diff --git a/.codeclimate.yml b/.codeclimate.yml
index 95a96cfddb..cf3023aa6f 100644
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@@ -12,7 +12,7 @@ ratings:
 
 exclude_paths:
 - documentation/
+- charts
 - definitions
-- gh-pages
 - samples
-- scripts
\ No newline at end of file
+- scripts
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 0000000000..f542064542
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,50 @@
+## Related issue
+
+<!--
+Please link the GitHub issue this pull request resolves in the format of `#1234`. If you discussed this change
+with a maintainer, please mention her/him using the `@` syntax (e.g. `@JimBugwadia`).
+
+If this change neither resolves an existing issue nor has sign-off from one of the maintainers, there is a
+chance substantial changes will be requested or that the changes will be rejected.
+
+You can discuss changes with maintainers in the [Kyvrno Slack Channel](https://kubernetes.slack.com/).
+-->
+
+**What type of PR is this?**
+<!--
+
+> Uncomment only one ` /kind <>` line, hit enter to put that in a new line, and remove leading whitespaces from that line:
+>
+> /kind api-change
+> /kind bug
+> /kind cleanup
+> /kind design
+> /kind documentation
+> /kind failing-test
+> /kind feature
+-->
+
+## Proposed changes
+
+<!--
+Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request.
+-->
+
+## Checklist
+
+<!--
+Put an `x` in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of
+them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.
+-->
+
+- [ ] I have read the [contributing guidelines](../blob/master/CONTRIBUTING.md).
+- [ ] I have added tests that prove my fix is effective or that my feature
+      works.
+- [ ] I have added or changed [the documentation](documentation/).
+
+## Further comments
+
+<!--
+If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution
+you did and what alternatives you considered, etc...
+-->
diff --git a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md
deleted file mode 100644
index 7f76f9d5bf..0000000000
--- a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md
+++ /dev/null
@@ -1,21 +0,0 @@
-**What type of PR is this?**
-> Uncomment only one ` /kind <>` line, hit enter to put that in a new line, and remove leading whitespaces from that line:
->
-> /kind api-change
-> /kind bug
-> /kind cleanup
-> /kind design
-> /kind documentation
-> /kind failing-test
-> /kind feature
-
-**What this PR does / why we need it**:
-
-**Which issue(s) this PR fixes**:
-<!--
-*Automatically closes linked issue when PR is merged.
-Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-_-->
-Fixes #
-
-**Special notes for your reviewer**:
diff --git a/.github/semantic.yml b/.github/semantic.yml
new file mode 100644
index 0000000000..bf22245188
--- /dev/null
+++ b/.github/semantic.yml
@@ -0,0 +1,17 @@
+titleOnly: true
+commitsOnly: false
+titleAndCommits: false
+
+types:
+  - feat
+  - fix
+  - revert
+  - docs
+  - style
+  - refactor
+  - test
+  - build
+  - autogen
+  - security
+  - ci
+  - chore
\ No newline at end of file
diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml
index f507810838..9ba920dad1 100644
--- a/.github/workflows/helm-release.yaml
+++ b/.github/workflows/helm-release.yaml
@@ -37,6 +37,10 @@ jobs:
       run: |
         mkdir -p output/helm-charts/
         helm package charts/kyverno/ -d output/helm-charts/
+    - name: Reindex repo
+      run: |
+        wget --quiet ${{ env.HELM_CHART_URL }}/index.yaml
+        helm repo index --merge index.yaml --url ${{ env.HELM_CHART_URL }} output/helm-charts/
     - name: Release
       uses: JamesIves/github-pages-deploy-action@releases/v3
       with:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 37a761ec1e..5413b04b86 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -20,6 +20,11 @@ jobs:
         uses: actions/setup-go@v2
         with:
           go-version: 1.14
+      - uses: azure/docker-login@v1
+        with:
+          login-server: index.docker.io
+          username: ${{ secrets.DOCKERIO_USERNAME }}
+          password: ${{ secrets.DOCKERIO_PASSWORD }}
       -
         name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
