                                    "nestedLabel": "nestedValue"
+                                                }
+                                            }
+                                        }
+                                    }
+                                ]
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    }
+    `)
+
+	var policy kyverno.ClusterPolicy
+	err := json.Unmarshal(rawPolicy, &policy)
+	assert.NilError(t, err)
+
+	resourceUnstructured, err := kubeutils.BytesToUnstructured(rawResource)
+	assert.NilError(t, err)
+	jp := jmespath.New(config.NewDefaultConfiguration(false))
+	ctx := context.NewContext(jp)
+	err = context.AddResource(ctx, rawResource)
+	assert.NilError(t, err)
+
+	mutatedResource, err := ForceMutate(ctx, logr.Discard(), &policy, *resourceUnstructured)
+	assert.NilError(t, err)
+
+	expectedRawResource := []byte(`{
+		"apiVersion": "v1",
+		"kind":       "Pod",
+		"metadata": {
+			"labels": {
+				"nestedLabel": "nestedValue"
+			},
+			"name": "check-root-user"
+		},
+		"spec": {"containers": [{"image": "nginxinc/nginx-unprivileged", "name": "check-root-user", "securityContext": {"runAsNonRoot": true}}]}
+	}`)
+
+	var expectedResource interface{}
+	assert.NilError(t, json.Unmarshal(expectedRawResource, &expectedResource))
+
+	assert.DeepEqual(t, expectedResource, mutatedResource.UnstructuredContent())
+}
+
 func Test_ForceMutateSubstituteVarsWithPatchesJson6902(t *testing.T) {
 	rawPolicy := []byte(`
 	{
diff --git a/pkg/engine/handlers/mutation/common.go b/pkg/engine/handlers/mutation/common.go
index 4ba5609068ce..5ac473daca07 100644
--- a/pkg/engine/handlers/mutation/common.go
+++ b/pkg/engine/handlers/mutation/common.go
@@ -11,7 +11,6 @@ import (
 	"github.com/kyverno/kyverno/pkg/engine/internal"
 	"github.com/kyverno/kyverno/pkg/engine/mutate"
 	engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
-	"github.com/kyverno/kyverno/pkg/utils/api"
 	datautils "github.com/kyverno/kyverno/pkg/utils/data"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
@@ -110,18 +109,14 @@ func (f *forEachMutator) mutateElements(ctx context.Context, foreach kyvernov1.F
 		}
 
 		var mutateResp *mutate.Response
-		if foreach.ForEachMutation != nil {
-			nestedForEach, err := api.DeserializeJSONArray[kyvernov1.ForEachMutation](foreach.ForEachMutation)
-			if err != nil {
-				return mutate.NewErrorResponse("failed to deserialize foreach", err)
-			}
-
+		fem := foreach.GetForEachMutation()
+		if len(fem) > 0 {
 			m := &forEachMutator{
 				rule:          f.rule,
 				policyContext: f.policyContext,
 				resource:      patchedResource,
 				logger:        f.logger,
-				foreach:       nestedForEach,
+				foreach:       fem,
 				nesting:       f.nesting + 1,
 				contextLoader: f.contextLoader,
 			}
diff --git a/pkg/engine/handlers/mutation/mutate_existing.go b/pkg/engine/handlers/mutation/mutate_existing.go
index c7e6d6ca774c..0365fd88fc03 100644
--- a/pkg/engine/handlers/mutation/mutate_existing.go
+++ b/pkg/engine/handlers/mutation/mutate_existing.go
@@ -2,6 +2,7 @@ package mutation
 
 import (
 	"context"
+	"strings"
 
 	"github.com/go-logr/logr"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
@@ -37,19 +38,23 @@ func (h mutateExistingHandler) Process(
 	contextLoader engineapi.EngineContextLoader,
 	exceptions []*kyvernov2.PolicyException,
 ) (unstructured.Unstructured, []engineapi.RuleResponse) {
-	// check if there is a policy exception matches the incoming resource
-	exception := engineutils.MatchesException(exceptions, policyContext, logger)
-	if exception != nil {
-		key, err := cache.MetaNamespaceKeyFunc(exception)
-		if err != nil {
-			logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
-			return resource, handlers.WithError(rule, engineapi.Mutation, "failed to compute exception key", err)
-		} else {
-			logger.V(3).Info("policy rule skipped due to policy exception", "exception", key)
-			return resource, handlers.WithResponses(
-				engineapi.RuleSkip(rule.Name, engineapi.Mutation, "rule skipped due to policy exception "+key).WithException(exception),
-			)
+	// check if there are policy exceptions that match the incoming resource
+	matchedExceptions := engineutils.MatchesException(exceptions, policyContext, logger)
+	if len(matchedExceptions) > 0 {
+		var keys []string
+		for i, exception := range matchedExceptions {
+			key, err := cache.MetaNamespaceKeyFunc(&matchedExceptions[i])
+			if err != nil {
+				logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
+				return resource, handlers.WithError(rule, engineapi.Mutation, "failed to compute exception key", err)
+			}
+			keys = append(keys, key)
 		}
+
+		logger.V(3).Info("policy rule is skipped due to policy exceptions", "exceptions", keys)
+		return resource, handlers.WithResponses(
+			engineapi.RuleSkip(rule.Name, engineapi.Mutation, "rule is skipped due to policy exceptions"+strings.Join(keys, ", ")).WithExceptions(matchedExceptions),
+		)
 	}
 
 	var responses []engineapi.RuleResponse
diff --git a/pkg/engine/handlers/mutation/mutate_image.go b/pkg/engine/handlers/mutation/mutate_image.go
index 1598ee29d7b6..62cea051eaeb 100644
--- a/pkg/engine/handlers/mutation/mutate_image.go
+++ b/pkg/engine/handlers/mutation/mutate_image.go
@@ -2,6 +2,7 @@ package mutation
 
 import (
 	"context"
+	"strings"
 
 	json_patch "github.com/evanphx/json-patch/v5"
 	"github.com/go-logr/logr"
@@ -68,19 +69,23 @@ func (h mutateImageHandler) Process(
 	contextLoader engineapi.EngineContextLoader,
 	exceptions []*kyvernov2.PolicyException,
 ) (unstructured.Unstructured, []engineapi.RuleResponse) {
-	// check if there is a policy exception matches the incoming resource
-	exception := engineutils.MatchesException(exceptions, policyContext, logger)
-	if exception != nil {
-		key, err := cache.MetaNamespaceKeyFunc(exception)
-		if err != nil {
-			logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
-			return resource, handlers.WithError(rule, engineapi.Mutation, "failed to compute exception key", err)
-		} else {
-			logger.V(3).Info("policy rule skipped due to policy exception", "exception", key)
-			return resource, handlers.WithResponses(
-				engineapi.RuleSkip(rule.Name, engineapi.Mutation, "rule skipped due to policy exception "+key).WithException(exception),
-			)
+	// check if there are policy exceptions that match the incoming resource
+	matchedExceptions := engineutils.MatchesException(exceptions, policyContext, logger)
+	if len(matchedExceptions) > 0 {
+		var keys []string
+		for i, exception := range matchedExceptions {
+			key, err := cache.MetaNamespaceKeyFunc(&matchedExceptions[i])
+			if err != nil {
+				logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
+				return resource, handlers.WithError(rule, engineapi.Mutation, "failed to compute exception key", err)
+			}
+			keys = append(keys, key)
 		}
+
+		logger.V(3).Info("policy rule is skipped due to policy exceptions", "exceptions", keys)
+		return resource, handlers.WithResponses(
+			engineapi.RuleSkip(rule.Name, engineapi.Mutation, "rule is skipped due to policy exceptions"+strings.Join(keys, ", ")).WithExceptions(matchedExceptions),
+		)
 	}
 
 	jsonContext := policyContext.JSONContext()
diff --git a/pkg/engine/handlers/mutation/mutate_resource.go b/pkg/engine/handlers/mutation/mutate_resource.go
index 6557a5d25b11..71ce7054d083 100644
--- a/pkg/engine/handlers/mutation/mutate_resource.go
+++ b/pkg/engine/handlers/mutation/mutate_resource.go
@@ -2,6 +2,7 @@ package mutation
 
 import (
 	"context"
+	"strings"
 
 	"github.com/go-logr/logr"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
@@ -30,19 +31,23 @@ func (h mutateResourceHandler) Process(
 	contextLoader engineapi.EngineContextLoader,
 	exceptions []*kyvernov2.PolicyException,
 ) (unstructured.Unstructured, []engineapi.RuleResponse) {
-	// check if there is a policy exception matches the incoming resource
-	exception := engineutils.MatchesException(exceptions, policyContext, logger)
-	if exception != nil {
-		key, err := cache.MetaNamespaceKeyFunc(exception)
-		if err != nil {
-			logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
-			return resource, handlers.WithError(rule, engineapi.Mutation, "failed to compute exception key", err)
-		} else {
-			logger.V(3).Info("policy rule skipped due to policy exception", "exception", key)
-			return resource, handlers.WithResponses(
-				engineapi.RuleSkip(rule.Name, engineapi.Mutation, "rule skipped due to policy exception "+key).WithException(exception),
-			)
+	// check if there are policy exceptions that match the incoming resource
+	matchedExceptions := engineutils.MatchesException(exceptions, policyContext, logger)
+	if len(matchedExceptions) > 0 {
+		var keys []string
+		for i, exception := range matchedExceptions {
+			key, err := cache.MetaNamespaceKeyFunc(&matchedExceptions[i])
+			if err != nil {
+				logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
+				return resource, handlers.WithError(rule, engineapi.Mutation, "failed to compute exception key", err)
+			}
+			keys = append(keys, key)
 		}
+
+		logger.V(3).Info("policy rule is skipped due to policy exceptions", "exceptions", keys)
+		return resource, handlers.WithResponses(
+			engineapi.RuleSkip(rule.Name, engineapi.Mutation, "rule is skipped due to policy exceptions"+strings.Join(keys, ", ")).WithExceptions(matchedExceptions),
+		)
 	}
 
 	_, subresource := policyContext.ResourceKind()
diff --git a/pkg/engine/handlers/validation/validate_cel.go b/pkg/engine/handlers/validation/validate_cel.go
index c5914233001f..d06ff604dc03 100644
--- a/pkg/engine/handlers/validation/validate_cel.go
+++ b/pkg/engine/handlers/validation/validate_cel.go
@@ -3,6 +3,7 @@ package validation
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	"github.com/go-logr/logr"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
@@ -47,19 +48,23 @@ func (h validateCELHandler) Process(
 	_ engineapi.EngineContextLoader,
 	exceptions []*kyvernov2.PolicyException,
 ) (unstructured.Unstructured, []engineapi.RuleResponse) {
-	// check if there is a policy exception matches the incoming resource
-	exception := engineutils.MatchesException(exceptions, policyContext, logger)
-	if exception != nil {
-		key, err := cache.MetaNamespaceKeyFunc(exception)
-		if err != nil {
-			logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
-			return resource, handlers.WithError(rule, engineapi.Validation, "failed to compute exception key", err)
-		} else {
-			logger.V(3).Info("policy rule skipped due to policy exception", "exception", key)
-			return resource, handlers.WithResponses(
-				engineapi.RuleSkip(rule.Name, engineapi.Validation, "rule skipped due to policy exception "+key).WithException(exception),
-			)
+	// check if there are policy exceptions that match the incoming resource
+	matchedExceptions := engineutils.MatchesException(exceptions, policyContext, logger)
+	if len(matchedExceptions) > 0 {
+		var keys []string
+		for i, exception := range matchedExceptions {
+			key, err := cache.MetaNamespaceKeyFunc(&matchedExceptions[i])
+			if err != nil {
+				logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
+				return resource, handlers.WithError(rule, engineapi.Validation, "failed to compute exception key", err)
+			}
+			keys = append(keys, key)
 		}
+
+		logger.V(3).Info("policy rule is skipped due to policy exceptions", "exceptions", keys)
+		return resource, handlers.WithResponses(
+			engineapi.RuleSkip(rule.Name, engineapi.Validation, "rule is skipped due to policy exceptions"+strings.Join(keys, ", ")).WithExceptions(matchedExceptions),
+		)
 	}
 
 	// check if a corresponding validating admission policy is generated
diff --git a/pkg/engine/handlers/validation/validate_image.go b/pkg/engine/handlers/validation/validate_image.go
index 15952c46b412..71829f85fccc 100644
--- a/pkg/engine/handlers/validation/validate_image.go
+++ b/pkg/engine/handlers/validation/validate_image.go
@@ -47,19 +47,23 @@ func (h validateImageHandler) Process(
 	_ engineapi.EngineContextLoader,
 	exceptions []*kyvernov2.PolicyException,
 ) (unstructured.Unstructured, []engineapi.RuleResponse) {
-	// check if there is a policy exception matches the incoming resource
-	exception := engineutils.MatchesException(exceptions, policyContext, logger)
-	if exception != nil {
-		key, err := cache.MetaNamespaceKeyFunc(exception)
-		if err != nil {
-			logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
-			return resource, handlers.WithError(rule, engineapi.ImageVerify, "failed to compute exception key", err)
-		} else {
-			logger.V(3).Info("policy rule skipped due to policy exception", "exception", key)
-			return resource, handlers.WithResponses(
-				engineapi.RuleSkip(rule.Name, engineapi.ImageVerify, "rule skipped due to policy exception "+key).WithException(exception),
-			)
+	// check if there are policy exceptions that match the incoming resource
+	matchedExceptions := engineutils.MatchesException(exceptions, policyContext, logger)
+	if len(matchedExceptions) > 0 {
+		var keys []string
+		for i, exception := range matchedExceptions {
+			key, err := cache.MetaNamespaceKeyFunc(&matchedExceptions[i])
+			if err != nil {
+				logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
+				return resource, handlers.WithError(rule, engineapi.Validation, "failed to compute exception key", err)
+			}
+			keys = append(keys, key)
 		}
+
+		logger.V(3).Info("policy rule is skipped due to policy exceptions", "exceptions", keys)
+		return resource, handlers.WithResponses(
+			engineapi.RuleSkip(rule.Name, engineapi.Validation, "rule is skipped due to policy exceptions"+strings.Join(keys, ", ")).WithExceptions(matchedExceptions),
+		)
 	}
 
 	skippedImages := make([]string, 0)
diff --git a/pkg/engine/handlers/validation/validate_manifest.go b/pkg/engine/handlers/validation/validate_manifest.go
index 054896787887..7924656f032d 100644
--- a/pkg/engine/handlers/validation/validate_manifest.go
+++ b/pkg/engine/handlers/validation/validate_manifest.go
@@ -59,19 +59,23 @@ func (h validateManifestHandler) Process(
 	_ engineapi.EngineContextLoader,
 	exceptions []*kyvernov2.PolicyException,
 ) (unstructured.Unstructured, []engineapi.RuleResponse) {
-	// check if there is a policy exception matches the incoming resource
-	exception := engineutils.MatchesException(exceptions, policyContext, logger)
-	if exception != nil {
-		key, err := cache.MetaNamespaceKeyFunc(exception)
-		if err != nil {
-			logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
-			return resource, handlers.WithError(rule, engineapi.Validation, "failed to compute exception key", err)
-		} else {
-			logger.V(3).Info("policy rule skipped due to policy exception", "exception", key)
-			return resource, handlers.WithResponses(
-				engineapi.RuleSkip(rule.Name, engineapi.Validation, "rule skipped due to policy exception "+key).WithException(exception),
-			)
+	// check if there are policy exceptions that match the incoming resource
+	matchedExceptions := engineutils.MatchesException(exceptions, policyContext, logger)
+	if len(matchedExceptions) > 0 {
+		var keys []string
+		for i, exception := range matchedExceptions {
+			key, err := cache.MetaNamespaceKeyFunc(&matchedExceptions[i])
+			if err != nil {
+				logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
+				return resource, handlers.WithError(rule, engineapi.Validation, "failed to compute exception key", err)
+			}
+			keys = append(keys, key)
 		}
+
+		logger.V(3).Info("policy rule is skipped due to policy exceptions", "exceptions", keys)
+		return resource, handlers.WithResponses(
+			engineapi.RuleSkip(rule.Name, engineapi.Validation, "rule is skipped due to policy exceptions"+strings.Join(keys, ", ")).WithExceptions(matchedExceptions),
+		)
 	}
 
 	// verify manifest
diff --git a/pkg/engine/handlers/validation/validate_pss.go b/pkg/engine/handlers/validation/validate_pss.go
index b6ae4519601d..58ada5aa8124 100644
--- a/pkg/engine/handlers/validation/validate_pss.go
+++ b/pkg/engine/handlers/validation/validate_pss.go
@@ -44,17 +44,29 @@ func (h validatePssHandler) Process(
 		return resource, nil
 	}
 
