diff --git a/argo-cel/kustomization.yaml b/argo-cel/kustomization.yaml
new file mode 100644
index 000000000..4d5312cf3
--- /dev/null
+++ b/argo-cel/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./application-field-validation/application-field-validation.yaml
+  - ./application-prevent-default-project/application-prevent-default-project.yaml
+  - ./application-prevent-updates-project/application-prevent-updates-project.yaml
+  - ./applicationset-name-matches-project/applicationset-name-matches-project.yaml
+  - ./appproject-clusterresourceblacklist/appproject-clusterresourceblacklist.yaml
diff --git a/argo/kustomization.yaml b/argo/kustomization.yaml
new file mode 100644
index 000000000..2b240178d
--- /dev/null
+++ b/argo/kustomization.yaml
@@ -0,0 +1,12 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./application-field-validation/application-field-validation.yaml
+  - ./application-prevent-default-project/application-prevent-default-project.yaml
+  - ./application-prevent-updates-project/application-prevent-updates-project.yaml
+  - ./applicationset-name-matches-project/applicationset-name-matches-project.yaml
+  - ./appproject-clusterresourceblacklist/appproject-clusterresourceblacklist.yaml
+  - ./argo-cluster-generation-from-rancher-capi/argo-cluster-generation-from-rancher-capi.yaml
diff --git a/aws-cel/kustomization.yaml b/aws-cel/kustomization.yaml
new file mode 100644
index 000000000..cc57e67d7
--- /dev/null
+++ b/aws-cel/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./require-encryption-aws-loadbalancers/require-encryption-aws-loadbalancers.yaml
diff --git a/aws/kustomization.yaml b/aws/kustomization.yaml
new file mode 100644
index 000000000..186d34f87
--- /dev/null
+++ b/aws/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./require-aws-node-irsa/require-aws-node-irsa.yaml
+  - ./require-encryption-aws-loadbalancers/require-encryption-aws-loadbalancers.yaml
diff --git a/best-practices-cel/kustomization.yaml b/best-practices-cel/kustomization.yaml
new file mode 100644
index 000000000..8a69972fe
--- /dev/null
+++ b/best-practices-cel/kustomization.yaml
@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./check-deprecated-apis/check-deprecated-apis.yaml
+  - ./disallow-cri-sock-mount/disallow-cri-sock-mount.yaml
+  - ./disallow-default-namespace/disallow-default-namespace.yaml
+  - ./disallow-empty-ingress-host/disallow-empty-ingress-host.yaml
+  - ./disallow-helm-tiller/disallow-helm-tiller.yaml
+  - ./disallow-latest-tag/disallow-latest-tag.yaml
+  - ./require-drop-all/require-drop-all.yaml
+  - ./require-drop-cap-net-raw/require-drop-cap-net-raw.yaml
+  - ./require-labels/require-labels.yaml
+  - ./require-pod-requests-limits/require-pod-requests-limits.yaml
+  - ./require-probes/require-probes.yaml
+  - ./require-ro-rootfs/require-ro-rootfs.yaml
+  - ./restrict-image-registries/restrict-image-registries.yaml
+  - ./restrict-node-port/restrict-node-port.yaml
+  - ./restrict-service-external-ips/restrict-service-external-ips.yaml
diff --git a/best-practices/kustomization.yaml b/best-practices/kustomization.yaml
new file mode 100644
index 000000000..70726232c
--- /dev/null
+++ b/best-practices/kustomization.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./add-network-policy/add-network-policy.yaml
+  - ./add-networkpolicy-dns/add-networkpolicy-dns.yaml
+  - ./add-ns-quota/add-ns-quota.yaml
+  - ./add-rolebinding/add-rolebinding.yaml
+  - ./add-safe-to-evict/add-safe-to-evict.yaml