@@ -28,4 +33,5 @@ jobs:
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      - uses: creekorful/goreportcard-action@v1.0
 
diff --git a/.goreleaser.yml b/.goreleaser.yml
index ea0f116de2..c388818f85 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,11 +1,11 @@
-project_name: kyverno 
+project_name: kyverno-cli 
 before:
   hooks:
     - go mod download
 builds:
-- id: kyverno
+- id: kyverno-cli
   main: cmd/cli/kubectl-kyverno/main.go
-  binary: kyverno
+  binary: kyverno-cli
   env:
   - CGO_ENABLED=0
   goos:
@@ -14,20 +14,36 @@ builds:
     - windows
   goarch:
     - amd64
-    - arm
-    - arm64
   goarm: [6, 7]
+- id: kyverno
+  main: cmd/kyverno/main.go
+  binary: kyverno
+  env:
+  - CGO_ENABLED=0
+  goos:
+    - linux
+  goarch:
+    - amd64
+- id: kyvernopre
+  main: cmd/initContainer/main.go
+  binary: kyvernopre
+  env:
+  - CGO_ENABLED=0
+  goos:
+    - linux
+  goarch:
+    - amd64
 archives:
-- id: kyverno-archive
+- id: kyverno-cli-archive
   name_template: |-
-    kyverno_{{ .Tag }}_{{ .Os }}_{{ .Arch -}}
+    kyverno-cli_{{ .Tag }}_{{ .Os }}_{{ .Arch -}}
     {{- with .Arm -}}
       {{- if (eq . "6") -}}hf
       {{- else -}}v{{- . -}}
       {{- end -}}
     {{- end -}}
   builds:
-    - kyverno
+    - kyverno-cli
   replacements:
     386: i386
     amd64: x86_64
@@ -40,3 +56,49 @@ checksum:
   algorithm: sha256
 release:
   prerelease: auto
+changelog:
+  sort: asc
+  filters:
+    # commit messages matching the regexp listed here will be removed from
+    # the changelog
+    exclude:
+      - '^docs:'
+      - typo
+brews:
+  - github:
+      owner: nirmata
+      name: homebrew-kyverno-cli
+    goarm: 6
+    ids:
+    - kyverno-cli-archive
+    homepage:  https://www.kyverno.io
+    commit_author:
+      name: kyverno
+      email: kyverno@nirmata.com
+scoop:
+  bucket:
+    owner: nirmata
+    name: scoop-kyverno-cli
+  homepage:  https://www.kyverno.io
+  commit_author:
+    name: kyverno
+    email: kyverno@nirmata.com
+dockers:
+  - dockerfile: ./cmd/initContainer/Dockerfile
+    binaries:
+      - kyvernopre
+    image_templates:
+      - "nirmata/kyvernopre:v{{ .Major }}"
+      - "nirmata/kyvernopre:v{{ .Major }}.{{ .Minor }}"
+      - "nirmata/kyvernopre:v{{ .Major }}.{{ .Minor }}.{{ .Patch }}"
+      - "nirmata/kyvernopre:{{ .Tag }}"
+      - "nirmata/kyvernopre:latest"
+  - dockerfile: ./cmd/kyverno/Dockerfile
+    binaries:
+      - kyverno
+    image_templates:
+      - "nirmata/kyverno:v{{ .Major }}"
+      - "nirmata/kyverno:v{{ .Major }}.{{ .Minor }}"
+      - "nirmata/kyverno:v{{ .Major }}.{{ .Minor }}.{{ .Patch }}"
+      - "nirmata/kyverno:{{ .Tag }}"
+      - "nirmata/kyverno:latest"
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 56c3b92ddd..3269688a4e 100644
--- a/Makefile
+++ b/Makefile
@@ -113,4 +113,7 @@ code-cov-report: $(CODE_COVERAGE_FILE_TXT)
 # transform to html format
 	@echo "	generating code coverage report"
 	go tool cover -html=coverage.txt
-	if [ -a $(CODE_COVERAGE_FILE_HTML) ]; then open $(CODE_COVERAGE_FILE_HTML); fi;
\ No newline at end of file
+	if [ -a $(CODE_COVERAGE_FILE_HTML) ]; then open $(CODE_COVERAGE_FILE_HTML); fi;
+
+godownloader:
+	godownloader .goreleaser.yml --repo nirmata/kyverno -o ./scripts/install-cli.sh  --source="raw"
\ No newline at end of file
diff --git a/documentation/kyverno-cli.md b/documentation/kyverno-cli.md
index 05ae5590dc..0e4f640d94 100644
--- a/documentation/kyverno-cli.md
+++ b/documentation/kyverno-cli.md
@@ -16,6 +16,12 @@ make cli
 mv ./cmd/cli/kubectl-kyverno/kyverno /usr/local/bin/kyverno
 ```
 
+You can also use curl to install kyverno-cli
+
+```bash
+curl -L https://raw.githubusercontent.com/nirmata/kyverno/master/scripts/install-cli.sh | bash
+```
+
 ## Install via AUR (archlinux)
 
 You can install the kyverno cli via your favourite AUR helper (e.g. [yay](https://github.com/Jguer/yay))
diff --git a/scripts/install-cli.sh b/scripts/install-cli.sh
new file mode 100755
index 0000000000..dbe33b1f89
--- /dev/null
+++ b/scripts/install-cli.sh
@@ -0,0 +1,337 @@
+#!/bin/sh
+set -e
+# Code generated by godownloader on 2020-06-04T12:59:08Z. DO NOT EDIT.