-	// check if there is a policy exception matches the incoming resource
-	exception := engineutils.MatchesException(exceptions, policyContext, logger)
-	if exception != nil && !exception.HasPodSecurity() {
-		key, err := cache.MetaNamespaceKeyFunc(exception)
-		if err != nil {
-			logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
-			return resource, handlers.WithError(rule, engineapi.Validation, "failed to compute exception key", err)
-		} else {
-			logger.V(3).Info("policy rule skipped due to policy exception", "exception", key)
+	// check if there are policy exceptions that match the incoming resource
+	matchedExceptions := engineutils.MatchesException(exceptions, policyContext, logger)
+	if len(matchedExceptions) > 0 {
+		var polex kyvernov2.PolicyException
+		hasPodSecurity := true
+
+		for i, exception := range matchedExceptions {
+			if !exception.HasPodSecurity() {
+				hasPodSecurity = false
+				polex = matchedExceptions[i]
+				break
+			}
+		}
+
+		if !hasPodSecurity {
+			key, err := cache.MetaNamespaceKeyFunc(&polex)
+			if err != nil {
+				logger.Error(err, "failed to compute policy exception key", "namespace", polex.GetNamespace(), "name", polex.GetName())
+				return resource, handlers.WithError(rule, engineapi.Validation, "failed to compute exception key", err)
+			}
+			logger.V(3).Info("policy rule is skipped due to policy exception", "exception", key)
 			return resource, handlers.WithResponses(
-				engineapi.RuleSkip(rule.Name, engineapi.Validation, "rule skipped due to policy exception "+key).WithException(exception),
+				engineapi.RuleSkip(rule.Name, engineapi.Validation, "rule is skipped due to policy exception "+key).WithExceptions([]kyvernov2.PolicyException{polex}),
 			)
 		}
 	}
@@ -91,21 +103,25 @@ func (h validatePssHandler) Process(
 		)
 	} else {
 		// apply pod security exceptions if exist
-		if exception != nil && exception.HasPodSecurity() {
-			pssChecks, err = pss.ApplyPodSecurityExclusion(levelVersion, exception.Spec.PodSecurity, pssChecks, pod)
-			if len(pssChecks) == 0 && err == nil {
-				key, err := cache.MetaNamespaceKeyFunc(exception)
-				if err != nil {
-					logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
-					return resource, handlers.WithError(rule, engineapi.Validation, "failed to compute exception key", err)
-				} else {
-					podSecurityChecks.Checks = pssChecks
-					logger.V(3).Info("policy rule skipped due to policy exception", "exception", key)
-					return resource, handlers.WithResponses(
-						engineapi.RuleSkip(rule.Name, engineapi.Validation, "rule skipped due to policy exception "+key).WithException(exception).WithPodSecurityChecks(podSecurityChecks),
-					)
-				}
+		var excludes []kyvernov1.PodSecurityStandard
+		var keys []string
+		for i, exception := range matchedExceptions {
+			key, err := cache.MetaNamespaceKeyFunc(&matchedExceptions[i])
+			if err != nil {
+				logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
+				return resource, handlers.WithError(rule, engineapi.Validation, "failed to compute exception key", err)
 			}
+			keys = append(keys, key)
+			excludes = append(excludes, exception.Spec.PodSecurity...)
+		}
+
+		pssChecks, err = pss.ApplyPodSecurityExclusion(levelVersion, excludes, pssChecks, pod)
+		if len(pssChecks) == 0 && err == nil {
+			podSecurityChecks.Checks = pssChecks
+			logger.V(3).Info("policy rule is skipped due to policy exceptions", "exceptions", keys)
+			return resource, handlers.WithResponses(
+				engineapi.RuleSkip(rule.Name, engineapi.Validation, "rule is skipped due to policy exceptions "+strings.Join(keys, ", ")).WithExceptions(matchedExceptions).WithPodSecurityChecks(podSecurityChecks),
+			)
 		}
 		msg := fmt.Sprintf(`Validation rule '%s' failed. It violates PodSecurity "%s:%s": %s`, rule.Name, podSecurity.Level, podSecurity.Version, pss.FormatChecksPrint(pssChecks))
 		return resource, handlers.WithResponses(
diff --git a/pkg/engine/handlers/validation/validate_resource.go b/pkg/engine/handlers/validation/validate_resource.go
index 2d2089c6add2..bcb5299c91f8 100644
--- a/pkg/engine/handlers/validation/validate_resource.go
+++ b/pkg/engine/handlers/validation/validate_resource.go
@@ -16,7 +16,6 @@ import (
 	engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
 	"github.com/kyverno/kyverno/pkg/engine/validate"
 	"github.com/kyverno/kyverno/pkg/engine/variables"
-	"github.com/kyverno/kyverno/pkg/utils/api"
 	datautils "github.com/kyverno/kyverno/pkg/utils/data"
 	stringutils "github.com/kyverno/kyverno/pkg/utils/strings"
 	"github.com/pkg/errors"
@@ -40,19 +39,23 @@ func (h validateResourceHandler) Process(
 	contextLoader engineapi.EngineContextLoader,
 	exceptions []*kyvernov2.PolicyException,
 ) (unstructured.Unstructured, []engineapi.RuleResponse) {
-	// check if there is a policy exception matches the incoming resource
-	exception := engineutils.MatchesException(exceptions, policyContext, logger)
-	if exception != nil {
-		key, err := cache.MetaNamespaceKeyFunc(exception)
-		if err != nil {
-			logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
-			return resource, handlers.WithError(rule, engineapi.Validation, "failed to compute exception key", err)
-		} else {
-			logger.V(3).Info("policy rule skipped due to policy exception", "exception", key)
-			return resource, handlers.WithResponses(
-				engineapi.RuleSkip(rule.Name, engineapi.Validation, "rule skipped due to policy exception "+key).WithException(exception),
-			)
+	// check if there are policy exceptions that match the incoming resource
+	matchedExceptions := engineutils.MatchesException(exceptions, policyContext, logger)
+	if len(matchedExceptions) > 0 {
+		var keys []string
+		for i, exception := range matchedExceptions {
+			key, err := cache.MetaNamespaceKeyFunc(&matchedExceptions[i])
+			if err != nil {
+				logger.Error(err, "failed to compute policy exception key", "namespace", exception.GetNamespace(), "name", exception.GetName())
+				return resource, handlers.WithError(rule, engineapi.Validation, "failed to compute exception key", err)
+			}
+			keys = append(keys, key)
 		}
+
+		logger.V(3).Info("policy rule is skipped due to policy exceptions", "exceptions", keys)
+		return resource, handlers.WithResponses(
+			engineapi.RuleSkip(rule.Name, engineapi.Validation, "rule is skipped due to policy exceptions"+strings.Join(keys, ", ")).WithExceptions(matchedExceptions),
+		)
 	}
 	v := newValidator(logger, contextLoader, policyContext, rule)
 	return resource, handlers.WithResponses(v.validate(ctx))
@@ -99,9 +102,12 @@ func newForEachValidator(
 	if err != nil {
 		return nil, fmt.Errorf("failed to convert ruleCopy.Validation.ForEachValidation.AnyAllConditions: %w", err)
 	}
-	nestedForEach, err := api.DeserializeJSONArray[kyvernov1.ForEachValidation](foreach.ForEachValidation)
-	if err != nil {
-		return nil, fmt.Errorf("failed to convert ruleCopy.Validation.ForEachValidation.AnyAllConditions: %w", err)
+	var loopItems []kyvernov1.ForEachValidation
+	fev := foreach.GetForEachValidation()
+	if len(fev) > 0 {
+		loopItems = fev
+	} else {
+		loopItems = make([]kyvernov1.ForEachValidation, 0)
 	}
 	return &validator{
 		log:              log,
@@ -113,7 +119,7 @@ func newForEachValidator(
 		pattern:          foreach.GetPattern(),
 		anyPattern:       foreach.GetAnyPattern(),
 		deny:             foreach.Deny,
-		forEach:          nestedForEach,
+		forEach:          loopItems,
 		nesting:          nesting,
 	}, nil
 }
diff --git a/pkg/engine/jsonutils/convert.go b/pkg/engine/jsonutils/convert.go
index 6b38dfc77679..64b9d6d1f55c 100644
--- a/pkg/engine/jsonutils/convert.go
+++ b/pkg/engine/jsonutils/convert.go
@@ -7,6 +7,11 @@ var json = jsoniter.ConfigCompatibleWithStandardLibrary
 // DocumentToUntyped converts a typed object to JSON data
 // i.e. string, []interface{}, map[string]interface{}
 func DocumentToUntyped(doc interface{}) (interface{}, error) {
+	switch doc.(type) {
+	case string, []any, map[string]any:
+		return doc, nil
+	}
+
 	jsonDoc, err := json.Marshal(doc)
 	if err != nil {
 		return nil, err
diff --git a/pkg/engine/mutation.go b/pkg/engine/mutation.go
index d84e2a50edc0..c4d70769f30a 100644
--- a/pkg/engine/mutation.go
+++ b/pkg/engine/mutation.go
@@ -2,6 +2,7 @@ package engine
 
 import (
 	"context"
+	"fmt"
 	"time"
 
 	"github.com/go-logr/logr"
@@ -36,6 +37,9 @@ func (e *engine) mutate(
 				return nil, nil
 			}
 			if !policyContext.AdmissionOperation() && rule.HasMutateExisting() {
+				if e.client == nil {
+					return nil, fmt.Errorf("Handler factory requires a client but a nil client was passed, likely due to a bug or unsupported operation.")
+				}
 				return mutation.NewMutateExistingHandler(e.client)
 			}
 			return mutation.NewMutateResourceHandler()
diff --git a/pkg/engine/utils/exceptions.go b/pkg/engine/utils/exceptions.go
index 18c2a62bf74d..d65f6c2ce7bd 100644
--- a/pkg/engine/utils/exceptions.go
+++ b/pkg/engine/utils/exceptions.go
@@ -15,7 +15,8 @@ import (
 
 // MatchesException takes a list of exceptions and checks if there is an exception applies to the incoming resource.
 // It returns the matched policy exception.
-func MatchesException(polexs []*kyvernov2.PolicyException, policyContext engineapi.PolicyContext, logger logr.Logger) *kyvernov2.PolicyException {
+func MatchesException(polexs []*kyvernov2.PolicyException, policyContext engineapi.PolicyContext, logger logr.Logger) []kyvernov2.PolicyException {
+	var matchedExceptions []kyvernov2.PolicyException
 	gvk, subresource := policyContext.ResourceKind()
 	resource := policyContext.NewResource()
 	if resource.Object == nil {
@@ -40,10 +41,10 @@ func MatchesException(polexs []*kyvernov2.PolicyException, policyContext enginea
 					continue
 				}
 			}
-			return polex
+			matchedExceptions = append(matchedExceptions, *polex)
 		}
 	}
-	return nil
+	return matchedExceptions
 }
 
 func checkMatchesResources(
diff --git a/pkg/event/controller.go b/pkg/event/controller.go
index 0b71ff8de1a2..18a085185065 100644
--- a/pkg/event/controller.go
+++ b/pkg/event/controller.go
@@ -175,6 +175,10 @@ func (gen *controller) emitEvent(key Info) {
 	if namespace == "" {
 		namespace = metav1.NamespaceDefault
 	}
+	message := key.Message
+	if len(message) > 1024 {
+		message = message[0:1021] + "..."
+	}
 	event := &eventsv1.Event{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      fmt.Sprintf("%v.%x", refRegarding.Name, t.UnixNano()),
@@ -188,7 +192,7 @@ func (gen *controller) emitEvent(key Info) {
 		Reason:              string(key.Reason),
 		Regarding:           *refRegarding,
 		Related:             refRelated,
-		Note:                key.Message,
+		Note:                message,
 		Type:                eventType,
 	}
 
diff --git a/pkg/event/events.go b/pkg/event/events.go
index d4de317fdc51..2251f5d59d6c 100644
--- a/pkg/event/events.go
+++ b/pkg/event/events.go
@@ -58,13 +58,7 @@ func buildPolicyEventMessage(resp engineapi.RuleResponse, resource engineapi.Res
 	if resp.Message() != "" {
 		fmt.Fprintf(&b, "; %s", resp.Message())
 	}
-
-	msg := b.String()
-	if len(msg) > 1024 {
-		msg = msg[0:1021] + "..."
-	}
-
-	return msg
+	return b.String()
 }
 
 func NewPolicyAppliedEvent(source Source, engineResponse engineapi.EngineResponse) Info {
@@ -228,16 +222,51 @@ func NewBackgroundSuccessEvent(source Source, policy kyvernov1.PolicyInterface,
 }
 
 func NewPolicyExceptionEvents(engineResponse engineapi.EngineResponse, ruleResp engineapi.RuleResponse, source Source) []Info {
-	exception := ruleResp.Exception()
-	exceptionName, exceptionNamespace := exception.GetName(), exception.GetNamespace()
-	policyMessage := fmt.Sprintf("resource %s was skipped from rule %s due to policy exception %s/%s", resourceKey(engineResponse.PatchedResource), ruleResp.Name(), exceptionNamespace, exceptionName)
-	pol := engineResponse.Policy().AsKyvernoPolicy()
 	var exceptionMessage string
+	exceptions := ruleResp.Exceptions()
+	exceptionNames := make([]string, 0, len(exceptions))
+	events := make([]Info, 0, len(exceptions))
+
+	// build the events of the policy exceptions
+	pol := engineResponse.Policy().AsKyvernoPolicy()
 	if pol.GetNamespace() == "" {
 		exceptionMessage = fmt.Sprintf("resource %s was skipped from policy rule %s/%s", resourceKey(engineResponse.PatchedResource), pol.GetName(), ruleResp.Name())
 	} else {
 		exceptionMessage = fmt.Sprintf("resource %s was skipped from policy rule %s/%s/%s", resourceKey(engineResponse.PatchedResource), pol.GetNamespace(), pol.GetName(), ruleResp.Name())
 	}
+
+	related := engineResponse.GetResourceSpec()
+	for _, exception := range exceptions {
+		ns := exception.GetNamespace()
+		name := exception.GetName()
+		exceptionNames = append(exceptionNames, ns+"/"+name)
+
+		exceptionEvent := Info{
+			Regarding: corev1.ObjectReference{
+				// TODO: iirc it's not safe to assume api version is set
+				APIVersion: "kyverno.io/v2",
+				Kind:       "PolicyException",
+				Name:       name,
+				Namespace:  ns,
+				UID:        exception.GetUID(),
+			},
+			Related: &corev1.ObjectReference{
+				APIVersion: related.APIVersion,
+				Kind:       related.Kind,
+				Name:       related.Name,
+				Namespace:  related.Namespace,
+				UID:        types.UID(related.UID),
+			},
+			Reason:  PolicySkipped,
+			Message: exceptionMessage,
+			Source:  source,
+			Action:  ResourcePassed,
+		}
+		events = append(events, exceptionEvent)
+	}
+
+	// build the policy events
+	policyMessage := fmt.Sprintf("resource %s was skipped from rule %s due to policy exceptions %s", resourceKey(engineResponse.PatchedResource), ruleResp.Name(), strings.Join(exceptionNames, ", "))
 	regarding := corev1.ObjectReference{
 		// TODO: iirc it's not safe to assume api version is set
 		APIVersion: "kyverno.io/v1",
@@ -246,7 +275,6 @@ func NewPolicyExceptionEvents(engineResponse engineapi.EngineResponse, ruleResp
 		Namespace:  pol.GetNamespace(),
 		UID:        pol.GetUID(),
 	}
-	related := engineResponse.GetResourceSpec()
 	policyEvent := Info{
 		Regarding: regarding,
 		Related: &corev1.ObjectReference{
@@ -261,28 +289,8 @@ func NewPolicyExceptionEvents(engineResponse engineapi.EngineResponse, ruleResp
 		Source:  source,
 		Action:  ResourcePassed,
 	}
-	exceptionEvent := Info{
-		Regarding: corev1.ObjectReference{
-			// TODO: iirc it's not safe to assume api version is set
-			APIVersion: "kyverno.io/v2",
-			Kind:       "PolicyException",
-			Name:       exceptionName,
-			Namespace:  exceptionNamespace,
-			UID:        exception.GetUID(),
-		},
-		Related: &corev1.ObjectReference{
-			APIVersion: related.APIVersion,
-			Kind:       related.Kind,
-			Name:       related.Name,
-			Namespace:  related.Namespace,
-			UID:        types.UID(related.UID),
-		},
-		Reason:  PolicySkipped,
-		Message: exceptionMessage,
-		Source:  source,
-		Action:  ResourcePassed,
-	}
-	return []Info{policyEvent, exceptionEvent}
+	events = append(events, policyEvent)
+	return events
 }
 
 func NewCleanupPolicyEvent(policy kyvernov2.CleanupPolicyInterface, resource unstructured.Unstructured, err error) Info {
diff --git a/pkg/event/events_test.go b/pkg/event/events_test.go
deleted file mode 100644
index 94ac657410fb..000000000000
--- a/pkg/event/events_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package event
-
-import (
-	"testing"
-
-	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
-	"gotest.tools/assert"
-)
-
-func TestMessageLength(t *testing.T) {
-	msg := "policy psa/baseline fail: Validation rule 'baseline' failed. It violates PodSecurity \"restricted:latest\": (Forbidden reason: allowPrivilegeEscalation != false, field error list: [spec.containers[0].securityContext.allowPrivilegeEscalation is forbidden, forbidden values found: nil])(Forbidden reason: unrestricted capabilities, field error list: [spec.containers[0].securityContext.capabilities.drop: Required value])(Forbidden reason: host namespaces, field error list: [spec.hostNetwork is forbidden, forbidden values found: true])(Forbidden reason: hostPath volumes, field error list: [spec.volumes[1].hostPath is forbidden, forbidden values found: /run/xtables.lock, spec.volumes[2].hostPath is forbidden, forbidden values found: /lib/modules])(Forbidden reason: privileged, field error list: [spec.containers[0].securityContext.privileged is forbidden, forbidden values found: true])(Forbidden reason: restricted volume types, field error list: [spec.volumes[1].hostPath: Forbidden, spec.volumes[2].hostPath: Forbidden])(Forbidden reason: runAsNonRoot != true, field error list: [spec.containers[0].securityContext.runAsNonRoot: Required value])(Forbidden reason: seccompProfile, field error list: [spec.containers[0].securityContext.seccompProfile.type: Required value])"
-	assert.Assert(t, len(msg) > 1024)
-
-	resp := engineapi.NewRuleResponse("podSecurity", engineapi.Validation, msg, engineapi.RuleStatusFail)
-
-	resource := &engineapi.ResourceSpec{
-		Kind:       "Pod",
-		APIVersion: "v1",
-		Namespace:  "default",
-		UID:        "9005aec3-f779-4d19-985b-3ff51a695cca",
-	}
-
-	eventMsg := buildPolicyEventMessage(*resp, *resource, true)
-	assert.Equal(t, 1024, len(eventMsg))
-}
diff --git a/pkg/logging/log.go b/pkg/logging/log.go
index f79f491f1318..9a7c18fe561d 100644
--- a/pkg/logging/log.go
+++ b/pkg/logging/log.go
@@ -59,8 +59,10 @@ func Setup(logFormat string, loggingTimestampFormat string, level int) error {
 	switch logFormat {
 	case TextFormat:
 		zc = zap.NewDevelopmentConfig()
+		zc.EncoderConfig.EncodeLevel = zapLevelEncoderText
 	case JSONFormat:
 		zc = zap.NewProductionConfig()
+		zc.EncoderConfig.EncodeLevel = zapLevelEncoderJson
 	default:
 		return errors.New("log format not recognized, pass `text` for text mode or `json` to enable JSON logging")
 	}
@@ -186,3 +188,21 @@ func (a *writerAdapter) Write(p []byte) (int, error) {
 func StdLogger(logger logr.Logger, prefix string) *stdlog.Logger {
 	return stdlog.New(&writerAdapter{logger: logger}, prefix, stdlog.LstdFlags)
 }
+
+func zapLevelEncoderText(l zapcore.Level, enc zapcore.PrimitiveArrayEncoder) {
+	enc.AppendString(zapLevelToString(l))
+}
+
+func zapLevelEncoderJson(l zapcore.Level, enc zapcore.PrimitiveArrayEncoder) {
+	enc.AppendString(strings.ToLower(zapLevelToString(l)))
+}
+
+func zapLevelToString(zapLevel zapcore.Level) string {
+	if zapLevel <= 0 && zapLevel >= -2 {
+		return "INFO"
+	} else if zapLevel <= -3 {
+		return "DEBUG"
+	} else {
+		return zapLevel.CapitalString()
+	}
+}
diff --git a/pkg/policy/mutate/validate.go b/pkg/policy/mutate/validate.go
index 320916f19606..4d7f221a29f6 100644
--- a/pkg/policy/mutate/validate.go
+++ b/pkg/policy/mutate/validate.go
@@ -8,10 +8,8 @@ import (
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/engine/variables/regex"
 	"github.com/kyverno/kyverno/pkg/policy/auth"
-	"github.com/kyverno/kyverno/pkg/utils/api"
 	kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
 	"go.uber.org/multierr"
-	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 )
 