+  - ./check-deprecated-apis/check-deprecated-apis.yaml
+  - ./disallow-cri-sock-mount/disallow-cri-sock-mount.yaml
+  - ./disallow-default-namespace/disallow-default-namespace.yaml
+  - ./disallow-empty-ingress-host/disallow-empty-ingress-host.yaml
+  - ./disallow-helm-tiller/disallow-helm-tiller.yaml
+  - ./disallow-latest-tag/disallow-latest-tag.yaml
+  - ./require-drop-all/require-drop-all.yaml
+  - ./require-drop-cap-net-raw/require-drop-cap-net-raw.yaml
+  - ./require-labels/require-labels.yaml
+  - ./require-pod-requests-limits/require-pod-requests-limits.yaml
+  - ./require-probes/require-probes.yaml
+  - ./require-ro-rootfs/require-ro-rootfs.yaml
+  - ./restrict-image-registries/restrict-image-registries.yaml
+  - ./restrict-node-port/restrict-node-port.yaml
+  - ./restrict-service-external-ips/restrict-service-external-ips.yaml
diff --git a/castai/kustomization.yaml b/castai/kustomization.yaml
new file mode 100644
index 000000000..cf28d9ad3
--- /dev/null
+++ b/castai/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./add-castai-removal-disabled/add-castai-removal-disabled.yaml
diff --git a/cert-manager/kustomization.yaml b/cert-manager/kustomization.yaml
new file mode 100644
index 000000000..529e990a1
--- /dev/null
+++ b/cert-manager/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./limit-dnsnames/limit-dnsnames.yaml
+  - ./limit-duration/limit-duration.yaml
+  - ./restrict-issuer/restrict-issuer.yaml
diff --git a/cleanup/kustomization.yaml b/cleanup/kustomization.yaml
new file mode 100644
index 000000000..dcf8eff69
--- /dev/null
+++ b/cleanup/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./cleanup-bare-pods/cleanup-bare-pods.yaml
+  - ./cleanup-empty-replicasets/cleanup-empty-replicasets.yaml
diff --git a/consul-cel/kustomization.yaml b/consul-cel/kustomization.yaml
new file mode 100644
index 000000000..f9141df52
--- /dev/null
+++ b/consul-cel/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./enforce-min-tls-version/enforce-min-tls-version.yaml
diff --git a/consul/kustomization.yaml b/consul/kustomization.yaml
new file mode 100644
index 000000000..f9141df52
--- /dev/null
+++ b/consul/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./enforce-min-tls-version/enforce-min-tls-version.yaml
diff --git a/external-secret-operator/kustomization.yaml b/external-secret-operator/kustomization.yaml
new file mode 100644
index 000000000..af7416672
--- /dev/null
+++ b/external-secret-operator/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./add-external-secret-prefix/add-external-secret-prefix.yaml
diff --git a/flux-cel/kustomization.yaml b/flux-cel/kustomization.yaml
new file mode 100644
index 000000000..920afc8eb
--- /dev/null
+++ b/flux-cel/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./verify-flux-sources/verify-flux-sources.yaml
+  - ./verify-git-repositories/verify-git-repositories.yaml
diff --git a/flux/kustomization.yaml b/flux/kustomization.yaml
new file mode 100644
index 000000000..8dffc8e51
--- /dev/null
+++ b/flux/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./generate-flux-multi-tenant-resources/generate-flux-multi-tenant-resources.yaml
+  - ./verify-flux-images/verify-flux-images.yaml
+  - ./verify-flux-sources/verify-flux-sources.yaml
+  - ./verify-git-repositories/verify-git-repositories.yaml
diff --git a/gen-kustomization.sh b/gen-kustomization.sh
new file mode 100755
index 000000000..aad10b0eb
--- /dev/null
+++ b/gen-kustomization.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+set -xeuo pipefail