+#
+
+usage() {
+  this=$1
+  cat <<EOF
+
+$this: download binaries for nirmata/kyverno
+
+Usage: $this [-b bindir] [-d] [tag]
+  -b sets bindir or installation directory, Defaults to ./bin
+  -d turns on debug logging
+  [tag] is a tag from
+  https://github.com/nirmata/kyverno/releases
+  If tag is missing, then the latest release will be used.
+
+Generated by godownloader
+ https://github.com/goreleaser/godownloader
+
+EOF
+  exit 2
+}
+parse_args() {
+  #BINDIR is ./bin unless set be ENV
+  # over-ridden by flag below
+
+  BINDIR=${BINDIR:-./bin}
+  while getopts "b:dh?x" arg; do
+    case "$arg" in
+      b) BINDIR="$OPTARG" ;;
+      d) log_set_priority 10 ;;
+      h | \?) usage "$0" ;;
+      x) set -x ;;
+    esac
+  done
+  shift $((OPTIND - 1))
+  TAG=$1
+}
+tag_to_version() {
+  if [ -z "${TAG}" ]; then
+    log_info "checking GitHub for latest tag"
+  else
+    log_info "checking GitHub for tag '${TAG}'"
+  fi
+  REALTAG=$(github_release "$OWNER/$REPO" "${TAG}") && true
+  if test -z "$REALTAG"; then
+    log_crit "unable to find '${TAG}' - use 'latest' or see https://github.com/${PREFIX}/releases for details"
+    exit 1
+  fi
+  # if version starts with 'v', remove it
+  TAG="$REALTAG"
+  VERSION=${TAG#v}
+}
+adjust_binary() {
+  if [ "$OS" = "windows" ]; then
+    NAME="${NAME}.exe"
+    BINARY="${BINARY}.exe"
+  fi
+}
+# wrap all destructive operations into a function
+# to prevent curl|bash network truncation and disaster
+execute() {
+  TMPDIR=$(mktemp -d)
+  log_info "downloading from ${TARBALL_URL}"
+  http_download "${TMPDIR}/${NAME}" "$TARBALL_URL"
+  test ! -d "${BINDIR}" && install -d "${BINDIR}"
+  install "${TMPDIR}/${NAME}" "${BINDIR}/${BINARY}"
+  log_info "installed ${BINDIR}/${BINARY}"
+}
+
+cat /dev/null <<EOF
+------------------------------------------------------------------------
+https://github.com/client9/shlib - portable posix shell functions
+Public domain - http://unlicense.org
+https://github.com/client9/shlib/blob/master/LICENSE.md
+but credit (and pull requests) appreciated.