 // Mutate provides implementation to validate 'mutate' rule
@@ -55,12 +53,13 @@ func (m *Mutate) Validate(ctx context.Context) (string, error) {
 func (m *Mutate) validateForEach(tag string, foreach []kyvernov1.ForEachMutation) (string, error) {
 	for i, fe := range foreach {
 		tag = tag + fmt.Sprintf("foreach[%d]", i)
-		if fe.ForEachMutation != nil {
+		fem := fe.GetForEachMutation()
+		if len(fem) > 0 {
 			if fe.Context != nil || fe.AnyAllConditions != nil || fe.PatchesJSON6902 != "" || fe.RawPatchStrategicMerge != nil {
 				return tag, fmt.Errorf("a nested foreach cannot contain other declarations")
 			}
 
-			return m.validateNestedForEach(tag, fe.ForEachMutation)
+			return m.validateNestedForEach(tag, fem)
 		}
 
 		psm := fe.GetPatchStrategicMerge()
@@ -72,13 +71,12 @@ func (m *Mutate) validateForEach(tag string, foreach []kyvernov1.ForEachMutation
 	return "", nil
 }
 
-func (m *Mutate) validateNestedForEach(tag string, j *v1.JSON) (string, error) {
-	nestedForeach, err := api.DeserializeJSONArray[kyvernov1.ForEachMutation](j)
-	if err != nil {
-		return tag, fmt.Errorf("invalid foreach syntax: %w", err)
+func (m *Mutate) validateNestedForEach(tag string, j []kyvernov1.ForEachMutation) (string, error) {
+	if j != nil {
+		return m.validateForEach(tag, j)
 	}
 
-	return m.validateForEach(tag, nestedForeach)
+	return "", nil
 }
 
 func (m *Mutate) hasForEach() bool {
diff --git a/pkg/policy/validate/validate.go b/pkg/policy/validate/validate.go
index fa0a079fc2dd..49e6282df3d3 100644
--- a/pkg/policy/validate/validate.go
+++ b/pkg/policy/validate/validate.go
@@ -204,7 +204,7 @@ func foreachElemCount(foreach kyvernov1.ForEachValidation) int {
 		count++
 	}
 
-	if foreach.ForEachValidation != nil {
+	if foreach.GetForEachValidation() != nil && len(foreach.GetForEachValidation()) > 0 {
 		count++
 	}
 
diff --git a/pkg/pss/evaluate_test.go b/pkg/pss/evaluate_test.go
index f0d3770971e1..f2d266081029 100644
--- a/pkg/pss/evaluate_test.go
+++ b/pkg/pss/evaluate_test.go
@@ -7408,7 +7408,7 @@ var restricted_runAsNonRoot = []testCase{
 				]
 			}
 		}`),
-		allowed: true,
+		allowed: false,
 	},
 	{
 		name: "restricted_runAsNonRoot_defines_all_violate_spec_true_container_true_spec_level_allowed_positive",
diff --git a/pkg/utils/api/json.go b/pkg/utils/api/json.go
index 3f3d3f9703ed..9fdc9fa6c7a5 100644
--- a/pkg/utils/api/json.go
+++ b/pkg/utils/api/json.go
@@ -8,22 +8,6 @@ import (
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
 )
 
-// Deserialize "apiextensions.JSON" to a typed array
-func DeserializeJSONArray[T any](in apiextensions.JSON) ([]T, error) {
-	if in == nil {
-		return nil, nil
-	}
-	data, err := json.Marshal(in)
-	if err != nil {
-		return nil, err
-	}
-	var res []T
-	if err := json.Unmarshal(data, &res); err != nil {
-		return nil, err
-	}
-	return res, nil
-}
-
 // ApiextensionsJsonToKyvernoConditions takes in user-provided conditions in abstract apiextensions.JSON form
 // and converts it into []kyverno.Condition or kyverno.AnyAllConditions according to its content.
 // it also helps in validating the condtions as it returns an error when the conditions are provided wrongfully by the user.
diff --git a/pkg/utils/report/results.go b/pkg/utils/report/results.go
index f7d680e2f5fa..2772565d83cf 100644
--- a/pkg/utils/report/results.go
+++ b/pkg/utils/report/results.go
@@ -110,8 +110,13 @@ func ToPolicyReportResult(policyType engineapi.PolicyType, policyName string, ru
 			*resource,
 		}
 	}
-	if ruleResult.Exception() != nil {
-		addProperty("exception", ruleResult.Exception().Name, &result)
+	exceptions := ruleResult.Exceptions()
+	if len(exceptions) > 0 {
+		var names []string
+		for _, exception := range exceptions {
+			names = append(names, exception.Name)
+		}
+		addProperty("exceptions", strings.Join(names, ","), &result)
 	}
 	pss := ruleResult.PodSecurityChecks()
 	if pss != nil && len(pss.Checks) > 0 {
diff --git a/pkg/validatingadmissionpolicy/builder.go b/pkg/validatingadmissionpolicy/builder.go
index 9a1619680929..8ae2e5b4c4c1 100644
--- a/pkg/validatingadmissionpolicy/builder.go
+++ b/pkg/validatingadmissionpolicy/builder.go
@@ -14,7 +14,11 @@ import (
 )
 
 // BuildValidatingAdmissionPolicy is used to build a Kubernetes ValidatingAdmissionPolicy from a Kyverno policy
-func BuildValidatingAdmissionPolicy(discoveryClient dclient.IDiscovery, vap *admissionregistrationv1alpha1.ValidatingAdmissionPolicy, cpol kyvernov1.PolicyInterface) error {
+func BuildValidatingAdmissionPolicy(
+	discoveryClient dclient.IDiscovery,
+	vap *admissionregistrationv1alpha1.ValidatingAdmissionPolicy,
+	cpol kyvernov1.PolicyInterface,
+) error {
 	// set owner reference
 	vap.OwnerReferences = []metav1.OwnerReference{
 		{
@@ -25,30 +29,51 @@ func BuildValidatingAdmissionPolicy(discoveryClient dclient.IDiscovery, vap *adm
 		},
 	}
 
-	// construct validating admission policy resource rules
+	// construct the rules
 	var matchResources admissionregistrationv1alpha1.MatchResources
-	var matchRules []admissionregistrationv1alpha1.NamedRuleWithOperations
+	var matchRules, excludeRules []admissionregistrationv1alpha1.NamedRuleWithOperations
 
 	rule := cpol.GetSpec().Rules[0]
+
+	// convert the match block
 	match := rule.MatchResources
 	if !match.ResourceDescription.IsEmpty() {
-		if err := translateResource(discoveryClient, &matchResources, &matchRules, match.ResourceDescription); err != nil {
+		if err := translateResource(discoveryClient, &matchResources, &matchRules, match.ResourceDescription, true); err != nil {
 			return err
 		}
 	}
 
 	if match.Any != nil {
-		if err := translateResourceFilters(discoveryClient, &matchResources, &matchRules, match.Any); err != nil {
+		if err := translateResourceFilters(discoveryClient, &matchResources, &matchRules, match.Any, true); err != nil {
 			return err
 		}
 	}
 	if match.All != nil {
-		if err := translateResourceFilters(discoveryClient, &matchResources, &matchRules, match.All); err != nil {
+		if err := translateResourceFilters(discoveryClient, &matchResources, &matchRules, match.All, true); err != nil {
+			return err
+		}
+	}
+
+	// convert the exclude block
+	exclude := rule.ExcludeResources
+	if !exclude.ResourceDescription.IsEmpty() {
+		if err := translateResource(discoveryClient, &matchResources, &excludeRules, exclude.ResourceDescription, false); err != nil {
+			return err
+		}
+	}
+
+	if exclude.Any != nil {
+		if err := translateResourceFilters(discoveryClient, &matchResources, &excludeRules, exclude.Any, false); err != nil {
+			return err
+		}
+	}
+	if exclude.All != nil {
+		if err := translateResourceFilters(discoveryClient, &matchResources, &excludeRules, exclude.All, false); err != nil {
 			return err
 		}
 	}
 
-	// set validating admission policy spec
+	// set policy spec
 	vap.Spec = admissionregistrationv1alpha1.ValidatingAdmissionPolicySpec{
 		MatchConstraints: &matchResources,
 		ParamKind:        rule.Validation.CEL.ParamKind,
@@ -64,7 +89,10 @@ func BuildValidatingAdmissionPolicy(discoveryClient dclient.IDiscovery, vap *adm
 }
 
 // BuildValidatingAdmissionPolicyBinding is used to build a Kubernetes ValidatingAdmissionPolicyBinding from a Kyverno policy
-func BuildValidatingAdmissionPolicyBinding(vapbinding *admissionregistrationv1alpha1.ValidatingAdmissionPolicyBinding, cpol kyvernov1.PolicyInterface) error {
+func BuildValidatingAdmissionPolicyBinding(
+	vapbinding *admissionregistrationv1alpha1.ValidatingAdmissionPolicyBinding,
+	cpol kyvernov1.PolicyInterface,
+) error {
 	// set owner reference
 	vapbinding.OwnerReferences = []metav1.OwnerReference{
 		{
@@ -98,9 +126,14 @@ func BuildValidatingAdmissionPolicyBinding(vapbinding *admissionregistrationv1al
 	return nil
 }
 
-func translateResourceFilters(discoveryClient dclient.IDiscovery, matchResources *admissionregistrationv1alpha1.MatchResources, rules *[]admissionregistrationv1alpha1.NamedRuleWithOperations, resFilters kyvernov1.ResourceFilters) error {
+func translateResourceFilters(discoveryClient dclient.IDiscovery,
+	matchResources *admissionregistrationv1alpha1.MatchResources,
+	rules *[]admissionregistrationv1alpha1.NamedRuleWithOperations,
+	resFilters kyvernov1.ResourceFilters,
+	isMatch bool,
+) error {
 	for _, filter := range resFilters {
-		err := translateResource(discoveryClient, matchResources, rules, filter.ResourceDescription)
+		err := translateResource(discoveryClient, matchResources, rules, filter.ResourceDescription, isMatch)
 		if err != nil {
 			return err
 		}
@@ -108,32 +141,47 @@ func translateResourceFilters(discoveryClient dclient.IDiscovery, matchResources
 	return nil
 }
 
-func translateResource(discoveryClient dclient.IDiscovery, matchResources *admissionregistrationv1alpha1.MatchResources, rules *[]admissionregistrationv1alpha1.NamedRuleWithOperations, res kyvernov1.ResourceDescription) error {
-	err := constructValidatingAdmissionPolicyRules(discoveryClient, rules, res)
+func translateResource(
+	discoveryClient dclient.IDiscovery,
+	matchResources *admissionregistrationv1alpha1.MatchResources,
+	rules *[]admissionregistrationv1alpha1.NamedRuleWithOperations,
+	res kyvernov1.ResourceDescription,
+	isMatch bool,
+) error {
+	err := constructValidatingAdmissionPolicyRules(discoveryClient, rules, res, isMatch)
 	if err != nil {
 		return err
 	}
 
-	matchResources.ResourceRules = *rules
-	if len(res.Namespaces) > 0 {
-		namespaceSelector := &metav1.LabelSelector{
-			MatchExpressions: []metav1.LabelSelectorRequirement{
-				{
-					Key:      "kubernetes.io/metadata.name",
-					Operator: "In",
-					Values:   res.Namespaces,
+	if isMatch {
+		matchResources.ResourceRules = *rules
+		if len(res.Namespaces) > 0 {
+			namespaceSelector := &metav1.LabelSelector{
+				MatchExpressions: []metav1.LabelSelectorRequirement{
+					{
+						Key:      "kubernetes.io/metadata.name",
+						Operator: "In",
+						Values:   res.Namespaces,
+					},
 				},
-			},
+			}
+			matchResources.NamespaceSelector = namespaceSelector
+		} else {
+			matchResources.NamespaceSelector = res.NamespaceSelector
 		}
-		matchResources.NamespaceSelector = namespaceSelector
+		matchResources.ObjectSelector = res.Selector
 	} else {
-		matchResources.NamespaceSelector = res.NamespaceSelector
+		matchResources.ExcludeResourceRules = *rules
 	}
-	matchResources.ObjectSelector = res.Selector
 	return nil
 }
 
-func constructValidatingAdmissionPolicyRules(discoveryClient dclient.IDiscovery, rules *[]admissionregistrationv1alpha1.NamedRuleWithOperations, res kyvernov1.ResourceDescription) error {
+func constructValidatingAdmissionPolicyRules(
+	discoveryClient dclient.IDiscovery,
+	rules *[]admissionregistrationv1alpha1.NamedRuleWithOperations,
+	res kyvernov1.ResourceDescription,
+	isMatch bool,
+) error {
 	// translate operations to their corresponding values in validating admission policy.
 	ops := translateOperations(res.GetOperations())
 
@@ -191,6 +239,22 @@ func constructValidatingAdmissionPolicyRules(discoveryClient dclient.IDiscovery,
 			}
 		}
 	}
+
+	// if exclude block has namespaces but no kinds, we need to add a rule for the namespaces
+	if !isMatch && len(res.Namespaces) > 0 && len(res.Kinds) == 0 {
+		r := admissionregistrationv1alpha1.NamedRuleWithOperations{
+			ResourceNames: res.Namespaces,
+			RuleWithOperations: admissionregistrationv1.RuleWithOperations{
+				Rule: admissionregistrationv1.Rule{
+					Resources:   []string{"namespaces"},
+					APIGroups:   []string{""},
+					APIVersions: []string{"v1"},
+				},
+				Operations: ops,
+			},
+		}
+		*rules = append(*rules, r)
+	}
 	return nil
 }
 
@@ -227,7 +291,7 @@ func translateOperations(operations []string) []admissionregistrationv1.Operatio
 		}
 	}
 
-	// set default values for operations since it's a required field in validating admission policies
+	// set default values for operations since it's a required field in ValidatingAdmissionPolicies
 	if len(vapOperations) == 0 {
 		vapOperations = append(vapOperations, admissionregistrationv1.Create)
 		vapOperations = append(vapOperations, admissionregistrationv1.Update)
diff --git a/pkg/validatingadmissionpolicy/kyvernopolicy_checker.go b/pkg/validatingadmissionpolicy/kyvernopolicy_checker.go
index 4d482c34ce0c..cbaa38eb3bbd 100644
--- a/pkg/validatingadmissionpolicy/kyvernopolicy_checker.go
+++ b/pkg/validatingadmissionpolicy/kyvernopolicy_checker.go
@@ -8,14 +8,12 @@ import (
 // CanGenerateVAP check if Kyverno policy can be translated to a Kubernetes ValidatingAdmissionPolicy
 func CanGenerateVAP(spec *kyvernov1.Spec) (bool, string) {
 	var msg string
-	if len(spec.Rules) > 1 {
-		msg = "skip generating ValidatingAdmissionPolicy: multiple rules are not applicable."
+	if ok, msg := checkRuleCount(spec); !ok {
 		return false, msg
 	}
 
 	rule := spec.Rules[0]
-	if !rule.HasValidateCEL() {
-		msg = "skip generating ValidatingAdmissionPolicy for non CEL rules."
+	if ok, msg := checkRuleType(rule); !ok {
 		return false, msg
 	}
 
@@ -32,65 +30,74 @@ func CanGenerateVAP(spec *kyvernov1.Spec) (bool, string) {
 
 	// check the matched/excluded resources of the CEL rule.
 	match, exclude := rule.MatchResources, rule.ExcludeResources
-	if !exclude.UserInfo.IsEmpty() || !exclude.ResourceDescription.IsEmpty() || exclude.All != nil || exclude.Any != nil {
-		msg = "skip generating ValidatingAdmissionPolicy: Exclude is not applicable."
+	if ok, msg := checkUserInfo(match.UserInfo); !ok {
 		return false, msg
 	}
-	if ok, msg := checkUserInfo(match.UserInfo); !ok {
+	if ok, msg := checkUserInfo(exclude.UserInfo); !ok {
 		return false, msg
 	}
-	if ok, msg := checkResources(match.ResourceDescription); !ok {
+
+	if ok, msg := checkResources(match.ResourceDescription, true); !ok {
+		return false, msg
+	}
+	if ok, msg := checkResources(exclude.ResourceDescription, false); !ok {
 		return false, msg
 	}
 
-	var (
-		containsNamespaceSelector = false
-		containsObjectSelector    = false
-	)
+	if ok, msg := checkResourceFilter(match.Any, true); !ok {
+		return false, msg
+	}
 
-	// since 'any' specify resources which will be ORed, it can be converted into multiple NamedRuleWithOperations in ValidatingAdmissionPolicy
-	for _, value := range match.Any {
-		if ok, msg := checkUserInfo(value.UserInfo); !ok {
-			return false, msg
-		}
-		if ok, msg := checkResources(value.ResourceDescription); !ok {
-			return false, msg
-		}
+	if len(match.All) > 1 {
+		msg = "skip generating ValidatingAdmissionPolicy: multiple 'all' in the match block is not applicable."
+		return false, msg
+	}
+	if ok, msg := checkResourceFilter(match.All, true); !ok {
+		return false, msg
+	}
 