+for dir in ./*/; do
+    dir=${dir%*/}
+  if [[ -d "${dir}" && ! -L "${dir}" ]]; then
+    pushd "${dir}"
+    if [ ! -f ./kustomization.yaml ]; then
+      cat << 'EOF' > ./kustomization.yaml
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+EOF
+      ls -d */ -1 | sed 's/\(.*\)\//  - .\/\1\/\1.yaml/' >> ./kustomization.yaml
+    fi
+    popd
+  fi
+done
diff --git a/istio-cel/kustomization.yaml b/istio-cel/kustomization.yaml
new file mode 100644
index 000000000..c2b68a353
--- /dev/null
+++ b/istio-cel/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./enforce-sidecar-injection-namespace/enforce-sidecar-injection-namespace.yaml
+  - ./enforce-strict-mtls/enforce-strict-mtls.yaml
+  - ./prevent-disabling-injection-pods/prevent-disabling-injection-pods.yaml
diff --git a/istio/kustomization.yaml b/istio/kustomization.yaml
new file mode 100644
index 000000000..80354e5af
--- /dev/null
+++ b/istio/kustomization.yaml
@@ -0,0 +1,18 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./add-ambient-mode-namespace/add-ambient-mode-namespace.yaml
+  - ./add-sidecar-injection-namespace/add-sidecar-injection-namespace.yaml
+  - ./create-authorizationpolicy/create-authorizationpolicy.yaml
+  - ./enforce-ambient-mode-namespace/enforce-ambient-mode-namespace.yaml
+  - ./enforce-sidecar-injection-namespace/enforce-sidecar-injection-namespace.yaml
+  - ./enforce-strict-mtls/enforce-strict-mtls.yaml
+  - ./enforce-tls-hosts-host-subnets/enforce-tls-hosts-host-subnets.yaml
+  - ./prevent-disabling-injection-pods/prevent-disabling-injection-pods.yaml
+  - ./require-authorizationpolicy/require-authorizationpolicy.yaml
+  - ./restrict-virtual-service-wildcard/restrict-virtual-service-wildcard.yaml
+  - ./service-mesh-disallow-capabilities/service-mesh-disallow-capabilities.yaml
+  - ./service-mesh-require-run-as-nonroot/service-mesh-require-run-as-nonroot.yaml
diff --git a/karpenter/kustomization.yaml b/karpenter/kustomization.yaml
new file mode 100644
index 000000000..6ba164fd5
--- /dev/null
+++ b/karpenter/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./add-karpenter-daemonset-priority-class/add-karpenter-daemonset-priority-class.yaml
+  - ./add-karpenter-donot-evict/add-karpenter-donot-evict.yaml
+  - ./add-karpenter-nodeselector/add-karpenter-nodeselector.yaml
+  - ./set-karpenter-non-cpu-limits/set-karpenter-non-cpu-limits.yaml
diff --git a/kasten-cel/kustomization.yaml b/kasten-cel/kustomization.yaml
new file mode 100644
index 000000000..dbd1231ab
--- /dev/null
+++ b/kasten-cel/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./k10-data-protection-by-label/k10-data-protection-by-label.yaml
+  - ./k10-hourly-rpo/k10-hourly-rpo.yaml
+  - ./k10-validate-ns-by-preset-label/k10-validate-ns-by-preset-label.yaml
diff --git a/kasten/kustomization.yaml b/kasten/kustomization.yaml
new file mode 100644
index 000000000..8227e6970
--- /dev/null
+++ b/kasten/kustomization.yaml
@@ -0,0 +1,14 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./kasten-3-2-1-backup/kasten-3-2-1-backup.yaml
+  - ./kasten-data-protection-by-label/kasten-data-protection-by-label.yaml
+  - ./kasten-generate-example-backup-policy/kasten-generate-example-backup-policy.yaml
+  - ./kasten-generate-policy-by-preset-label/kasten-generate-policy-by-preset-label.yaml
+  - ./kasten-hourly-rpo/kasten-hourly-rpo.yaml
+  - ./kasten-immutable-location-profile/kasten-immutable-location-profile.yaml
+  - ./kasten-minimum-retention/kasten-minimum-retention.yaml