+------------------------------------------------------------------------
+EOF
+is_command() {
+  command -v "$1" >/dev/null
+}
+echoerr() {
+  echo "$@" 1>&2
+}
+log_prefix() {
+  echo "$0"
+}
+_logp=6
+log_set_priority() {
+  _logp="$1"
+}
+log_priority() {
+  if test -z "$1"; then
+    echo "$_logp"
+    return
+  fi
+  [ "$1" -le "$_logp" ]
+}
+log_tag() {
+  case $1 in
+    0) echo "emerg" ;;
+    1) echo "alert" ;;
+    2) echo "crit" ;;
+    3) echo "err" ;;
+    4) echo "warning" ;;
+    5) echo "notice" ;;
+    6) echo "info" ;;
+    7) echo "debug" ;;
+    *) echo "$1" ;;
+  esac
+}
+log_debug() {
+  log_priority 7 || return 0
+  echoerr "$(log_prefix)" "$(log_tag 7)" "$@"
+}
+log_info() {
+  log_priority 6 || return 0
+  echoerr "$(log_prefix)" "$(log_tag 6)" "$@"
+}
+log_err() {
+  log_priority 3 || return 0
+  echoerr "$(log_prefix)" "$(log_tag 3)" "$@"
+}
+log_crit() {
+  log_priority 2 || return 0
+  echoerr "$(log_prefix)" "$(log_tag 2)" "$@"
+}
+uname_os() {
+  os=$(uname -s | tr '[:upper:]' '[:lower:]')
+  case "$os" in
+    cygwin_nt*) os="windows" ;;
+    mingw*) os="windows" ;;
+    msys_nt*) os="windows" ;;
+  esac
+  echo "$os"
+}
+uname_arch() {
+  arch=$(uname -m)
+  case $arch in
+    x86_64) arch="amd64" ;;
+    x86) arch="386" ;;
+    i686) arch="386" ;;
+    i386) arch="386" ;;
+    aarch64) arch="arm64" ;;
+    armv5*) arch="armv5" ;;
+    armv6*) arch="armv6" ;;
+    armv7*) arch="armv7" ;;
+  esac
+  echo ${arch}
+}
+uname_os_check() {
+  os=$(uname_os)
+  case "$os" in
+    darwin) return 0 ;;
+    dragonfly) return 0 ;;
+    freebsd) return 0 ;;
+    linux) return 0 ;;
+    android) return 0 ;;
+    nacl) return 0 ;;
+    netbsd) return 0 ;;
+    openbsd) return 0 ;;
+    plan9) return 0 ;;
+    solaris) return 0 ;;
+    windows) return 0 ;;
+  esac
+  log_crit "uname_os_check '$(uname -s)' got converted to '$os' which is not a GOOS value. Please file bug at https://github.com/client9/shlib"
+  return 1
+}
+uname_arch_check() {
+  arch=$(uname_arch)
+  case "$arch" in
+    386) return 0 ;;
+    amd64) return 0 ;;
+    arm64) return 0 ;;
+    armv5) return 0 ;;
+    armv6) return 0 ;;
+    armv7) return 0 ;;
+    ppc64) return 0 ;;
+    ppc64le) return 0 ;;
+    mips) return 0 ;;
+    mipsle) return 0 ;;
+    mips64) return 0 ;;
+    mips64le) return 0 ;;
+    s390x) return 0 ;;
+    amd64p32) return 0 ;;
+  esac
+  log_crit "uname_arch_check '$(uname -m)' got converted to '$arch' which is not a GOARCH value.  Please file bug report at https://github.com/client9/shlib"
+  return 1
+}
+untar() {
+  tarball=$1
+  case "${tarball}" in
+    *.tar.gz | *.tgz) tar --no-same-owner -xzf "${tarball}" ;;
+    *.tar) tar --no-same-owner -xf "${tarball}" ;;
+    *.zip) unzip "${tarball}" ;;
+    *)
+      log_err "untar unknown archive format for ${tarball}"
+      return 1
+      ;;
+  esac
+}
+http_download_curl() {
+  local_file=$1
+  source_url=$2
+  header=$3
+  if [ -z "$header" ]; then
+    code=$(curl -w '%{http_code}' -sL -o "$local_file" "$source_url")
+  else
+    code=$(curl -w '%{http_code}' -sL -H "$header" -o "$local_file" "$source_url")
+  fi
+  if [ "$code" != "200" ]; then
+    log_debug "http_download_curl received HTTP status $code"
+    return 1
+  fi