-		if value.NamespaceSelector != nil {
-			containsNamespaceSelector = true
-		}
-		if value.Selector != nil {
-			containsObjectSelector = true
-		}
+	if ok, msg := checkResourceFilter(exclude.Any, false); !ok {
+		return false, msg
+	}
+
+	if len(exclude.All) > 1 {
+		msg = "skip generating ValidatingAdmissionPolicy: multiple 'all' in the exclude block is not applicable."
+		return false, msg
 	}
-	// since namespace/object selectors are applied to all NamedRuleWithOperations in ValidatingAdmissionPolicy, then
-	// we can't have more than one resource with namespace/object selectors.
-	if len(match.Any) > 1 && (containsNamespaceSelector || containsObjectSelector) {
-		msg = "skip generating ValidatingAdmissionPolicy: NamespaceSelector / ObjectSelector across multiple resources are not applicable."
+	if ok, msg := checkResourceFilter(exclude.All, false); !ok {
 		return false, msg
 	}
 
-	// since 'all' specify resources which will be ANDed, we can't have more than one resource.
-	if match.All != nil {
-		if len(match.All) > 1 {
-			msg = "skip generating ValidatingAdmissionPolicy: multiple 'all' is not applicable."
-			return false, msg
-		} else {
-			if ok, msg := checkUserInfo(match.All[0].UserInfo); !ok {
-				return false, msg
-			}
-			if ok, msg := checkResources(match.All[0].ResourceDescription); !ok {
-				return false, msg
-			}
-		}
+	return true, msg
+}
+
+func checkRuleCount(spec *kyvernov1.Spec) (bool, string) {
+	var msg string
+	if len(spec.Rules) > 1 {
+		msg = "skip generating ValidatingAdmissionPolicy: multiple rules are not applicable."
+		return false, msg
 	}
+	return true, msg
+}
 
+func checkRuleType(rule kyvernov1.Rule) (bool, string) {
+	var msg string
+	if !rule.HasValidateCEL() {
+		msg = "skip generating ValidatingAdmissionPolicy for non CEL rules."
+		return false, msg
+	}
 	return true, msg
 }
 