+  - ./kasten-validate-ns-by-preset-label/kasten-validate-ns-by-preset-label.yaml
diff --git a/kubecost-cel/kustomization.yaml b/kubecost-cel/kustomization.yaml
new file mode 100644
index 000000000..34559e1af
--- /dev/null
+++ b/kubecost-cel/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./require-kubecost-labels/require-kubecost-labels.yaml
diff --git a/kubecost/kustomization.yaml b/kubecost/kustomization.yaml
new file mode 100644
index 000000000..b6f0e7267
--- /dev/null
+++ b/kubecost/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./enable-kubecost-continuous-rightsizing/enable-kubecost-continuous-rightsizing.yaml
+  - ./kubecost-proactive-cost-control/kubecost-proactive-cost-control.yaml
+  - ./require-kubecost-labels/require-kubecost-labels.yaml
diff --git a/kubeops/kustomization.yaml b/kubeops/kustomization.yaml
new file mode 100644
index 000000000..83fbbb09f
--- /dev/null
+++ b/kubeops/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./config-syncer-secret-generation-from-rancher-capi/config-syncer-secret-generation-from-rancher-capi.yaml
diff --git a/kubevirt/kustomization.yaml b/kubevirt/kustomization.yaml
new file mode 100644
index 000000000..66732c42a
--- /dev/null
+++ b/kubevirt/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./add-services/add-services.yaml
+  - ./enforce-instancetype/enforce-instancetype.yaml
diff --git a/linkerd-cel/kustomization.yaml b/linkerd-cel/kustomization.yaml
new file mode 100644
index 000000000..2787cbd46
--- /dev/null
+++ b/linkerd-cel/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./prevent-linkerd-pod-injection-override/prevent-linkerd-pod-injection-override.yaml
+  - ./prevent-linkerd-port-skipping/prevent-linkerd-port-skipping.yaml
+  - ./require-linkerd-mesh-injection/require-linkerd-mesh-injection.yaml
diff --git a/linkerd/kustomization.yaml b/linkerd/kustomization.yaml
new file mode 100644
index 000000000..00171f229
--- /dev/null
+++ b/linkerd/kustomization.yaml
@@ -0,0 +1,13 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./add-linkerd-mesh-injection/add-linkerd-mesh-injection.yaml
+  - ./add-linkerd-policy-annotation/add-linkerd-policy-annotation.yaml
+  - ./check-linkerd-authorizationpolicy/check-linkerd-authorizationpolicy.yaml
+  - ./prevent-linkerd-pod-injection-override/prevent-linkerd-pod-injection-override.yaml
+  - ./prevent-linkerd-port-skipping/prevent-linkerd-port-skipping.yaml
+  - ./require-linkerd-mesh-injection/require-linkerd-mesh-injection.yaml
+  - ./require-linkerd-server/require-linkerd-server.yaml
diff --git a/nginx-ingress-cel/kustomization.yaml b/nginx-ingress-cel/kustomization.yaml
new file mode 100644
index 000000000..b40284ac3
--- /dev/null
+++ b/nginx-ingress-cel/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./disallow-ingress-nginx-custom-snippets/disallow-ingress-nginx-custom-snippets.yaml
+  - ./restrict-annotations/restrict-annotations.yaml
+  - ./restrict-ingress-paths/restrict-ingress-paths.yaml
diff --git a/nginx-ingress/kustomization.yaml b/nginx-ingress/kustomization.yaml
new file mode 100644
index 000000000..b40284ac3
--- /dev/null
+++ b/nginx-ingress/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./disallow-ingress-nginx-custom-snippets/disallow-ingress-nginx-custom-snippets.yaml
+  - ./restrict-annotations/restrict-annotations.yaml
+  - ./restrict-ingress-paths/restrict-ingress-paths.yaml
diff --git a/openshift-cel/kustomization.yaml b/openshift-cel/kustomization.yaml
new file mode 100644
index 000000000..5a00274a8
--- /dev/null