+  return 0
+}
+http_download_wget() {
+  local_file=$1
+  source_url=$2
+  header=$3
+  if [ -z "$header" ]; then
+    wget -q -O "$local_file" "$source_url"
+  else
+    wget -q --header "$header" -O "$local_file" "$source_url"
+  fi
+}
+http_download() {
+  log_debug "http_download $2"
+  if is_command curl; then
+    http_download_curl "$@"
+    return
+  elif is_command wget; then
+    http_download_wget "$@"
+    return
+  fi
+  log_crit "http_download unable to find wget or curl"
+  return 1
+}
+http_copy() {
+  tmp=$(mktemp)
+  http_download "${tmp}" "$1" "$2" || return 1
+  body=$(cat "$tmp")
+  rm -f "${tmp}"
+  echo "$body"
+}
+github_release() {
+  owner_repo=$1
+  version=$2
+  test -z "$version" && version="latest"
+  giturl="https://github.com/${owner_repo}/releases/${version}"
+  json=$(http_copy "$giturl" "Accept:application/json")
+  test -z "$json" && return 1
+  version=$(echo "$json" | tr -s '\n' ' ' | sed 's/.*"tag_name":"//' | sed 's/".*//')
+  test -z "$version" && return 1
+  echo "$version"
+}
+hash_sha256() {
+  TARGET=${1:-/dev/stdin}
+  if is_command gsha256sum; then
+    hash=$(gsha256sum "$TARGET") || return 1
+    echo "$hash" | cut -d ' ' -f 1
+  elif is_command sha256sum; then
+    hash=$(sha256sum "$TARGET") || return 1
+    echo "$hash" | cut -d ' ' -f 1
+  elif is_command shasum; then
+    hash=$(shasum -a 256 "$TARGET" 2>/dev/null) || return 1
+    echo "$hash" | cut -d ' ' -f 1
+  elif is_command openssl; then
+    hash=$(openssl -dst openssl dgst -sha256 "$TARGET") || return 1
+    echo "$hash" | cut -d ' ' -f a
+  else
+    log_crit "hash_sha256 unable to find command to compute sha-256 hash"
+    return 1
+  fi
+}
+hash_sha256_verify() {
+  TARGET=$1
+  checksums=$2
+  if [ -z "$checksums" ]; then
+    log_err "hash_sha256_verify checksum file not specified in arg2"
+    return 1
+  fi
+  BASENAME=${TARGET##*/}
+  want=$(grep "${BASENAME}" "${checksums}" 2>/dev/null | tr '\t' ' ' | cut -d ' ' -f 1)
+  if [ -z "$want" ]; then
+    log_err "hash_sha256_verify unable to find checksum for '${TARGET}' in '${checksums}'"
+    return 1
+  fi
+  got=$(hash_sha256 "$TARGET")
+  if [ "$want" != "$got" ]; then
+    log_err "hash_sha256_verify checksum for '$TARGET' did not verify ${want} vs $got"
+    return 1
+  fi
+}
+cat /dev/null <<EOF
+------------------------------------------------------------------------
+End of functions from https://github.com/client9/shlib
+------------------------------------------------------------------------
+EOF
+
+OWNER=nirmata
+REPO="kyverno"
+BINARY=kyverno
+BINDIR=${BINDIR:-./bin}
+PREFIX="$OWNER/$REPO"
+# use in logging routines
+log_prefix() {
+        echo "$PREFIX"
+}
+OS=$(uname_os)
+ARCH=$(uname_arch)
+GITHUB_DOWNLOAD=https://github.com/${OWNER}/${REPO}/releases/download
+
+# make sure we are on a platform that makes sense
+uname_os_check "$OS"
+uname_arch_check "$ARCH"
+
+# parse_args, show usage and exit if necessary
+parse_args "$@"
+
+# setup version from tag
+tag_to_version
+
+log_info "found version ${VERSION} for ${TAG}/${OS}/${ARCH}"
+
+NAME=${BINARY}_v${VERSION}_${OS}_${ARCH}
+
+# adjust binary name based on OS
+adjust_binary
+
+# compute URL to download
+TARBALL_URL=${GITHUB_DOWNLOAD}/${TAG}/${NAME}
+
+# do it
+execute