-func checkResources(resource kyvernov1.ResourceDescription) (bool, string) {
+func checkResources(resource kyvernov1.ResourceDescription, isMatch bool) (bool, string) {
 	var msg string
+	if !isMatch {
+		if len(resource.Kinds) != 0 && len(resource.Namespaces) != 0 {
+			msg = "skip generating ValidatingAdmissionPolicy: excluding a resource within a namespace is not applicable."
+			return false, msg
+		}
+	}
+
 	if len(resource.Annotations) != 0 {
 		msg = "skip generating ValidatingAdmissionPolicy: Annotations in resource description is not applicable."
 		return false, msg
@@ -122,3 +129,38 @@ func checkUserInfo(info kyvernov1.UserInfo) (bool, string) {
 	}
 	return true, msg
 }
+
+func checkResourceFilter(resFilters kyvernov1.ResourceFilters, isMatch bool) (bool, string) {
+	var msg string
+	containsNamespaceSelector := false
+	containsObjectSelector := false
+
+	for _, value := range resFilters {
+		if ok, msg := checkUserInfo(value.UserInfo); !ok {
+			return false, msg
+		}
+		if ok, msg := checkResources(value.ResourceDescription, isMatch); !ok {
+			return false, msg
+		}
+
+		if value.NamespaceSelector != nil {
+			containsNamespaceSelector = true
+		}
+		if value.Selector != nil {
+			containsObjectSelector = true
+		}
+	}
+
+	if !isMatch {
+		if containsNamespaceSelector || containsObjectSelector {
+			msg = "skip generating ValidatingAdmissionPolicy: NamespaceSelector / ObjectSelector in the exclude block is not applicable."
+			return false, msg
+		}
+	} else {
+		if len(resFilters) > 1 && (containsNamespaceSelector || containsObjectSelector) {
+			return false, "skip generating ValidatingAdmissionPolicy: NamespaceSelector / ObjectSelector across multiple resources in the match block are not applicable."
+		}
+	}
+
+	return true, msg
+}
diff --git a/pkg/validatingadmissionpolicy/kyvernopolicy_checker_test.go b/pkg/validatingadmissionpolicy/kyvernopolicy_checker_test.go
index 6b1c63c7c53d..b024fdae18a9 100644
--- a/pkg/validatingadmissionpolicy/kyvernopolicy_checker_test.go
+++ b/pkg/validatingadmissionpolicy/kyvernopolicy_checker_test.go
@@ -131,7 +131,7 @@ func Test_Check_Resources(t *testing.T) {
 			var res kyvernov1.ResourceDescription
 			err := json.Unmarshal(test.resource, &res)
 			assert.NilError(t, err)
-			out, _ := checkResources(res)
+			out, _ := checkResources(res, true)
 			assert.Equal(t, out, test.expected)
 		})
 	}
diff --git a/pkg/validation/policy/validate.go b/pkg/validation/policy/validate.go
index 6a550913cc09..ead41c3d5231 100644
--- a/pkg/validation/policy/validate.go
+++ b/pkg/validation/policy/validate.go
@@ -1002,12 +1002,9 @@ func validateValidationForEach(foreach []kyvernov1.ForEachValidation, schemaKey
 				}
 			}
 		}
-		if fe.ForEachValidation != nil {
-			nestedForEach, err := apiutils.DeserializeJSONArray[kyvernov1.ForEachValidation](fe.ForEachValidation)
-			if err != nil {
-				return schemaKey, err
-			}
-			if path, err := validateValidationForEach(nestedForEach, schemaKey); err != nil {
+		fev := fe.GetForEachValidation()
+		if len(fev) > 0 {
+			if path, err := validateValidationForEach(fev, schemaKey); err != nil {
 				return fmt.Sprintf("%s.%s", schemaKey, path), err
 			}
 		}
@@ -1022,12 +1019,9 @@ func validateMutationForEach(foreach []kyvernov1.ForEachMutation, schemaKey stri
 				return fmt.Sprintf("%s.%s", schemaKey, path), err
 			}
 		}
-		if fe.ForEachMutation != nil {
-			nestedForEach, err := apiutils.DeserializeJSONArray[kyvernov1.ForEachMutation](fe.ForEachMutation)
-			if err != nil {
-				return schemaKey, err
-			}
-			if path, err := validateMutationForEach(nestedForEach, schemaKey); err != nil {
+		fem := fe.GetForEachMutation()
+		if len(fem) > 0 {
+			if path, err := validateMutationForEach(fem, schemaKey); err != nil {
 				return fmt.Sprintf("%s.%s", schemaKey, path), err
 			}
 		}
@@ -1303,10 +1297,10 @@ func validateVariable(entry kyvernov1.ContextEntry) error {
 			return fmt.Errorf("failed to parse JMESPath %s: %v", entry.Variable.JMESPath, err)
 		}
 	}
-	if entry.Variable.Value == nil && jmesPath == "" {
+	if entry.Variable.GetValue() == nil && jmesPath == "" {
 		return fmt.Errorf("a variable must define a value or a jmesPath expression")
 	}
-	if entry.Variable.Default != nil && jmesPath == "" {
+	if entry.Variable.GetDefault() != nil && jmesPath == "" {
 		return fmt.Errorf("a variable must define a default value only when a jmesPath expression is defined")
 	}
 	return nil
diff --git a/scripts/config/kind/default.yaml b/scripts/config/kind/default.yaml
index 1e1322d51ec7..4a4d00cc2152 100644
--- a/scripts/config/kind/default.yaml
+++ b/scripts/config/kind/default.yaml
@@ -37,3 +37,4 @@ nodes:
 featureGates:
   "JobPodFailurePolicy": true
   "PodDisruptionConditions": true
+  "ProcMountType": true
diff --git a/test/conformance/chainsaw/cli/apply/apply-on-cluster-scoped-resources/chainsaw-test.yaml b/test/conformance/chainsaw/cli/apply/apply-on-cluster-scoped-resources/chainsaw-test.yaml
new file mode 100644
index 000000000000..1e4110b4ffe1
--- /dev/null
+++ b/test/conformance/chainsaw/cli/apply/apply-on-cluster-scoped-resources/chainsaw-test.yaml
@@ -0,0 +1,21 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: apply-on-cluster-scoped-resources
+spec:
+  steps:
+  - name: step-01  
+    try:  
+    - script:  
+        content: kubectl create rolebinding my-rolebinding --role=my-role --user=my-user
+  - name: step-02
+    try:  
+    - script:  
+        content: kubectl create clusterrolebinding clusterrolebinding --clusterrole=my-clusterrole --user=my-user
+  - name: step-04
+    try:
+    - script:
+        content: kyverno apply policy.yaml --cluster
+        check:  
+          ($error != null): false
diff --git a/test/conformance/chainsaw/cli/apply/apply-on-cluster-scoped-resources/policy.yaml b/test/conformance/chainsaw/cli/apply/apply-on-cluster-scoped-resources/policy.yaml
new file mode 100644
index 000000000000..8afa58827f7a
--- /dev/null
+++ b/test/conformance/chainsaw/cli/apply/apply-on-cluster-scoped-resources/policy.yaml
@@ -0,0 +1,20 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: restrict-binding-system-groups      
+spec:
+  validationFailureAction: Enforce
+  background: true
+  rules:
+    - name: restrict-masters
+      match:
+        any:
+        - resources:
+            kinds:
+              - RoleBinding
+              - ClusterRoleBinding
+      validate:
+        message: "Binding to system:masters is not allowed."
+        pattern:
+          roleRef:
+            name: "!system:masters"
\ No newline at end of file
diff --git a/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/chainsaw-test.yaml b/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/chainsaw-test.yaml
new file mode 100755
index 000000000000..72fa2c5aeb21
--- /dev/null
+++ b/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/chainsaw-test.yaml
@@ -0,0 +1,21 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: message-exceeds-1024-characters
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: policy.yaml
+    - assert:
+        file: policy-assert.yaml
+  - name: step-02
+    try:
+    - apply:
+        file: resource.yaml
+  - name: step-03
+    try:
+    - assert:
+        file: event-assert.yaml
diff --git a/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/event-assert.yaml b/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/event-assert.yaml
new file mode 100644
index 000000000000..133b4926d1b1
--- /dev/null
+++ b/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/event-assert.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Event
+metadata:
+  namespace: default
+involvedObject:
+  apiVersion: v1
+  kind: Pod
+  name: badpod01
+  namespace: default
+type: Warning
+reason: PolicyViolation
+action: Resource Passed
+reportingComponent: kyverno-scan
+message: 'policy podsecurity-subrule-restricted/restricted fail: Validation rule
+    ''restricted'' failed. It violates PodSecurity "restricted:latest": (Forbidden
+    reason: unrestricted capabilities, field error list: [spec.containers[0].securityContext.capabilities.drop:
+    Required value])'
diff --git a/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/policy-assert.yaml b/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/policy-assert.yaml
new file mode 100644
index 000000000000..745e0ae3aafc
--- /dev/null
+++ b/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/policy-assert.yaml
@@ -0,0 +1,10 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: podsecurity-subrule-restricted
+spec: {}
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
diff --git a/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/policy.yaml b/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/policy.yaml
new file mode 100644
index 000000000000..3d6ea0ae684f
--- /dev/null
+++ b/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/policy.yaml
@@ -0,0 +1,18 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: podsecurity-subrule-restricted
+spec:
+  background: true
+  validationFailureAction: Audit
+  rules:
+  - name: restricted
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+    validate:
+      podSecurity:
+        level: restricted
+        version: latest
diff --git a/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/resource.yaml b/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/resource.yaml
new file mode 100644
index 000000000000..00ac4d55756d
--- /dev/null
+++ b/test/conformance/chainsaw/events/clusterpolicy/message-exceeds-1024-characters/resource.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: badpod01
+  namespace: default
+spec:
+  containers:
+  - name: container01
+    image: dummyimagename
+    securityContext:
+      allowPrivilegeEscalation: false
+      runAsNonRoot: true
+      seccompProfile:
+        type: RuntimeDefault
\ No newline at end of file
diff --git a/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/README.md b/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/README.md
new file mode 100644
index 000000000000..957963aca530
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/README.md
@@ -0,0 +1,18 @@
+## Description
+
+This test creates two policy exceptions that match the same policy. It is expected that the pod that satisfies both exceptions will be created successfully.
+
+## Expected Behavior
+
+1. Create a policy that applies the baseline profile.
+
+2. Create two exceptions for the init containters as follows:
+   - The first exception `init1-exception-baseline` allows the values of `NET_ADMIN` and `NET_RAW` capabilities in the init containers. 
+   - The second exception `init2-exception-baseline` allows the values of `SYS_TIME` capabilities in the init containers. 
+
+3. Create a pod with two init containers. The first init container should have the `NET_ADMIN` and `NET_RAW` capabilities, and the second init container should have the `SYS_TIME` capability. It is expected that the pod will be created successfully as it matches both exceptions.
+
+
+## Reference Issue(s)
+
+#10580
diff --git a/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/chainsaw-test.yaml b/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/chainsaw-test.yaml
new file mode 100755
index 000000000000..40fec37619d5
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/chainsaw-test.yaml
@@ -0,0 +1,21 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: multiple-exceptions-with-pod-security
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: policy.yaml
+    - assert:
+        file: policy-assert.yaml
+  - name: step-02
+    try:
+    - apply:
+        file: exceptions.yaml
+  - name: step-03
+    try:
+    - apply:
+        file: pod.yaml
diff --git a/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/exceptions.yaml b/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/exceptions.yaml
new file mode 100644
index 000000000000..862a08403d23
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/exceptions.yaml
@@ -0,0 +1,44 @@
+apiVersion: kyverno.io/v2
+kind: PolicyException
+metadata:
+  name: init1-exception-baseline
+spec:
+  exceptions:
+  - policyName: psp-baseline
+    ruleNames:
+    - baseline
+  match:
+    any:
+    - resources:
+        kinds:
+        - Pod
+  podSecurity:
+  - controlName: Capabilities
+    images:
+    - 'alpine:latest'
+    restrictedField: spec.initContainers[*].securityContext.capabilities.add
+    values:
+    - NET_ADMIN
+    - NET_RAW
+---
+apiVersion: kyverno.io/v2
+kind: PolicyException
+metadata:
+  name: init2-exception-baseline
+spec:
+  exceptions:
+  - policyName: psp-baseline
+    ruleNames:
+    - baseline
+  match:
+    any:
+    - resources:
+        kinds:
+        - Pod
+  podSecurity:
+  - controlName: Capabilities
+    images:
+    - 'busybox:latest'
+    restrictedField: spec.initContainers[*].securityContext.capabilities.add
+    values:
+    - SYS_TIME
diff --git a/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/pod.yaml b/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/pod.yaml
new file mode 100644
index 000000000000..10ad4a02022f
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/pod.yaml
@@ -0,0 +1,56 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod
+spec:
+  containers:
+  - image: alpine:latest
+    imagePullPolicy: IfNotPresent
+    name: primary
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      runAsGroup: 1000
+      runAsNonRoot: true
+      runAsUser: 1000
+      seccompProfile:
+        type: RuntimeDefault
+  initContainers:
+  - image: alpine:latest
+    imagePullPolicy: IfNotPresent
+    name: init1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_ADMIN
+        - NET_RAW
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: false
+      runAsGroup: 10001
+      runAsNonRoot: true
+      runAsUser: 10001
+      seccompProfile:
+        type: RuntimeDefault
+  - image: busybox:latest
+    imagePullPolicy: IfNotPresent
+    name: init2
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - SYS_TIME
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: true
+      runAsGroup: 10002
+      runAsNonRoot: true
+      runAsUser: 10002
+      seccompProfile:
+        type: RuntimeDefault
diff --git a/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/policy-assert.yaml b/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/policy-assert.yaml
new file mode 100644
index 000000000000..21bb1a0623da
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/policy-assert.yaml
@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: psp-baseline
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
diff --git a/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/policy.yaml b/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/policy.yaml
new file mode 100644
index 000000000000..d554dccac897
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/multiple-exceptions-with-pod-security/policy.yaml
@@ -0,0 +1,19 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: psp-baseline
+spec:
+  failurePolicy: Ignore
+  background: true
+  validationFailureAction: Enforce
+  rules:
+  - name: baseline
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+    validate:
+      podSecurity:
+        level: baseline
+        version: v1.29
diff --git a/test/conformance/chainsaw/exceptions/multiple-exceptions/README.md b/test/conformance/chainsaw/exceptions/multiple-exceptions/README.md
new file mode 100644
index 000000000000..9b0649c6745f
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/multiple-exceptions/README.md
@@ -0,0 +1,18 @@
+## Description
+
+This test creates two policy exceptions that match the same policy. It is expected that the pod that satisfies both exceptions will be created successfully.
+
+## Expected Behavior
+
+1. Create a policy that applies the baseline profile.
+
+2. Create two exceptions as follows:
+   - The first exception `exception-baseline` that exempts the whole pod from the baseline profile. 
+   - The second exception `init-exception-baseline` allows the values of `SYS_TIME` capabilities in the init containers.
+
+3. Create a pod with two init containers. The first init container should have the `NET_ADMIN` and `NET_RAW` capabilities, and the second init container should have the `SYS_TIME` capability. It is expected that the pod will be created successfully as it matches both exceptions.
+
+
+## Reference Issue(s)
+
+#10580
diff --git a/test/conformance/chainsaw/exceptions/multiple-exceptions/chainsaw-test.yaml b/test/conformance/chainsaw/exceptions/multiple-exceptions/chainsaw-test.yaml
new file mode 100755
index 000000000000..e005c156e2fd
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/multiple-exceptions/chainsaw-test.yaml
@@ -0,0 +1,21 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: multiple-exceptions
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: policy.yaml
+    - assert:
+        file: policy-assert.yaml
+  - name: step-02
+    try:
+    - apply:
+        file: exceptions.yaml
+  - name: step-03
+    try:
+    - apply:
+        file: pod.yaml
diff --git a/test/conformance/chainsaw/exceptions/multiple-exceptions/exceptions.yaml b/test/conformance/chainsaw/exceptions/multiple-exceptions/exceptions.yaml
new file mode 100644
index 000000000000..94665f7b07a7
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/multiple-exceptions/exceptions.yaml
@@ -0,0 +1,36 @@
+apiVersion: kyverno.io/v2
+kind: PolicyException
+metadata:
+  name: exception-baseline
+spec:
+  exceptions:
+  - policyName: psp-baseline
+    ruleNames:
+    - baseline
+  match:
+    any:
+    - resources:
+        kinds:
+        - Pod
+---
+apiVersion: kyverno.io/v2
+kind: PolicyException
+metadata:
+  name: init-exception-baseline
+spec:
+  exceptions:
+  - policyName: psp-baseline
+    ruleNames:
+    - baseline
+  match:
+    any:
+    - resources:
+        kinds:
+        - Pod
+  podSecurity:
+  - controlName: Capabilities
+    images:
+    - 'busybox:latest'
+    restrictedField: spec.initContainers[*].securityContext.capabilities.add
+    values:
+    - SYS_TIME
diff --git a/test/conformance/chainsaw/exceptions/multiple-exceptions/pod.yaml b/test/conformance/chainsaw/exceptions/multiple-exceptions/pod.yaml
new file mode 100644
index 000000000000..10ad4a02022f
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/multiple-exceptions/pod.yaml
@@ -0,0 +1,56 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod
+spec:
+  containers:
+  - image: alpine:latest
+    imagePullPolicy: IfNotPresent
+    name: primary
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      runAsGroup: 1000
+      runAsNonRoot: true
+      runAsUser: 1000
+      seccompProfile:
+        type: RuntimeDefault
+  initContainers:
+  - image: alpine:latest
+    imagePullPolicy: IfNotPresent
+    name: init1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_ADMIN
+        - NET_RAW
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: false
+      runAsGroup: 10001
+      runAsNonRoot: true
+      runAsUser: 10001
+      seccompProfile:
+        type: RuntimeDefault
+  - image: busybox:latest
+    imagePullPolicy: IfNotPresent
+    name: init2
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - SYS_TIME
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: true
+      runAsGroup: 10002
+      runAsNonRoot: true
+      runAsUser: 10002
+      seccompProfile:
+        type: RuntimeDefault
diff --git a/test/conformance/chainsaw/exceptions/multiple-exceptions/policy-assert.yaml b/test/conformance/chainsaw/exceptions/multiple-exceptions/policy-assert.yaml
new file mode 100644
index 000000000000..21bb1a0623da
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/multiple-exceptions/policy-assert.yaml
@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: psp-baseline
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
diff --git a/test/conformance/chainsaw/exceptions/multiple-exceptions/policy.yaml b/test/conformance/chainsaw/exceptions/multiple-exceptions/policy.yaml
new file mode 100644
index 000000000000..d554dccac897
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/multiple-exceptions/policy.yaml
@@ -0,0 +1,19 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: psp-baseline
+spec:
+  failurePolicy: Ignore
+  background: true
+  validationFailureAction: Enforce
+  rules:
+  - name: baseline
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+    validate:
+      podSecurity:
+        level: baseline
+        version: v1.29
diff --git a/test/conformance/chainsaw/exceptions/psa-run-as-non-root/README.md b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/README.md
new file mode 100644
index 000000000000..4c1082aaed55
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/README.md
@@ -0,0 +1,32 @@
+## Description
+
+This test creates an exception for the init containers to set the `runAsNonRoot` to false
+
+## Expected Behavior
+
+1. Create a policy that applies the restricted profile.
+
+2. Create an exception for the init containters to set the `runAsNonRoot` to false.
+
+3. Create a pod with the following characteristics:
+   - The pod has an init container that sets the `runAsNonRoot` field to `false`.
+   - The pod has a container that doesn't set the `runAsNonRoot` field.
+
+   It is expected that the pod will be blocked with a message reporting the violation of the container. The init container is already excluded by the exception.
+
+3. Create a pod with the following characteristics:
+    - The pod has an init container that sets the `runAsNonRoot` field to `true`.
+    - The pod has a container that doesn't set the `runAsNonRoot` field.
+    
+    It is expected that the pod will be blocked with a message reporting the violation of the container.
+
+4. Create a pod with the following characteristics:
+    - The pod has an init container that sets the `runAsNonRoot` field to `false`.
+    - The pod has a container that doesn't set the `runAsNonRoot` field.
+    - `runAsNonRoot` is set to `true` in the pod spec.
+
+    It is expected that the pod will be created successfully.
+
+## Reference Issue(s)
+
+#10581
diff --git a/test/conformance/chainsaw/exceptions/psa-run-as-non-root/bad-pod-01.yaml b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/bad-pod-01.yaml
new file mode 100644
index 000000000000..b0029e12bf0a
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/bad-pod-01.yaml
@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    run: test-pod
+  name: test-pod
+  namespace: default
+spec:
+  containers:
+  - image: nginx
+    name: test-pod
+    resources:
+      limits:
+        cpu: "2"
+        memory: 4Gi
+      requests:
+        cpu: 50m
+        memory: 256Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+  initContainers:
+  - args:
+    - istio-iptables
+    env:
+    - name: TERMINATION_DRAIN_DURATION_SECONDS
+      value: "30"
+    image: some.registry/istio/proxyv2:1.18.7
+    imagePullPolicy: IfNotPresent
+    name: istio-init
+    resources:
+      limits:
+        cpu: "2"
+        memory: 1Gi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      runAsNonRoot: false
diff --git a/test/conformance/chainsaw/exceptions/psa-run-as-non-root/bad-pod-02.yaml b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/bad-pod-02.yaml
new file mode 100644
index 000000000000..39cd3b611732
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/bad-pod-02.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    run: test-pod
+  name: test-pod
+spec:
+  containers:
+  - image: nginx
+    name: test-pod
+    resources:
+      limits:
+        cpu: "2"
+        memory: 4Gi
+      requests:
+        cpu: 50m
+        memory: 256Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+  initContainers:
+  - args:
+    - istio-iptables
+    env:
+    - name: TERMINATION_DRAIN_DURATION_SECONDS
+      value: "30"
+    image: some.registry/istio/proxyv2:1.18.7
+    imagePullPolicy: IfNotPresent
+    name: istio-init
+    resources:
+      limits:
+        cpu: "2"
+        memory: 1Gi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      runAsNonRoot: true
diff --git a/test/conformance/chainsaw/exceptions/psa-run-as-non-root/chainsaw-test.yaml b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/chainsaw-test.yaml
new file mode 100755
index 000000000000..72643d2ba74e
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/chainsaw-test.yaml
@@ -0,0 +1,35 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: psa-run-as-non-root
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: policy.yaml
+    - assert:
+        file: policy-assert.yaml
+  - name: step-02
+    try:
+    - apply:
+        file: exception.yaml
+  - name: step-03
+    try:
+    - script:
+        content: kubectl apply -f bad-pod-01.yaml
+        check:
+          ($error != null): true
+          (contains($stderr, 'spec.containers[0].securityContext.runAsNonRoot')): true
+  - name: step-04
+    try:
+    - script:
+        content: kubectl apply -f bad-pod-02.yaml
+        check:
+          ($error != null): true
+          (contains($stderr, 'spec.containers[0].securityContext.runAsNonRoot')): true
+  - name: step-05
+    try:
+    - apply:
+        file: good-pod.yaml
diff --git a/test/conformance/chainsaw/exceptions/psa-run-as-non-root/exception.yaml b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/exception.yaml
new file mode 100644
index 000000000000..db84c0ff8975
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/exception.yaml
@@ -0,0 +1,21 @@
+apiVersion: kyverno.io/v2
+kind: PolicyException
+metadata:
+  name: pod-security-exception
+spec:
+  exceptions:
+  - policyName: psp-restricted-limited
+    ruleNames:
+    - restricted
+  match:
+    any:
+    - resources:
+        kinds:
+        - Pod
+  podSecurity:
+  - controlName: Running as Non-root
+    images:
+    - '*/istio/proxyv2*'
+    restrictedField: spec.initContainers[*].securityContext.runAsNonRoot
+    values:
+    - "false"
diff --git a/test/conformance/chainsaw/exceptions/psa-run-as-non-root/good-pod.yaml b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/good-pod.yaml
new file mode 100644
index 000000000000..16161d43d43e
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/good-pod.yaml
@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    run: test-pod
+  name: test-pod
+spec:
+  securityContext:
+    runAsNonRoot: true
+  containers:
+  - image: nginx
+    name: test-pod
+    resources:
+      limits:
+        cpu: "2"
+        memory: 4Gi
+      requests:
+        cpu: 50m
+        memory: 256Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+  initContainers:
+  - args:
+    - istio-iptables
+    env:
+    - name: TERMINATION_DRAIN_DURATION_SECONDS
+      value: "30"
+    image: some.registry/istio/proxyv2:1.18.7
+    imagePullPolicy: IfNotPresent
+    name: istio-init
+    resources:
+      limits:
+        cpu: "2"
+        memory: 1Gi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      runAsNonRoot: false
diff --git a/test/conformance/chainsaw/exceptions/psa-run-as-non-root/policy-assert.yaml b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/policy-assert.yaml
new file mode 100644
index 000000000000..e5855a5d4f9c
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/policy-assert.yaml
@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: psp-restricted-limited
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
diff --git a/test/conformance/chainsaw/exceptions/psa-run-as-non-root/policy.yaml b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/policy.yaml
new file mode 100644
index 000000000000..a8140c18c8ae
--- /dev/null
+++ b/test/conformance/chainsaw/exceptions/psa-run-as-non-root/policy.yaml
@@ -0,0 +1,31 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: psp-restricted-limited
+  annotations:
+    pod-policies.kyverno.io/autogen-controllers: none
+spec:
+  background: true
+  validationFailureAction: Enforce
+  rules:
+  - name: restricted
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+          namespaces:
+          - default
+    validate:
+      podSecurity:
+        level: restricted
+        version: v1.29
+        exclude:
+        - controlName: Volume Types
+        - controlName: Seccomp
+        - controlName: Seccomp
+          images:
+          - '*'
+        - controlName: Capabilities
+          images:
+          - "*"
diff --git a/test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail(deprecated)/README.md b/test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail(deprecated)/README.md
rename to test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail-deprecated/README.md
diff --git a/test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail(deprecated)/policy-assert.yaml b/test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail-deprecated/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail(deprecated)/policy-assert.yaml
rename to test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail-deprecated/policy-assert.yaml
diff --git a/test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail(deprecated)/policy.yaml b/test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail(deprecated)/policy.yaml
rename to test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail(deprecated)/webhooks-assert.yaml b/test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail-deprecated/webhooks-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail(deprecated)/webhooks-assert.yaml
rename to test/conformance/chainsaw/force-failure-policy-ignore/cluster-policy/fail-deprecated/webhooks-assert.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/chainsaw-test.yaml
new file mode 100755
index 000000000000..893004702550
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/chainsaw-test.yaml
@@ -0,0 +1,19 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: cpol-any-exclude-namespace-match-resource
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: policy.yaml
+    - assert:
+        file: policy-assert.yaml
+  - name: step-02
+    try:
+    - assert:
+        file: validatingadmissionpolicy.yaml
+    - assert:
+        file: validatingadmissionpolicybinding.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/policy-assert.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/policy-assert.yaml
new file mode 100644
index 000000000000..9fa3bfcebca3
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/policy-assert.yaml
@@ -0,0 +1,10 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disallow-host-path-t16
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
+  
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/policy.yaml
similarity index 83%
rename from test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/policy.yaml
rename to test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/policy.yaml
index 4fc7d33ef698..3d20b85f7968 100644
--- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/policy.yaml
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/policy.yaml
@@ -1,7 +1,7 @@
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
-  name: disallow-host-path-t10
+  name: disallow-host-path-t16
 spec:
   validationFailureAction: Audit
   background: false
@@ -17,8 +17,10 @@ spec:
             - UPDATE
       exclude:
         any:
-        - clusterRoles:
-          - cluster-admin
+        - resources:
+            namespaces:
+            - testing-ns
+            - staging-ns
       validate:
         cel:
           expressions:
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/validatingadmissionpolicy.yaml
new file mode 100644
index 000000000000..ff6bd06c977e
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/validatingadmissionpolicy.yaml
@@ -0,0 +1,41 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicy
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: disallow-host-path-t16
+  ownerReferences:
+  - apiVersion: kyverno.io/v1
+    kind: ClusterPolicy
+    name: disallow-host-path-t16
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    excludeResourceRules:
+    - apiGroups:
+      - ""
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resourceNames:
+      - testing-ns
+      - staging-ns
+      resources:
+      - namespaces
+    resourceRules:
+    - apiGroups:
+      - apps
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resources:
+      - deployments
+  validations:
+  - expression: '!has(object.spec.template.spec.volumes) || object.spec.template.spec.volumes.all(volume,
+      !has(volume.hostPath))'
+    message: HostPath volumes are forbidden. The field spec.template.spec.volumes[*].hostPath
+      must be unset.
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/validatingadmissionpolicybinding.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/validatingadmissionpolicybinding.yaml
new file mode 100644
index 000000000000..cd6a1c5cfe82
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-namespace-match-resource/validatingadmissionpolicybinding.yaml
@@ -0,0 +1,15 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: disallow-host-path-t16-binding
+  ownerReferences:
+  - apiVersion: kyverno.io/v1
+    kind: ClusterPolicy
+    name: disallow-host-path-t16
+spec:
+  policyName: disallow-host-path-t16
+  validationActions:
+  - Audit
+  - Warn
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/chainsaw-test.yaml
new file mode 100755
index 000000000000..26b0a4ec9dca
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/chainsaw-test.yaml
@@ -0,0 +1,19 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: cpol-any-exclude-resource-match-with-namespace-selector
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: policy.yaml
+    - assert:
+        file: policy-assert.yaml
+  - name: step-02
+    try:
+    - assert:
+        file: validatingadmissionpolicy.yaml
+    - assert:
+        file: validatingadmissionpolicybinding.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/policy-assert.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/policy-assert.yaml
new file mode 100644
index 000000000000..ae2648855904
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/policy-assert.yaml
@@ -0,0 +1,10 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disallow-host-path-t14
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
+  
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/policy.yaml
new file mode 100644
index 000000000000..97904eed4b2b
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/policy.yaml
@@ -0,0 +1,35 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disallow-host-path-t14
+spec:
+  validationFailureAction: Audit
+  background: false
+  rules:
+    - name: host-path
+      match:
+        any:
+        - resources:
+            kinds:
+            - Deployment
+            operations:
+            - CREATE
+            - UPDATE
+            namespaceSelector:
+              matchLabels:
+                app: critical
+      exclude:
+        any:
+        - resources:
+            kinds:
+            - Deployment
+            operations:
+            - CREATE
+            - UPDATE
+            names:
+            - "testing"
+      validate:
+        cel:
+          expressions:
+            - expression: "!has(object.spec.template.spec.volumes) || object.spec.template.spec.volumes.all(volume, !has(volume.hostPath))"
+              message: "HostPath volumes are forbidden. The field spec.template.spec.volumes[*].hostPath must be unset."
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/validatingadmissionpolicy.yaml
new file mode 100644
index 000000000000..ee3b71964492
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/validatingadmissionpolicy.yaml
@@ -0,0 +1,43 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicy
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: disallow-host-path-t14
+  ownerReferences:
+  - apiVersion: kyverno.io/v1
+    kind: ClusterPolicy
+    name: disallow-host-path-t14
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    excludeResourceRules:
+    - apiGroups:
+      - apps
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resourceNames:
+      - testing
+      resources:
+      - deployments
+    namespaceSelector:
+      matchLabels:
+        app: critical
+    resourceRules:
+    - apiGroups:
+      - apps
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resources:
+      - deployments
+  validations:
+  - expression: '!has(object.spec.template.spec.volumes) || object.spec.template.spec.volumes.all(volume,
+      !has(volume.hostPath))'
+    message: HostPath volumes are forbidden. The field spec.template.spec.volumes[*].hostPath
+      must be unset.
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/validatingadmissionpolicybinding.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/validatingadmissionpolicybinding.yaml
new file mode 100644