+++ b/openshift-cel/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./check-routes/check-routes.yaml
+  - ./disallow-deprecated-apis/disallow-deprecated-apis.yaml
+  - ./disallow-jenkins-pipeline-strategy/disallow-jenkins-pipeline-strategy.yaml
+  - ./disallow-security-context-constraint-anyuid/disallow-security-context-constraint-anyuid.yaml
+  - ./enforce-etcd-encryption/enforce-etcd-encryption.yaml
diff --git a/openshift/kustomization.yaml b/openshift/kustomization.yaml
new file mode 100644
index 000000000..bec42b272
--- /dev/null
+++ b/openshift/kustomization.yaml
@@ -0,0 +1,15 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./check-routes/check-routes.yaml
+  - ./disallow-deprecated-apis/disallow-deprecated-apis.yaml
+  - ./disallow-jenkins-pipeline-strategy/disallow-jenkins-pipeline-strategy.yaml
+  - ./disallow-security-context-constraint-anyuid/disallow-security-context-constraint-anyuid.yaml
+  - ./disallow-self-provisioner-binding/disallow-self-provisioner-binding.yaml
+  - ./enforce-etcd-encryption/enforce-etcd-encryption.yaml
+  - ./inject-infrastructurename/inject-infrastructurename.yaml
+  - ./team-validate-ns-name/team-validate-ns-name.yaml
+  - ./unique-routes/unique-routes.yaml
diff --git a/other-cel/kustomization.yaml b/other-cel/kustomization.yaml
new file mode 100644
index 000000000..381758f74
--- /dev/null
+++ b/other-cel/kustomization.yaml
@@ -0,0 +1,72 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./advanced-restrict-image-registries/advanced-restrict-image-registries.yaml
+  - ./allowed-annotations/allowed-annotations.yaml
+  - ./allowed-pod-priorities/allowed-pod-priorities.yaml
+  - ./block-ephemeral-containers/block-ephemeral-containers.yaml
+  - ./check-env-vars/check-env-vars.yaml
+  - ./check-node-for-cve-2022-0185/check-node-for-cve-2022-0185.yaml
+  - ./check-serviceaccount-secrets/check-serviceaccount-secrets.yaml
+  - ./deny-commands-in-exec-probe/deny-commands-in-exec-probe.yaml
+  - ./deny-secret-service-account-token-type/deny-secret-service-account-token-type.yaml
+  - ./disallow-all-secrets/disallow-all-secrets.yaml
+  - ./disallow-localhost-services/disallow-localhost-services.yaml
+  - ./disallow-secrets-from-env-vars/disallow-secrets-from-env-vars.yaml
+  - ./docker-socket-requires-label/docker-socket-requires-label.yaml
+  - ./enforce-pod-duration/enforce-pod-duration.yaml
+  - ./enforce-readwriteonce-pod/enforce-readwriteonce-pod.yaml
+  - ./ensure-probes-different/ensure-probes-different.yaml
+  - ./ensure-readonly-hostpath/ensure-readonly-hostpath.yaml
+  - ./exclude-namespaces-dynamically/exclude-namespaces-dynamically.yaml
+  - ./forbid-cpu-limits/forbid-cpu-limits.yaml
+  - ./imagepullpolicy-always/imagepullpolicy-always.yaml
+  - ./ingress-host-match-tls/ingress-host-match-tls.yaml
+  - ./limit-containers-per-pod/limit-containers-per-pod.yaml
+  - ./limit-hostpath-type-pv/limit-hostpath-type-pv.yaml
+  - ./limit-hostpath-vols/limit-hostpath-vols.yaml
+  - ./memory-requests-equal-limits/memory-requests-equal-limits.yaml
+  - ./metadata-match-regex/metadata-match-regex.yaml
+  - ./pdb-maxunavailable/pdb-maxunavailable.yaml
+  - ./prevent-bare-pods/prevent-bare-pods.yaml
+  - ./prevent-cr8escape/prevent-cr8escape.yaml
+  - ./require-annotations/require-annotations.yaml
+  - ./require-container-port-names/require-container-port-names.yaml
+  - ./require-deployments-have-multiple-replicas/require-deployments-have-multiple-replicas.yaml
+  - ./require-emptydir-requests-limits/require-emptydir-requests-limits.yaml