index 000000000000..68b1530a0025
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-namespace-selector/validatingadmissionpolicybinding.yaml
@@ -0,0 +1,15 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: disallow-host-path-t14-binding
+  ownerReferences:
+  - apiVersion: kyverno.io/v1
+    kind: ClusterPolicy
+    name: disallow-host-path-t14
+spec:
+  policyName: disallow-host-path-t14
+  validationActions:
+  - Audit
+  - Warn
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/chainsaw-test.yaml
new file mode 100755
index 000000000000..52dd315eff86
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/chainsaw-test.yaml
@@ -0,0 +1,19 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: cpol-any-exclude-resource-match-with-object-selector
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: policy.yaml
+    - assert:
+        file: policy-assert.yaml
+  - name: step-02
+    try:
+    - assert:
+        file: validatingadmissionpolicy.yaml
+    - assert:
+        file: validatingadmissionpolicybinding.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/policy-assert.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/policy-assert.yaml
new file mode 100644
index 000000000000..ef00059ee37c
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/policy-assert.yaml
@@ -0,0 +1,10 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disallow-host-path-t15
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
+  
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/policy.yaml
new file mode 100644
index 000000000000..893891a1dd06
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/policy.yaml
@@ -0,0 +1,35 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disallow-host-path-t15
+spec:
+  validationFailureAction: Audit
+  background: false
+  rules:
+    - name: host-path
+      match:
+        any:
+        - resources:
+            kinds:
+            - Deployment
+            operations:
+            - CREATE
+            - UPDATE
+            selector:
+              matchLabels:
+                app: critical
+      exclude:
+        any:
+        - resources:
+            kinds:
+            - Deployment
+            operations:
+            - CREATE
+            - UPDATE
+            names:
+            - "testing"
+      validate:
+        cel:
+          expressions:
+            - expression: "!has(object.spec.template.spec.volumes) || object.spec.template.spec.volumes.all(volume, !has(volume.hostPath))"
+              message: "HostPath volumes are forbidden. The field spec.template.spec.volumes[*].hostPath must be unset."
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/validatingadmissionpolicy.yaml
new file mode 100644
index 000000000000..ff95f39ec058
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/validatingadmissionpolicy.yaml
@@ -0,0 +1,43 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicy
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: disallow-host-path-t15
+  ownerReferences:
+  - apiVersion: kyverno.io/v1
+    kind: ClusterPolicy
+    name: disallow-host-path-t15
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    excludeResourceRules:
+    - apiGroups:
+      - apps
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resourceNames:
+      - testing
+      resources:
+      - deployments
+    objectSelector:
+      matchLabels:
+        app: critical
+    resourceRules:
+    - apiGroups:
+      - apps
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resources:
+      - deployments
+  validations:
+  - expression: '!has(object.spec.template.spec.volumes) || object.spec.template.spec.volumes.all(volume,
+      !has(volume.hostPath))'
+    message: HostPath volumes are forbidden. The field spec.template.spec.volumes[*].hostPath
+      must be unset.
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/validatingadmissionpolicybinding.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/validatingadmissionpolicybinding.yaml
new file mode 100644
index 000000000000..91425be107d5
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource-match-with-object-selector/validatingadmissionpolicybinding.yaml
@@ -0,0 +1,15 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: disallow-host-path-t15-binding
+  ownerReferences:
+  - apiVersion: kyverno.io/v1
+    kind: ClusterPolicy
+    name: disallow-host-path-t15
+spec:
+  policyName: disallow-host-path-t15
+  validationActions:
+  - Audit
+  - Warn
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/chainsaw-test.yaml
new file mode 100755
index 000000000000..e000eb8680f1
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/chainsaw-test.yaml
@@ -0,0 +1,19 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: cpol-any-exclude-resource
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: policy.yaml
+    - assert:
+        file: policy-assert.yaml
+  - name: step-02
+    try:
+    - assert:
+        file: validatingadmissionpolicy.yaml
+    - assert:
+        file: validatingadmissionpolicybinding.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/policy-assert.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/policy-assert.yaml
new file mode 100644
index 000000000000..a1336840e0e8
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/policy-assert.yaml
@@ -0,0 +1,10 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disallow-host-path-t13
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
+  
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/policy.yaml
new file mode 100644
index 000000000000..1c7b71926ec7
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/policy.yaml
@@ -0,0 +1,35 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disallow-host-path-t13
+spec:
+  validationFailureAction: Audit
+  background: false
+  rules:
+    - name: host-path
+      match:
+        any:
+        - resources:
+            kinds:
+            - Deployment
+            - StatefulSet
+            - ReplicaSet
+            - DaemonSet
+            operations:
+            - CREATE
+            - UPDATE
+      exclude:
+        any:
+        - resources:
+            kinds:
+            - Deployment
+            operations:
+            - CREATE
+            - UPDATE
+            names:
+            - "testing"
+      validate:
+        cel:
+          expressions:
+            - expression: "!has(object.spec.template.spec.volumes) || object.spec.template.spec.volumes.all(volume, !has(volume.hostPath))"
+              message: "HostPath volumes are forbidden. The field spec.template.spec.volumes[*].hostPath must be unset."
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/validatingadmissionpolicy.yaml
new file mode 100644
index 000000000000..3fff6855ff68
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/validatingadmissionpolicy.yaml
@@ -0,0 +1,43 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicy
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: disallow-host-path-t13
+  ownerReferences:
+  - apiVersion: kyverno.io/v1
+    kind: ClusterPolicy
+    name: disallow-host-path-t13
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    excludeResourceRules:
+    - apiGroups:
+      - apps
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resourceNames:
+      - testing
+      resources:
+      - deployments
+    resourceRules:
+    - apiGroups:
+      - apps
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resources:
+      - deployments
+      - statefulsets
+      - replicasets
+      - daemonsets
+  validations:
+  - expression: '!has(object.spec.template.spec.volumes) || object.spec.template.spec.volumes.all(volume,
+      !has(volume.hostPath))'
+    message: HostPath volumes are forbidden. The field spec.template.spec.volumes[*].hostPath
+      must be unset.
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/validatingadmissionpolicybinding.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/validatingadmissionpolicybinding.yaml
new file mode 100644
index 000000000000..ee724d9083d3
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-exclude-resource/validatingadmissionpolicybinding.yaml
@@ -0,0 +1,15 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: disallow-host-path-t13-binding
+  ownerReferences:
+  - apiVersion: kyverno.io/v1
+    kind: ClusterPolicy
+    name: disallow-host-path-t13
+spec:
+  policyName: disallow-host-path-t13
+  validationActions:
+  - Audit
+  - Warn
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/chainsaw-test.yaml
new file mode 100755
index 000000000000..46411c7d3f8a
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/chainsaw-test.yaml
@@ -0,0 +1,19 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: cpol-match-kind-with-wildcard
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: policy.yaml
+    - assert:
+        file: policy-assert.yaml
+  - name: step-02
+    try:
+    - assert:
+        file: validatingadmissionpolicy.yaml
+    - assert:
+        file: validatingadmissionpolicybinding.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/policy-assert.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/policy-assert.yaml
new file mode 100644
index 000000000000..1832ab5a1d8c
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/policy-assert.yaml
@@ -0,0 +1,10 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: check-label-app5
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
+  
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/policy.yaml
new file mode 100644
index 000000000000..cae60e95935e
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/policy.yaml
@@ -0,0 +1,30 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: check-label-app5
+spec:
+  validationFailureAction: Audit
+  background: false
+  rules:
+    - name: check-label-app
+      match:
+        all:
+        - resources:
+            kinds:
+            - '*'
+            operations:
+            - CREATE
+            namespaces:
+            - production
+            - staging
+      exclude:
+        all:
+        - resources:
+             kinds:
+             - "Deployment"
+             operations:
+             - CREATE
+      validate:
+        cel:
+          expressions:
+            - expression: "'app' in object.metadata.labels"
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/validatingadmissionpolicy.yaml
new file mode 100644
index 000000000000..86a4d5c2989a
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/validatingadmissionpolicy.yaml
@@ -0,0 +1,41 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicy
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: check-label-app5
+  ownerReferences:
+  - apiVersion: kyverno.io/v1
+    kind: ClusterPolicy
+    name: check-label-app5
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    excludeResourceRules:
+    - apiGroups:
+      - apps
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      resources:
+      - deployments
+    namespaceSelector:
+      matchExpressions:
+      - key: kubernetes.io/metadata.name
+        operator: In
+        values:
+        - production
+        - staging
+    resourceRules:
+    - apiGroups:
+      - '*'
+      apiVersions:
+      - '*'
+      operations:
+      - CREATE
+      resources:
+      - '*'
+      scope: '*'
+  validations:
+  - expression: '''app'' in object.metadata.labels'
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/validatingadmissionpolicybinding.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/validatingadmissionpolicybinding.yaml
new file mode 100644
index 000000000000..6cf61b5a0f4f
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-match-all-exclude-one/validatingadmissionpolicybinding.yaml
@@ -0,0 +1,15 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: check-label-app5-binding
+  ownerReferences:
+  - apiVersion: kyverno.io/v1
+    kind: ClusterPolicy
+    name: check-label-app5
+spec:
+  policyName: check-label-app5
+  validationActions:
+  - Audit
+  - Warn
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/chainsaw-test.yaml
new file mode 100755
index 000000000000..664c4cab7550
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/chainsaw-test.yaml
@@ -0,0 +1,19 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: cpol-exclude-resources-in-specific-namespace
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: policy.yaml
+    - assert:
+        file: policy-assert.yaml
+  - name: step-02
+    try:
+    - error:
+        file: validatingadmissionpolicy.yaml
+    - error:
+        file: validatingadmissionpolicybinding.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/policy-assert.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/policy-assert.yaml
new file mode 100644
index 000000000000..7532997b0a79
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/policy-assert.yaml
@@ -0,0 +1,12 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disallow-host-path-t17
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
+  validatingadmissionpolicy:
+    generated: false
+  
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/policy.yaml
new file mode 100644
index 000000000000..3628adb12053
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/policy.yaml
@@ -0,0 +1,33 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disallow-host-path-t17
+spec:
+  validationFailureAction: Audit
+  background: false
+  rules:
+    - name: host-path
+      match:
+        any:
+        - resources:
+            kinds:
+            - Deployment
+            operations:
+            - CREATE
+            - UPDATE
+      exclude:
+        any:
+        - resources:
+            kinds:
+            - Deployment
+            operations:
+            - CREATE
+            - UPDATE
+            namespaces:
+            - testing-ns
+            - staging-ns
+      validate:
+        cel:
+          expressions:
+            - expression: "!has(object.spec.template.spec.volumes) || object.spec.template.spec.volumes.all(volume, !has(volume.hostPath))"
+              message: "HostPath volumes are forbidden. The field spec.template.spec.volumes[*].hostPath must be unset."
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/validatingadmissionpolicy.yaml
new file mode 100644
index 000000000000..562fc2293e5c
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/validatingadmissionpolicy.yaml
@@ -0,0 +1,7 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicy
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: disallow-host-path-t17
+spec: {}
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/validatingadmissionpolicybinding.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/validatingadmissionpolicybinding.yaml
new file mode 100644
index 000000000000..27c0bdbf09e5
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-in-specific-namespace/validatingadmissionpolicybinding.yaml
@@ -0,0 +1,7 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: disallow-host-path-t17-binding
+spec: {}
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-namespace-selector/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-namespace-selector/chainsaw-test.yaml
new file mode 100755
index 000000000000..c0ab0cea450d
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-namespace-selector/chainsaw-test.yaml
@@ -0,0 +1,19 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: cpol-exclude-resources-with-namespace-selector
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: policy.yaml
+    - assert:
+        file: policy-assert.yaml
+  - name: step-02
+    try:
+    - error:
+        file: validatingadmissionpolicy.yaml
+    - error:
+        file: validatingadmissionpolicybinding.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/policy-assert.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-namespace-selector/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/policy-assert.yaml
rename to test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-namespace-selector/policy-assert.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-namespace-selector/policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-namespace-selector/policy.yaml
new file mode 100644
index 000000000000..e1b5129be21e
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-namespace-selector/policy.yaml
@@ -0,0 +1,36 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disallow-host-path-t10
+spec:
+  validationFailureAction: Audit
+  background: false
+  rules:
+    - name: host-path
+      match:
+        any:
+        - resources:
+            kinds:
+            - Deployment
+            operations:
+            - CREATE
+            - UPDATE
+      exclude:
+        any:
+        - resources:
+            kinds:
+            - Deployment
+            operations:
+            - CREATE
+            - UPDATE
+            namespaceSelector:
+              matchExpressions:
+                - key: type 
+                  operator: In
+                  values: 
+                  - connector
+      validate:
+        cel:
+          expressions:
+            - expression: "!has(object.spec.template.spec.volumes) || object.spec.template.spec.volumes.all(volume, !has(volume.hostPath))"
+              message: "HostPath volumes are forbidden. The field spec.template.spec.volumes[*].hostPath must be unset."
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-namespace-selector/validatingadmissionpolicy.yaml
similarity index 100%
rename from test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/validatingadmissionpolicy.yaml
rename to test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-namespace-selector/validatingadmissionpolicy.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/validatingadmissionpolicybinding.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-namespace-selector/validatingadmissionpolicybinding.yaml
similarity index 100%
rename from test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/validatingadmissionpolicybinding.yaml
rename to test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-namespace-selector/validatingadmissionpolicybinding.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-object-selector/chainsaw-test.yaml
similarity index 87%
rename from test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/chainsaw-test.yaml
rename to test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-object-selector/chainsaw-test.yaml
index 4f0057848f62..129dde192b6a 100755
--- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/chainsaw-test.yaml
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-object-selector/chainsaw-test.yaml
@@ -2,7 +2,7 @@ apiVersion: chainsaw.kyverno.io/v1alpha1
 kind: Test
 metadata:
   creationTimestamp: null
-  name: cpol-exclude
+  name: cpol-exclude-resources-with-object-selector
 spec:
   steps:
   - name: step-01
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-namespace/policy-assert.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-object-selector/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-namespace/policy-assert.yaml
rename to test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-object-selector/policy-assert.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-namespace/policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-object-selector/policy.yaml
similarity index 77%
rename from test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-namespace/policy.yaml
rename to test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-object-selector/policy.yaml
index ee95434c316c..5c3c08affda5 100644
--- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-namespace/policy.yaml
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-object-selector/policy.yaml
@@ -14,8 +14,11 @@ spec:
       exclude:
         any:
         - resources:
-            namespaces:
-            - default
+            kinds:
+             - Pod
+            selector:
+              matchLabels:
+                app: critical
       validate:
         cel:
           expressions:
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-namespace/validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-object-selector/validatingadmissionpolicy.yaml
similarity index 100%
rename from test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-namespace/validatingadmissionpolicy.yaml
rename to test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-object-selector/validatingadmissionpolicy.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-namespace/validatingadmissionpolicybinding.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-object-selector/validatingadmissionpolicybinding.yaml
similarity index 100%
rename from test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-namespace/validatingadmissionpolicybinding.yaml
rename to test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-resources-with-object-selector/validatingadmissionpolicybinding.yaml
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/chainsaw-test.yaml
similarity index 91%
rename from test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-namespace/chainsaw-test.yaml
rename to test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/chainsaw-test.yaml
index d8997f4fb2e0..a909c7d5ebb2 100755
--- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-namespace/chainsaw-test.yaml
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/chainsaw-test.yaml
@@ -2,7 +2,7 @@ apiVersion: chainsaw.kyverno.io/v1alpha1
 kind: Test
 metadata:
   creationTimestamp: null
-  name: cpol-exclude-namespace
+  name: cpol-exclude-user-and-roles
 spec:
   steps:
   - name: step-01
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/policy-assert.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/policy-assert.yaml
new file mode 100644
index 000000000000..648f5587c55e
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/policy-assert.yaml
@@ -0,0 +1,12 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: check-label-app1
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
+  validatingadmissionpolicy:
+    generated: false
+  
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/policy.yaml
new file mode 100644
index 000000000000..e477a4381ec1
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/policy.yaml
@@ -0,0 +1,25 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: check-label-app1
+spec:
+  validationFailureAction: Audit
+  background: false
+  rules:
+    - name: check-label-app
+      match:
+        any:
+        - resources:
+            kinds:
+            - Pod
+      exclude:
+        any:
+        - clusterRoles:
+          - cluster-admin
+        - subjects:
+          - kind: User
+            name: John
+      validate:
+        cel:
+          expressions:
+            - expression: "'app' in object.metadata.labels"
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/validatingadmissionpolicy.yaml
new file mode 100644
index 000000000000..46b0d1dcff65
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/validatingadmissionpolicy.yaml
@@ -0,0 +1,7 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicy
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: check-label-app1
+spec: {}
diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/validatingadmissionpolicybinding.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/validatingadmissionpolicybinding.yaml
new file mode 100644
index 000000000000..11cc784ea350
--- /dev/null
+++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude-user-and-roles/validatingadmissionpolicybinding.yaml
@@ -0,0 +1,7 @@
+apiVersion: admissionregistration.k8s.io/v1alpha1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  name: check-label-app1-binding
+spec: {}
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/README.md b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/README.md
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/README.md
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-01-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-01-apply-1-1.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-01-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-01-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-01-assert-1-1.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-01-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-apply-1-1.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-apply-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-apply-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-apply-1-2.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-apply-1-2.yaml
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-apply-1-3.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-apply-1-3.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-apply-1-3.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-apply-1-3.yaml
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-apply-1-4.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-apply-1-4.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-apply-1-4.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-apply-1-4.yaml
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-apply-1-5.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-apply-1-5.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-apply-1-5.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-apply-1-5.yaml
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-assert-1-1.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-assert-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-assert-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-02-assert-1-2.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-02-assert-1-2.yaml
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-04-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-04-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-04-apply-1-1.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-04-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-05-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-05-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-05-apply-1-1.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-05-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-06-error-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-06-error-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-step-06-error-1-1.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-step-06-error-1-1.yaml
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/update-mycm.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/update-mycm.yaml
similarity index 100%
rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing(deprecated)/update-mycm.yaml
rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing-deprecated/update-mycm.yaml
diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout(deprecated)/README.md b/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout(deprecated)/README.md
rename to test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout-deprecated/README.md
diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout(deprecated)/policy-1.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout-deprecated/policy-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout(deprecated)/policy-1.yaml
rename to test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout-deprecated/policy-1.yaml
diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout(deprecated)/policy-2.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout-deprecated/policy-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout(deprecated)/policy-2.yaml
rename to test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout-deprecated/policy-2.yaml
diff --git a/test/conformance/chainsaw/reports/admission/exception/report-assert.yaml b/test/conformance/chainsaw/reports/admission/exception/report-assert.yaml
index 0304ef057e22..f8ca74b4e9ca 100644
--- a/test/conformance/chainsaw/reports/admission/exception/report-assert.yaml
+++ b/test/conformance/chainsaw/reports/admission/exception/report-assert.yaml
@@ -16,7 +16,7 @@ results:
   scored: true
   source: kyverno
   properties:
-    exception: mynewpolex
+    exceptions: mynewpolex
 summary:
   error: 0
   fail: 0
diff --git a/test/conformance/chainsaw/reports/background/exception-with-podsecurity/report-assert.yaml b/test/conformance/chainsaw/reports/background/exception-with-podsecurity/report-assert.yaml
index 5090a26d192d..a1b403443e2a 100644
--- a/test/conformance/chainsaw/reports/background/exception-with-podsecurity/report-assert.yaml
+++ b/test/conformance/chainsaw/reports/background/exception-with-podsecurity/report-assert.yaml
@@ -9,7 +9,7 @@ metadata:
 results:
 - policy: psa-1
   properties:
-    exception: pod-security-exception
+    exceptions: pod-security-exception
   result: skip
   rule: restricted
   scored: true
diff --git a/test/conformance/chainsaw/reports/background/exception/report-assert.yaml b/test/conformance/chainsaw/reports/background/exception/report-assert.yaml
index 0304ef057e22..f8ca74b4e9ca 100644
--- a/test/conformance/chainsaw/reports/background/exception/report-assert.yaml
+++ b/test/conformance/chainsaw/reports/background/exception/report-assert.yaml
@@ -16,7 +16,7 @@ results:
   scored: true
   source: kyverno
   properties:
-    exception: mynewpolex
+    exceptions: mynewpolex
 summary:
   error: 0
   fail: 0
diff --git a/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/README.md b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/README.md
new file mode 100644
index 000000000000..56e057aca1a7
--- /dev/null
+++ b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/README.md
@@ -0,0 +1,25 @@
+## Description
+
+This test makes sure that the report is generated correctly when multiple exceptions are created for the same policy.
+
+## Expected Behavior
+
+1. Create a pod with two init containers. The first init container should have the `NET_ADMIN` and `NET_RAW` capabilities, and the second init container should have the `SYS_TIME` capability.
+
+2. Create a policy that applies the baseline profile.
+
+3. Create two exceptions for the init containters as follows:
+   - The first exception `init1-exception-baseline` allows the values of `NET_ADMIN` and `NET_RAW` capabilities in the init containers. 
+   - The second exception `init2-exception-baseline` allows the values of `SYS_TIME` capabilities in the init containers.
+
+4. It is expected that a policy report is generated with a `skip` result.
+
+5. Delete the first exception.
+
+6. It is expected that a policy report is updated with a `fail` result since the first init container violates the policy and it isn't excluded by the second exception.
+
+
+
+## Reference Issue(s)
+
+#10580
diff --git a/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/chainsaw-test.yaml b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/chainsaw-test.yaml
new file mode 100755
index 000000000000..5bf90e7fde14
--- /dev/null
+++ b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/chainsaw-test.yaml
@@ -0,0 +1,45 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: multiple-exceptions-with-pod-security
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: pod.yaml
+  - name: step-02
+    try:
+    - apply:
+        file: policy.yaml
+    - assert:
+        file: policy-assert.yaml
+  - name: step-03
+    try:
+    - apply:
+        file: exceptions.yaml
+  - name: step-04
+    try:
+    - sleep:
+        duration: 5s
+  - name: step-05
+    try:
+    - assert:
+        file: report-skip-assert.yaml
+  - name: step-06
+    try:
+    - script:
+        env:
+        - name: NAMESPACE
+          value: ($namespace)
+        content: |
+          kubectl delete polex init1-exception-baseline -n $NAMESPACE
+  - name: step-07
+    try:
+    - sleep:
+        duration: 5s
+  - name: step-08
+    try:
+    - assert:
+        file: report-fail-assert.yaml
diff --git a/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/exceptions.yaml b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/exceptions.yaml
new file mode 100644
index 000000000000..862a08403d23
--- /dev/null
+++ b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/exceptions.yaml
@@ -0,0 +1,44 @@
+apiVersion: kyverno.io/v2
+kind: PolicyException
+metadata:
+  name: init1-exception-baseline
+spec:
+  exceptions:
+  - policyName: psp-baseline
+    ruleNames:
+    - baseline
+  match:
+    any:
+    - resources:
+        kinds:
+        - Pod
+  podSecurity:
+  - controlName: Capabilities
+    images:
+    - 'alpine:latest'
+    restrictedField: spec.initContainers[*].securityContext.capabilities.add
+    values:
+    - NET_ADMIN
+    - NET_RAW
+---
+apiVersion: kyverno.io/v2
+kind: PolicyException
+metadata:
+  name: init2-exception-baseline
+spec:
+  exceptions:
+  - policyName: psp-baseline
+    ruleNames:
+    - baseline
+  match:
+    any:
+    - resources:
+        kinds:
+        - Pod
+  podSecurity:
+  - controlName: Capabilities
+    images:
+    - 'busybox:latest'
+    restrictedField: spec.initContainers[*].securityContext.capabilities.add
+    values:
+    - SYS_TIME
diff --git a/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/pod.yaml b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/pod.yaml
new file mode 100644
index 000000000000..10ad4a02022f
--- /dev/null
+++ b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/pod.yaml
@@ -0,0 +1,56 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod
+spec:
+  containers:
+  - image: alpine:latest
+    imagePullPolicy: IfNotPresent
+    name: primary
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      runAsGroup: 1000
+      runAsNonRoot: true
+      runAsUser: 1000
+      seccompProfile:
+        type: RuntimeDefault
+  initContainers:
+  - image: alpine:latest
+    imagePullPolicy: IfNotPresent
+    name: init1
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_ADMIN
+        - NET_RAW
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: false
+      runAsGroup: 10001
+      runAsNonRoot: true
+      runAsUser: 10001
+      seccompProfile:
+        type: RuntimeDefault
+  - image: busybox:latest
+    imagePullPolicy: IfNotPresent
+    name: init2
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - SYS_TIME
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: true
+      runAsGroup: 10002
+      runAsNonRoot: true
+      runAsUser: 10002
+      seccompProfile:
+        type: RuntimeDefault
diff --git a/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/policy-assert.yaml b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/policy-assert.yaml
new file mode 100644
index 000000000000..21bb1a0623da
--- /dev/null
+++ b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/policy-assert.yaml
@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: psp-baseline
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
diff --git a/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/policy.yaml b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/policy.yaml
new file mode 100644
index 000000000000..d554dccac897
--- /dev/null
+++ b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/policy.yaml
@@ -0,0 +1,19 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: psp-baseline
+spec:
+  failurePolicy: Ignore
+  background: true
+  validationFailureAction: Enforce
+  rules:
+  - name: baseline
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+    validate:
+      podSecurity:
+        level: baseline
+        version: v1.29
diff --git a/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/report-fail-assert.yaml b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/report-fail-assert.yaml
new file mode 100644
index 000000000000..777ee1351225
--- /dev/null
+++ b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/report-fail-assert.yaml
@@ -0,0 +1,33 @@
+apiVersion: wgpolicyk8s.io/v1alpha2
+kind: PolicyReport
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  ownerReferences:
+  - apiVersion: v1
+    kind: Pod
+    name: test-pod
+results:
+- message: 'Validation rule ''baseline'' failed. It violates PodSecurity "baseline:v1.29":
+    (Forbidden reason: non-default capabilities, field error list: [spec.initContainers[0].securityContext.capabilities.add
+    is forbidden, forbidden values found: [NET_ADMIN NET_RAW]])'
+  policy: psp-baseline
+  properties:
+    controls: capabilities_baseline
+    controlsJSON: '[{"ID":"capabilities_baseline","Name":"Capabilities","Images":["docker.io/alpine:latest","docker.io/busybox:latest"]}]'
+    standard: baseline
+    version: v1.29
+  result: fail
+  rule: baseline
+  scored: true
+  source: kyverno
+scope:
+  apiVersion: v1
+  kind: Pod
+  name: test-pod
+summary:
+  error: 0
+  fail: 1
+  pass: 0
+  skip: 0
+  warn: 0
\ No newline at end of file
diff --git a/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/report-skip-assert.yaml b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/report-skip-assert.yaml
new file mode 100644
index 000000000000..4ed6fc4592eb
--- /dev/null
+++ b/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security/report-skip-assert.yaml
@@ -0,0 +1,27 @@
+apiVersion: wgpolicyk8s.io/v1alpha2
+kind: PolicyReport
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+  ownerReferences:
+  - apiVersion: v1
+    kind: Pod
+    name: test-pod
+results:
+- policy: psp-baseline
+  properties:
+    exceptions: init1-exception-baseline,init2-exception-baseline
+  result: skip
+  rule: baseline
+  scored: true
+  source: kyverno
+scope:
+  apiVersion: v1
+  kind: Pod
+  name: test-pod
+summary:
+  error: 0
+  fail: 0
+  pass: 0
+  skip: 1
+  warn: 0
diff --git a/test/conformance/chainsaw/validate/anchors/conditional(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/anchors/conditional-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/anchors/conditional(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/anchors/conditional-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/anchors/conditional(deprecated)/labelled-resource.yaml b/test/conformance/chainsaw/validate/anchors/conditional-deprecated/labelled-resource.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/anchors/conditional(deprecated)/labelled-resource.yaml
rename to test/conformance/chainsaw/validate/anchors/conditional-deprecated/labelled-resource.yaml
diff --git a/test/conformance/chainsaw/validate/anchors/conditional(deprecated)/namespace.yaml b/test/conformance/chainsaw/validate/anchors/conditional-deprecated/namespace.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/anchors/conditional(deprecated)/namespace.yaml
rename to test/conformance/chainsaw/validate/anchors/conditional-deprecated/namespace.yaml
diff --git a/test/conformance/chainsaw/validate/anchors/conditional(deprecated)/policy-ready.yaml b/test/conformance/chainsaw/validate/anchors/conditional-deprecated/policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/anchors/conditional(deprecated)/policy-ready.yaml
rename to test/conformance/chainsaw/validate/anchors/conditional-deprecated/policy-ready.yaml
diff --git a/test/conformance/chainsaw/validate/anchors/conditional(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/anchors/conditional-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/anchors/conditional(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/anchors/conditional-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/anchors/conditional(deprecated)/unlabelled-resource.yaml b/test/conformance/chainsaw/validate/anchors/conditional-deprecated/unlabelled-resource.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/anchors/conditional(deprecated)/unlabelled-resource.yaml
rename to test/conformance/chainsaw/validate/anchors/conditional-deprecated/unlabelled-resource.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/chainsaw-step-05-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/chainsaw-step-05-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/chainsaw-step-05-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/chainsaw-step-05-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/ns.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/ns.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/ns.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/policy-ready.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/policy-ready.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/service.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/service.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion(deprecated)/service.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/service.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure(deprecated)/pod-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/pod-fail.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure(deprecated)/pod-fail.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/pod-fail.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure(deprecated)/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure(deprecated)/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/policy-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/policy-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/policy-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/policy-2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/policy-assert1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-assert1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/policy-assert1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-assert1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/policy-assert2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-assert2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/policy-assert2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-assert2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/resource.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/resource.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure(deprecated)/resource.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/resource.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/chainsaw-step-04-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/chainsaw-step-04-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/chainsaw-step-04-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/chainsaw-step-04-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/policy-ready.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/policy-ready.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/resource-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/resource-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/resource-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/resource-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/resource.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/resource.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers(deprecated)/resource.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/resource.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/cluster-policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/cluster-policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/cluster-policy-ready.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/cluster-policy-ready.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/cluster-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/cluster-policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/cluster-policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/cluster-policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/keda-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/keda-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/keda-ready.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/keda-ready.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/keda.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/keda.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/keda.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/keda.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/policy-ready.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/policy-ready.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution(deprecated)/pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution(deprecated)/pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution(deprecated)/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution(deprecated)/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/README.md b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/README.md
new file mode 100644
index 000000000000..8ab7ec2d26c9
--- /dev/null
+++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/README.md
@@ -0,0 +1,30 @@
+## Description
+
+This test ensures that pods whose container don't set the `runAsNonRoot` field but init container sets the field to `false` are blocked by the `psa-run-as-non-root` policy with messages reporting both violations.
+
+## Expected Behavior
+
+1. Create a policy that applies the restricted profile.
+
+2. Create a pod with the following characteristics:
+   - The pod has an init container that sets the `runAsNonRoot` field to `false`.
+   - The pod has a container that doesn't set the `runAsNonRoot` field.
+
+   It is expected that the pod will be blocked with a message reporting both violations.
+
+3. Create a pod with the following characteristics:
+    - The pod has an init container that sets the `runAsNonRoot` field to `true`.
+    - The pod has a container that doesn't set the `runAsNonRoot` field.
+    
+    It is expected that the pod will be blocked with a message reporting the violation of the container.
+
+4. Create a pod with the following characteristics:
+    - The pod has an init container that sets the `runAsNonRoot` field to `true`.
+    - The pod has a container that doesn't set the `runAsNonRoot` field.
+    - `runAsNonRoot` is set to `true` in the pod spec.
+
+    It is expected that the pod will be created successfully.
+
+## Reference Issue(s)
+
+#10581
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/bad-pod-01.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/bad-pod-01.yaml
new file mode 100644
index 000000000000..b0029e12bf0a
--- /dev/null
+++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/bad-pod-01.yaml
@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    run: test-pod
+  name: test-pod
+  namespace: default
+spec:
+  containers:
+  - image: nginx
+    name: test-pod
+    resources:
+      limits:
+        cpu: "2"
+        memory: 4Gi
+      requests:
+        cpu: 50m
+        memory: 256Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+  initContainers:
+  - args:
+    - istio-iptables
+    env:
+    - name: TERMINATION_DRAIN_DURATION_SECONDS
+      value: "30"
+    image: some.registry/istio/proxyv2:1.18.7
+    imagePullPolicy: IfNotPresent
+    name: istio-init
+    resources:
+      limits:
+        cpu: "2"
+        memory: 1Gi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      runAsNonRoot: false
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/bad-pod-02.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/bad-pod-02.yaml
new file mode 100644
index 000000000000..39cd3b611732
--- /dev/null
+++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/bad-pod-02.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    run: test-pod
+  name: test-pod
+spec:
+  containers:
+  - image: nginx
+    name: test-pod
+    resources:
+      limits:
+        cpu: "2"
+        memory: 4Gi
+      requests:
+        cpu: 50m
+        memory: 256Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+  initContainers:
+  - args:
+    - istio-iptables
+    env:
+    - name: TERMINATION_DRAIN_DURATION_SECONDS
+      value: "30"
+    image: some.registry/istio/proxyv2:1.18.7
+    imagePullPolicy: IfNotPresent
+    name: istio-init
+    resources:
+      limits:
+        cpu: "2"
+        memory: 1Gi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      runAsNonRoot: true
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/chainsaw-test.yaml
new file mode 100755
index 000000000000..f93bf46a26c7
--- /dev/null
+++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/chainsaw-test.yaml
@@ -0,0 +1,32 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: psa-run-as-non-root
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: policy.yaml
+    - assert:
+        file: policy-assert.yaml
+  - name: step-02
+    try:
+    - script:
+        content: kubectl apply -f bad-pod-01.yaml
+        check:
+          ($error != null): true
+          (contains($stderr, 'spec.initContainers[0].securityContext.runAsNonRoot')): true
+          (contains($stderr, 'spec.containers[0].securityContext.runAsNonRoot')): true
+  - name: step-03
+    try:
+    - script:
+        content: kubectl apply -f bad-pod-02.yaml
+        check:
+          ($error != null): true
+          (contains($stderr, 'spec.containers[0].securityContext.runAsNonRoot')): true
+  - name: step-04
+    try:
+    - apply:
+        file: good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/good-pod.yaml
new file mode 100644
index 000000000000..7a831200a093
--- /dev/null
+++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/good-pod.yaml
@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    run: test-pod
+  name: test-pod
+spec:
+  securityContext:
+    runAsNonRoot: true
+  containers:
+  - image: nginx
+    name: test-pod
+    resources:
+      limits:
+        cpu: "2"
+        memory: 4Gi
+      requests:
+        cpu: 50m
+        memory: 256Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+  initContainers:
+  - args:
+    - istio-iptables
+    env:
+    - name: TERMINATION_DRAIN_DURATION_SECONDS
+      value: "30"
+    image: some.registry/istio/proxyv2:1.18.7
+    imagePullPolicy: IfNotPresent
+    name: istio-init
+    resources:
+      limits:
+        cpu: "2"
+        memory: 1Gi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      runAsNonRoot: true
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/policy-assert.yaml
new file mode 100644
index 000000000000..e5855a5d4f9c
--- /dev/null
+++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/policy-assert.yaml
@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: psp-restricted-limited
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/policy.yaml
new file mode 100644
index 000000000000..a8140c18c8ae
--- /dev/null
+++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/policy.yaml
@@ -0,0 +1,31 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: psp-restricted-limited
+  annotations:
+    pod-policies.kyverno.io/autogen-controllers: none
+spec:
+  background: true
+  validationFailureAction: Enforce
+  rules:
+  - name: restricted
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+          namespaces:
+          - default
+    validate:
+      podSecurity:
+        level: restricted
+        version: v1.29
+        exclude:
+        - controlName: Volume Types
+        - controlName: Seccomp
+        - controlName: Seccomp
+          images:
+          - '*'
+        - controlName: Capabilities
+          images:
+          - "*"
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting(deprecated)/chainsaw-step-00-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/chainsaw-step-00-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting(deprecated)/chainsaw-step-00-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/chainsaw-step-00-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting(deprecated)/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting(deprecated)/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail(deprecated)/event-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/event-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail(deprecated)/event-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/event-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail(deprecated)/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail(deprecated)/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail(deprecated)/resource.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/resource.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail(deprecated)/resource.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/resource.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/event-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/event-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/event-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/event-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/report-pass-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/report-pass-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/report-pass-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/report-pass-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/resource.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/resource.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass(deprecated)/resource.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/resource.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip(deprecated)/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip(deprecated)/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip(deprecated)/report-skip-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/report-skip-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip(deprecated)/report-skip-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/report-skip-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip(deprecated)/resource.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/resource.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip(deprecated)/resource.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/resource.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages(deprecated)/pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages(deprecated)/pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages(deprecated)/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages(deprecated)/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/chainsaw-step-01-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-apply-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/chainsaw-step-01-apply-1-2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-apply-1-2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-apply-1-3.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/chainsaw-step-01-apply-1-3.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-apply-1-3.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/chainsaw-step-01-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-assert-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/chainsaw-step-01-assert-1-2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-assert-1-2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/lazyload/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/chainsaw-step-01-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-apply-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/chainsaw-step-01-apply-1-2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-apply-1-2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-apply-1-3.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/chainsaw-step-01-apply-1-3.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-apply-1-3.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-apply-1-4.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/chainsaw-step-01-apply-1-4.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-apply-1-4.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/chainsaw-step-01-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/cm-default-ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/cm-default-ns.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/cm-default-ns.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/cm-default-ns.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/cm-test-ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/cm-test-ns.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls(deprecated)/subjectaccessreview/cm-test-ns.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/cm-test-ns.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-clusterRoles/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-clusterRoles/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-clusterRoles/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-clusterRoles/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-clusterRoles/chainsaw-step-02-error-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-clusterRoles/chainsaw-step-02-error-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-clusterRoles/chainsaw-step-02-error-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-clusterRoles/chainsaw-step-02-error-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-clusterRoles/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-clusterRoles/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-clusterRoles/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-clusterRoles/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-clusterRoles/manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-clusterRoles/manifests.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-clusterRoles/manifests.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-clusterRoles/manifests.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-roles/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-roles/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-roles/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-roles/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-roles/chainsaw-step-02-error-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-roles/chainsaw-step-02-error-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-roles/chainsaw-step-02-error-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-roles/chainsaw-step-02-error-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-roles/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-roles/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-roles/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-roles/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-roles/manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-roles/manifests.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-match-roles/manifests.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-match-roles/manifests.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-roles/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-roles/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-roles/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-roles/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-roles/chainsaw-step-02-error-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-roles/chainsaw-step-02-error-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-roles/chainsaw-step-02-error-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-roles/chainsaw-step-02-error-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-roles/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-roles/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-roles/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-roles/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-roles/manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-roles/manifests.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-roles/manifests.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-roles/manifests.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-serviceAccountName/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-serviceAccountName/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-serviceAccountName/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-serviceAccountName/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-serviceAccountName/chainsaw-step-02-error-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-serviceAccountName/chainsaw-step-02-error-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-serviceAccountName/chainsaw-step-02-error-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-serviceAccountName/chainsaw-step-02-error-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-serviceAccountName/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-serviceAccountName/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-serviceAccountName/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-serviceAccountName/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-serviceAccountName/manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-serviceAccountName/manifests.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-serviceAccountName/manifests.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-serviceAccountName/manifests.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-userInfo/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-userInfo/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-userInfo/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-userInfo/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-userInfo/chainsaw-step-02-error-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-userInfo/chainsaw-step-02-error-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-userInfo/chainsaw-step-02-error-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-userInfo/chainsaw-step-02-error-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-userInfo/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-userInfo/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-userInfo/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-userInfo/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-userInfo/manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-userInfo/manifests.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/background-vars-userInfo/manifests.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/background-vars-userInfo/manifests.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-01-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-01-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-01-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-01-apply-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-01-apply-1-2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-01-apply-1-2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-01-apply-1-3.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-01-apply-1-3.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-01-apply-1-3.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-01-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-01-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-01-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-02-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-02-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-02-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-02-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-02-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-02-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-03-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-03-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-step-03-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-03-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit(deprecated)/configmap-context-lookup/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/with-permissions/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/with-permissions/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/with-permissions/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/with-permissions/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/with-permissions/pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/with-permissions/pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/with-permissions/pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/with-permissions/pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/with-permissions/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/with-permissions/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/with-permissions/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/with-permissions/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/with-permissions/rbac.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/with-permissions/rbac.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/with-permissions/rbac.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/with-permissions/rbac.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/with-permissions/serviceaccount.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/with-permissions/serviceaccount.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/with-permissions/serviceaccount.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/with-permissions/serviceaccount.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/without-permissions/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/without-permissions/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/without-permissions/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/without-permissions/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/without-permissions/deployment.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/without-permissions/deployment.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/without-permissions/deployment.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/without-permissions/deployment.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/without-permissions/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/without-permissions/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/without-permissions/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/without-permissions/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/without-permissions/rbac.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/without-permissions/rbac.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/without-permissions/rbac.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/without-permissions/rbac.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/without-permissions/serviceaccount.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/without-permissions/serviceaccount.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/authorizor-checks/without-permissions/serviceaccount.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/authorizor-checks/without-permissions/serviceaccount.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-preconditions/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-preconditions/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-preconditions/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-preconditions/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-preconditions/pod-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/pod-fail.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-preconditions/pod-fail.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/pod-fail.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-preconditions/pod-pass.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/pod-pass.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-preconditions/pod-pass.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/pod-pass.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-preconditions/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-preconditions/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-preconditions/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-preconditions/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/deployments-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/deployments-fail.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/deployments-fail.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/deployments-fail.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/deployments-pass.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/deployments-pass.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/deployments-pass.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/deployments-pass.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/ns.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/ns.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/ns.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/cel-variables/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/ns.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/ns.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/ns.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/statefulset-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/statefulset-fail.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/statefulset-fail.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/statefulset-fail.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/statefulset-pass.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/statefulset-pass.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/check-statefulset-namespace/statefulset-pass.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/statefulset-pass.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/disallow-host-port/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/disallow-host-port/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/disallow-host-port/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/disallow-host-port/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/disallow-host-port/pod-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/pod-fail.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/disallow-host-port/pod-fail.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/pod-fail.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/disallow-host-port/pod-pass.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/pod-pass.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/disallow-host-port/pod-pass.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/pod-pass.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/disallow-host-port/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/disallow-host-port/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/disallow-host-port/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/disallow-host-port/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/crd-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/crd-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/crd-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/crd-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/crd.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/crd.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/crd.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/crd.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/namespaceConstraint.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/namespaceConstraint.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/namespaceConstraint.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/namespaceConstraint.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/ns-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/ns-fail.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/ns-fail.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/ns-fail.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/ns-pass.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/ns-pass.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/ns-pass.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/ns-pass.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/clusterscoped/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/crd-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/crd-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/crd-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/crd-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/crd.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/crd.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/crd.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/crd.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/nameConstraint.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/nameConstraint.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/nameConstraint.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/nameConstraint.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/ns.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/ns.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/ns.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/match-clusterscoped-resource/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/crd-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/crd-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/crd-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/crd-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/crd.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/crd.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/crd.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/crd.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/deployment-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/deployment-fail.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/deployment-fail.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/deployment-fail.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/deployment-pass.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/deployment-pass.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/deployment-pass.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/deployment-pass.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/ns.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/ns.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/ns.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/replicaLimit.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/replicaLimit.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/set-paramref-namespace/replicaLimit.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/replicaLimit.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/crd-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/crd-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/crd-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/crd-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/crd.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/crd.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/crd.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/crd.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/ns.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/ns.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/ns.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/replicaLimit.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/replicaLimit.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/replicaLimit.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/replicaLimit.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/statefulset-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/statefulset-fail.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/statefulset-fail.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/statefulset-fail.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/statefulset-pass.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/statefulset-pass.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/cel(deprecated)/parameter-resources/namespaced/unset-paramref-namespace/statefulset-pass.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/statefulset-pass.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-pod/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-pod/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-pod/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-pod/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-pod/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/policies-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-pod/policies-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/policies-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-pod/policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/policies.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-pod/policies.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/policies.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-pod/resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/resources.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-pod/resources.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/resources.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-subresource/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-subresource/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-subresource/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-subresource/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-subresource/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/policies-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-subresource/policies-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/policies-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-subresource/policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/policies.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-subresource/policies.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/policies.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-subresource/resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/resources.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-subresource/resources.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/resources.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-wildcard/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-wildcard/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-wildcard/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-wildcard/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-wildcard/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/policies-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-wildcard/policies-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/policies-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-wildcard/policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/policies.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-wildcard/policies.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/policies.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-wildcard/resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/resources.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug(deprecated)/with-wildcard/resources.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/resources.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/api-initiated-eviction.sh b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/api-initiated-eviction.sh