+  - ./require-image-checksum/require-image-checksum.yaml
+  - ./require-ingress-https/require-ingress-https.yaml
+  - ./require-non-root-groups/require-non-root-groups.yaml
+  - ./require-pod-priorityclassname/require-pod-priorityclassname.yaml
+  - ./require-qos-burstable/require-qos-burstable.yaml
+  - ./require-qos-guaranteed/require-qos-guaranteed.yaml
+  - ./require-storageclass/require-storageclass.yaml
+  - ./restrict-annotations/restrict-annotations.yaml
+  - ./restrict-binding-clusteradmin/restrict-binding-clusteradmin.yaml
+  - ./restrict-binding-system-groups/restrict-binding-system-groups.yaml
+  - ./restrict-clusterrole-nodesproxy/restrict-clusterrole-nodesproxy.yaml
+  - ./restrict-controlplane-scheduling/restrict-controlplane-scheduling.yaml
+  - ./restrict-deprecated-registry/restrict-deprecated-registry.yaml
+  - ./restrict-edit-for-endpoints/restrict-edit-for-endpoints.yaml
+  - ./restrict-escalation-verbs-roles/restrict-escalation-verbs-roles.yaml
+  - ./restrict-ingress-classes/restrict-ingress-classes.yaml
+  - ./restrict-ingress-defaultbackend/restrict-ingress-defaultbackend.yaml
+  - ./restrict-ingress-wildcard/restrict-ingress-wildcard.yaml
+  - ./restrict-jobs/restrict-jobs.yaml
+  - ./restrict-loadbalancer/restrict-loadbalancer.yaml
+  - ./restrict-networkpolicy-empty-podselector/restrict-networkpolicy-empty-podselector.yaml
+  - ./restrict-node-affinity/restrict-node-affinity.yaml
+  - ./restrict-node-label-creation/restrict-node-label-creation.yaml
+  - ./restrict-pod-controller-serviceaccount-updates/restrict-pod-controller-serviceaccount-updates.yaml
+  - ./restrict-sa-automount-sa-token/restrict-sa-automount-sa-token.yaml
+  - ./restrict-secret-role-verbs/restrict-secret-role-verbs.yaml
+  - ./restrict-secrets-by-name/restrict-secrets-by-name.yaml
+  - ./restrict-service-port-range/restrict-service-port-range.yaml
+  - ./restrict-storageclass/restrict-storageclass.yaml
+  - ./restrict-usergroup-fsgroup-id/restrict-usergroup-fsgroup-id.yaml
+  - ./restrict-wildcard-resources/restrict-wildcard-resources.yaml
+  - ./restrict-wildcard-verbs/restrict-wildcard-verbs.yaml
+  - ./topologyspreadconstraints-policy/topologyspreadconstraints-policy.yaml
diff --git a/other/kustomization.yaml b/other/kustomization.yaml
new file mode 100644
index 000000000..6ead4461d
--- /dev/null
+++ b/other/kustomization.yaml
@@ -0,0 +1,198 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./add-certificates-volume/add-certificates-volume.yaml
+  - ./add-default-resources/add-default-resources.yaml
+  - ./add-default-securitycontext/add-default-securitycontext.yaml
+  - ./add-emptydir-sizelimit/add-emptydir-sizelimit.yaml
+  - ./add-env-vars-from-cm/add-env-vars-from-cm.yaml
+  - ./add-image-as-env-var/add-image-as-env-var.yaml
+  - ./add-imagepullsecrets-for-containers-and-initcontainers/add-imagepullsecrets-for-containers-and-initcontainers.yaml
+  - ./add-imagepullsecrets/add-imagepullsecrets.yaml
+  - ./add-labels/add-labels.yaml
+  - ./add-ndots/add-ndots.yaml
+  - ./add-node-affinity/add-node-affinity.yaml
+  - ./add-node-labels-pod/add-node-labels-pod.yaml
+  - ./add-nodeSelector/add-nodeSelector.yaml
+  - ./add-pod-priorityclassname/add-pod-priorityclassname.yaml
+  - ./add-pod-proxies/add-pod-proxies.yaml
+  - ./add-tolerations/add-tolerations.yaml
+  - ./add-ttl-jobs/add-ttl-jobs.yaml
+  - ./add-volume-deployment/add-volume-deployment.yaml
+  - ./advanced-restrict-image-registries/advanced-restrict-image-registries.yaml