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/api-initiated-eviction.sh
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/api-initiated-eviction.sh
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-step-01-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/chainsaw-step-01-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-step-01-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-step-01-apply-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/chainsaw-step-01-apply-1-2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-step-01-apply-1-2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-step-01-apply-1-3.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/chainsaw-step-01-apply-1-3.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-step-01-apply-1-3.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-step-01-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/chainsaw-step-01-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-step-01-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/eviction.json b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/eviction.json
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/api-initiated-pod-eviction/eviction.json
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/eviction.json
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/block-pod-exec-requests/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/block-pod-exec-requests/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/block-pod-exec-requests/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-step-01-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/block-pod-exec-requests/chainsaw-step-01-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-step-01-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/block-pod-exec-requests/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-step-01-apply-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/block-pod-exec-requests/chainsaw-step-01-apply-1-2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-step-01-apply-1-2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/block-pod-exec-requests/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-step-01-apply-1-3.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/block-pod-exec-requests/chainsaw-step-01-apply-1-3.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-step-01-apply-1-3.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/block-pod-exec-requests/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-step-01-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/block-pod-exec-requests/chainsaw-step-01-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-step-01-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/block-pod-exec-requests/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/block-pod-exec-requests/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-apply-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-apply-1-2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-apply-1-2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-apply-1-3.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-apply-1-3.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-apply-1-3.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-apply-1-4.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-apply-1-4.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-apply-1-4.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-assert-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-assert-1-2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-assert-1-2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-assert-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-assert-1-3.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-step-01-assert-1-3.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-assert-1-3.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/bypass-with-policy-exception/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/csr/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/csr/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/csr/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/csr/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/csr/csr-mutated.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/csr-mutated.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/csr/csr-mutated.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/csr-mutated.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/csr/csr.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/csr.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/csr/csr.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/csr.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/csr/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/csr/policy-ready.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/policy-ready.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/csr/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/csr/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/bad-pod-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/bad-pod-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/bad-pod-ready.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/bad-pod-ready.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/bad-pod-update-test.sh b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/bad-pod-update-test.sh
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/bad-pod-update-test.sh
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/bad-pod-update-test.sh
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/good-pod-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/good-pod-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/good-pod-ready.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/good-pod-ready.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/good-pod-update-test.sh b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/good-pod-update-test.sh
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/good-pod-update-test.sh
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/good-pod-update-test.sh
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/policy-ready.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/policy-ready.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/update-bad-pod-to-comply.sh b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/update-bad-pod-to-comply.sh
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/enforce-validate-existing/update-bad-pod-to-comply.sh
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/update-bad-pod-to-comply.sh
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/failure-policy-ignore-anchor/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/failure-policy-ignore-anchor/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/failure-policy-ignore-anchor/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/failure-policy-ignore-anchor/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/failure-policy-ignore-anchor/pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/failure-policy-ignore-anchor/pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/failure-policy-ignore-anchor/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/failure-policy-ignore-anchor/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/failure-policy-ignore-anchor/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/failure-policy-ignore-anchor/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/ns.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/ns.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/ns.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/pod-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/pod-fail.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/pod-fail.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/pod-fail.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/pod-pass.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/pod-pass.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/pod-pass.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/pod-pass.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/ns-selector-with-wildcard-kind/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-allnotin-01/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-allnotin-01/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-allnotin-01/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-step-01-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-allnotin-01/chainsaw-step-01-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-step-01-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-allnotin-01/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-step-01-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-allnotin-01/chainsaw-step-01-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-step-01-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-allnotin-01/chainsaw-step-03-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-step-03-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-allnotin-01/chainsaw-step-03-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-step-03-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-allnotin-01/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-allnotin-01/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-allnotin-01/resource.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/resource.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-allnotin-01/resource.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/resource.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-anyin-boolean/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-anyin-boolean/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-anyin-boolean/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-step-01-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-anyin-boolean/chainsaw-step-01-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-step-01-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-anyin-boolean/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-step-02-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-anyin-boolean/chainsaw-step-02-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-step-02-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-anyin-boolean/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-anyin-boolean/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-anyin-boolean/pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/operator-anyin-boolean/pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/resource-apply-block/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/resource-apply-block/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/resource-apply-block/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-step-01-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/resource-apply-block/chainsaw-step-01-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-step-01-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/resource-apply-block/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-step-01-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/resource-apply-block/chainsaw-step-01-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-step-01-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/resource-apply-block/chainsaw-step-03-error-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-step-03-error-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/resource-apply-block/chainsaw-step-03-error-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-step-03-error-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/resource-apply-block/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/resource-apply-block/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/resource-apply-block/resource.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/resource.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/resource-apply-block/resource.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/resource.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-3.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-3.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-3.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce(deprecated)/scaling-with-kubectl-scale/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/crd-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/crd-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/crd-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/crd-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/crd-ready-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/crd-ready-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/crd-ready-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/crd-ready-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/crd-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/crd-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/crd-ready.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/crd-ready.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/crd.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/crd.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/crd.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/crd.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/policy-ready.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/policy-ready.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/task.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/task.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/gvk(deprecated)/task.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/task.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/bad-pod-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/bad-pod-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/bad-pod-1.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/bad-pod-1.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/bad-pod-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/bad-pod-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/bad-pod-2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/bad-pod-2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/seccomp-latest-check-no-exclusion/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-deletion-request/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-deletion-request/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-deletion-request/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-deletion-request/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-deletion-request/manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/manifests.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-deletion-request/manifests.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/manifests.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-deletion-request/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-deletion-request/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-deletion-request/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-deletion-request/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-capabilities/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-namespaces/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-host-ports/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostpath-volume/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-hostprocesses/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privilege-escalation/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-privileged-containers/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-capabilities/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-restricted-seccomp/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot-user/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-running-as-nonroot/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-seccomp/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-selinux/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-sysctls/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/bad-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/bad-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/bad-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/excluded-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/excluded-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/excluded-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/excluded-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/good-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/good-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/good-pod.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/good-pod.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/psa(deprecated)/test-exclusion-volume-types/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource copy/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/subresource copy/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource copy/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/subresource copy/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource copy/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/policies-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/subresource copy/policies-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/policies-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource copy/policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/policies.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/subresource copy/policies.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/policies.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource copy/resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/resources.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/subresource copy/resources.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/resources.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/pod-bad.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/pod-bad.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/pod-bad.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/pod-bad.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/pod-good.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/pod-good.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/pod-good.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/pod-good.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/policy-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/policy-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/policy-2.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/policy-2.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/policy-assert.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/policy-assert.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/policy-assert.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage(deprecated)/README.md b/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage(deprecated)/README.md
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map(deprecated)/README.md b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/adding-key-to-config-map(deprecated)/README.md
rename to test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map(deprecated)/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-step-01-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/adding-key-to-config-map(deprecated)/chainsaw-step-01-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-step-01-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map(deprecated)/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-step-01-apply-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/adding-key-to-config-map(deprecated)/chainsaw-step-01-apply-1-2.yaml
rename to test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-step-01-apply-1-2.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map(deprecated)/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-step-01-apply-1-3.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/adding-key-to-config-map(deprecated)/chainsaw-step-01-apply-1-3.yaml
rename to test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-step-01-apply-1-3.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map(deprecated)/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-step-01-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/adding-key-to-config-map(deprecated)/chainsaw-step-01-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-step-01-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/adding-key-to-config-map(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor copy(deprecated)/README.md b/test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/global-anchor copy(deprecated)/README.md
rename to test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor copy(deprecated)/bad.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/bad.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/global-anchor copy(deprecated)/bad.yaml
rename to test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/bad.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor copy(deprecated)/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/chainsaw-step-02-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/global-anchor copy(deprecated)/chainsaw-step-02-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/chainsaw-step-02-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor copy(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/global-anchor copy(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor copy(deprecated)/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/global-anchor copy(deprecated)/policy-ready.yaml
rename to test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/policy-ready.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor copy(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/global-anchor copy(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/README.md b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/README.md
rename to test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-step-01-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/chainsaw-step-01-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-step-01-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-step-01-apply-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/chainsaw-step-01-apply-1-2.yaml
rename to test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-step-01-apply-1-2.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-step-01-assert-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/chainsaw-step-01-assert-1-1.yaml
rename to test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-step-01-assert-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-step-01-assert-1-2.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/chainsaw-step-01-assert-1-2.yaml
rename to test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-step-01-assert-1-2.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/postgresqls-ready.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/postgresqls-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/postgresqls-ready.yaml
rename to test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/postgresqls-ready.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/postgresqls.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/postgresqls.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/postgresqls.yaml
rename to test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/postgresqls.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/resource.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/resource.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/lowercase-kind-crd(deprecated)/resource.yaml
rename to test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/resource.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/README.md b/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/README.md
rename to test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/ns-ready.yaml b/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/ns-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/ns-ready.yaml
rename to test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/ns-ready.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/ns-update.yaml b/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/ns-update.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/ns-update.yaml
rename to test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/ns-update.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/ns.yaml b/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/ns.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/ns.yaml
rename to test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/ns.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/policy-ready.yaml
rename to test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/policy-ready.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/old-object-exists(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images(deprecated)/README.md b/test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/trusted-images(deprecated)/README.md
rename to test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images(deprecated)/bad.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/bad.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/trusted-images(deprecated)/bad.yaml
rename to test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/bad.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images(deprecated)/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/chainsaw-step-02-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/trusted-images(deprecated)/chainsaw-step-02-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/chainsaw-step-02-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/trusted-images(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images(deprecated)/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/trusted-images(deprecated)/policy-ready.yaml
rename to test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/policy-ready.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/trusted-images(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode(deprecated)/README.md b/test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/x509-decode(deprecated)/README.md
rename to test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode(deprecated)/bad.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/bad.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/x509-decode(deprecated)/bad.yaml
rename to test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/bad.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode(deprecated)/chainsaw-step-03-apply-1-1.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/chainsaw-step-03-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/x509-decode(deprecated)/chainsaw-step-03-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/chainsaw-step-03-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/x509-decode(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode(deprecated)/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/x509-decode(deprecated)/policy-ready.yaml
rename to test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/policy-ready.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/x509-decode(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing(deprecated)/README.md b/test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/yaml-signing(deprecated)/README.md
rename to test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/README.md
diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing(deprecated)/bad.yaml b/test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/bad.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/yaml-signing(deprecated)/bad.yaml
rename to test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/bad.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing(deprecated)/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/chainsaw-step-02-apply-1-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/yaml-signing(deprecated)/chainsaw-step-02-apply-1-1.yaml
rename to test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/chainsaw-step-02-apply-1-1.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/yaml-signing(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing(deprecated)/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/yaml-signing(deprecated)/policy-ready.yaml
rename to test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/policy-ready.yaml
diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing(deprecated)/policy.yaml b/test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/validate/e2e/yaml-signing(deprecated)/policy.yaml
rename to test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/policy.yaml
diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success(deprecated)/README.md b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success-deprecated/README.md
similarity index 100%
rename from test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success(deprecated)/README.md
rename to test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success-deprecated/README.md
diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success(deprecated)/bad-pod.yaml b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success-deprecated/bad-pod.yaml
similarity index 100%
rename from test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success(deprecated)/bad-pod.yaml
rename to test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success-deprecated/bad-pod.yaml
diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success(deprecated)/chainsaw-step-02-apply-1.yaml b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success-deprecated/chainsaw-step-02-apply-1.yaml
similarity index 100%
rename from test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success(deprecated)/chainsaw-step-02-apply-1.yaml
rename to test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success-deprecated/chainsaw-step-02-apply-1.yaml
diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success-deprecated/chainsaw-test.yaml
similarity index 100%
rename from test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success(deprecated)/chainsaw-test.yaml
rename to test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success-deprecated/chainsaw-test.yaml
diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success(deprecated)/policy-ready.yaml b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success-deprecated/policy-ready.yaml
similarity index 100%
rename from test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success(deprecated)/policy-ready.yaml
rename to test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success-deprecated/policy-ready.yaml
diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success(deprecated)/policy.yaml b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success-deprecated/policy.yaml
similarity index 100%
rename from test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success(deprecated)/policy.yaml
rename to test/conformance/chainsaw/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success-deprecated/policy.yaml