+  - ./advertise-node-extended-resources/advertise-node-extended-resources.yaml
+  - ./allowed-annotations/allowed-annotations.yaml
+  - ./allowed-base-images/allowed-base-images.yaml
+  - ./allowed-image-repos/allowed-image-repos.yaml
+  - ./allowed-label-changes/allowed-label-changes.yaml
+  - ./allowed-pod-priorities/allowed-pod-priorities.yaml
+  - ./always-pull-images/always-pull-images.yaml
+  - ./annotate-base-images/annotate-base-images.yaml
+  - ./apply-pss-restricted-profile/apply-pss-restricted-profile.yaml
+  - ./audit-event-on-delete/audit-event-on-delete.yaml
+  - ./audit-event-on-exec/audit-event-on-exec.yaml
+  - ./block-cluster-admin-from-ns/block-cluster-admin-from-ns.yaml
+  - ./block-ephemeral-containers/block-ephemeral-containers.yaml
+  - ./block-images-with-volumes/block-images-with-volumes.yaml
+  - ./block-large-images/block-large-images.yaml
+  - ./block-pod-exec-by-namespace-label/block-pod-exec-by-namespace-label.yaml
+  - ./block-pod-exec-by-namespace/block-pod-exec-by-namespace.yaml
+  - ./block-pod-exec-by-pod-and-container/block-pod-exec-by-pod-and-container.yaml
+  - ./block-pod-exec-by-pod-label/block-pod-exec-by-pod-label.yaml
+  - ./block-pod-exec-by-pod-name/block-pod-exec-by-pod-name.yaml
+  - ./block-stale-images/block-stale-images.yaml
+  - ./block-updates-deletes/block-updates-deletes.yaml
+  - ./check-env-vars/check-env-vars.yaml
+  - ./check-hpa-exists/check-hpa-exists.yaml
+  - ./check-ingress-nginx-controller-version-and-annotation-policy/check-ingress-nginx-controller-version-and-annotation-policy.yaml
+  - ./check-node-for-cve-2022-0185/check-node-for-cve-2022-0185.yaml
+  - ./check-nvidia-gpu/check-nvidia-gpu.yaml
+  - ./check-serviceaccount-secrets/check-serviceaccount-secrets.yaml
+  - ./check-serviceaccount/check-serviceaccount.yaml
+  - ./check-subjectaccessreview/check-subjectaccessreview.yaml
+  - ./check-vpa-configuration/check-vpa-configuration.yaml
+  - ./concatenate-configmaps/concatenate-configmaps.yaml
+  - ./copy-namespace-labels/copy-namespace-labels.yaml
+  - ./cordon-and-drain-node/cordon-and-drain-node.yaml
+  - ./create-default-pdb/create-default-pdb.yaml
+  - ./create-pod-antiaffinity/create-pod-antiaffinity.yaml
+  - ./deny-commands-in-exec-probe/deny-commands-in-exec-probe.yaml
+  - ./deny-secret-service-account-token-type/deny-secret-service-account-token-type.yaml
+  - ./deployment-replicas-higher-than-pdb/deployment-replicas-higher-than-pdb.yaml
+  - ./disable-automountserviceaccounttoken/disable-automountserviceaccounttoken.yaml
+  - ./disable-service-discovery/disable-service-discovery.yaml
+  - ./disallow-all-secrets/disallow-all-secrets.yaml
+  - ./disallow-localhost-services/disallow-localhost-services.yaml
+  - ./disallow-secrets-from-env-vars/disallow-secrets-from-env-vars.yaml
+  - ./dns-policy-and-dns-config/dns-policy-and-dns-config.yaml
+  - ./docker-socket-requires-label/docker-socket-requires-label.yaml
+  - ./enforce-pod-duration/enforce-pod-duration.yaml
+  - ./enforce-readwriteonce-pod/enforce-readwriteonce-pod.yaml
+  - ./enforce-resources-as-ratio/enforce-resources-as-ratio.yaml
+  - ./ensure-probes-different/ensure-probes-different.yaml
+  - ./ensure-production-matches-staging/ensure-production-matches-staging.yaml
+  - ./ensure-readonly-hostpath/ensure-readonly-hostpath.yaml
+  - ./exclude-namespaces-dynamically/exclude-namespaces-dynamically.yaml
+  - ./expiration-for-policyexceptions/expiration-for-policyexceptions.yaml
+  - ./forbid-cpu-limits/forbid-cpu-limits.yaml
+  - ./generate-networkpolicy-existing/generate-networkpolicy-existing.yaml
+  - ./get-debug-information/get-debug-information.yaml
+  - ./imagepullpolicy-always/imagepullpolicy-always.yaml
+  - ./ingress-host-match-tls/ingress-host-match-tls.yaml
+  - ./inject-env-var-from-image-label/inject-env-var-from-image-label.yaml
+  - ./inject-sidecar-deployment/inject-sidecar-deployment.yaml
+  - ./inspect-csr/inspect-csr.yaml
+  - ./kubernetes-version-check/kubernetes-version-check.yaml
+  - ./label-existing-namespaces/label-existing-namespaces.yaml
+  - ./label-nodes-cri/label-nodes-cri.yaml
+  - ./limit-configmap-for-sa/limit-configmap-for-sa.yaml
+  - ./limit-containers-per-pod/limit-containers-per-pod.yaml
+  - ./limit-hostpath-type-pv/limit-hostpath-type-pv.yaml
+  - ./limit-hostpath-vols/limit-hostpath-vols.yaml
+  - ./memory-requests-equal-limits/memory-requests-equal-limits.yaml
+  - ./metadata-match-regex/metadata-match-regex.yaml
+  - ./mitigate-log4shell/mitigate-log4shell.yaml
+  - ./mutate-large-termination-gps/mutate-large-termination-gps.yaml
+  - ./mutate-pod-binding/mutate-pod-binding.yaml
+  - ./namespace-inventory-check/namespace-inventory-check.yaml
+  - ./namespace-protection/namespace-protection.yaml
+  - ./nfs-subdir-external-provisioner-storage-path/nfs-subdir-external-provisioner-storage-path.yaml
+  - ./only-trustworthy-registries-set-root/only-trustworthy-registries-set-root.yaml
+  - ./pdb-maxunavailable-with-deployments/pdb-maxunavailable-with-deployments.yaml
+  - ./pdb-maxunavailable/pdb-maxunavailable.yaml
+  - ./pdb-minavailable/pdb-minavailable.yaml
+  - ./policy-for-exceptions/policy-for-exceptions.yaml
+  - ./prepend-image-registry/prepend-image-registry.yaml
+  - ./prevent-bare-pods/prevent-bare-pods.yaml
+  - ./prevent-cr8escape/prevent-cr8escape.yaml
+  - ./prevent-duplicate-hpa/prevent-duplicate-hpa.yaml
+  - ./prevent-duplicate-vpa/prevent-duplicate-vpa.yaml
+  - ./protect-node-taints/protect-node-taints.yaml
+  - ./record-creation-details/record-creation-details.yaml
+  - ./refresh-env-var-in-pod/refresh-env-var-in-pod.yaml
+  - ./refresh-volumes-in-pods/refresh-volumes-in-pods.yaml
+  - ./remove-hostpath-volumes/remove-hostpath-volumes.yaml
+  - ./remove-serviceaccount-token/remove-serviceaccount-token.yaml
+  - ./replace-image-registry-with-harbor/replace-image-registry-with-harbor.yaml
+  - ./replace-image-registry/replace-image-registry.yaml
+  - ./replace-ingress-hosts/replace-ingress-hosts.yaml
+  - ./require-annotations/require-annotations.yaml
+  - ./require-base-image/require-base-image.yaml
+  - ./require-container-port-names/require-container-port-names.yaml
+  - ./require-cpu-limits/require-cpu-limits.yaml
+  - ./require-deployments-have-multiple-replicas/require-deployments-have-multiple-replicas.yaml
+  - ./require-emptydir-requests-limits/require-emptydir-requests-limits.yaml
+  - ./require-image-checksum/require-image-checksum.yaml
+  - ./require-image-source/require-image-source.yaml
+  - ./require-imagepullsecrets/require-imagepullsecrets.yaml
+  - ./require-ingress-https/require-ingress-https.yaml
+  - ./require-netpol/require-netpol.yaml
+  - ./require-non-root-groups/require-non-root-groups.yaml
+  - ./require-pdb/require-pdb.yaml
+  - ./require-pod-priorityclassname/require-pod-priorityclassname.yaml
+  - ./require-qos-burstable/require-qos-burstable.yaml
+  - ./require-qos-guaranteed/require-qos-guaranteed.yaml
+  - ./require-reasonable-pdbs/require-reasonable-pdbs.yaml
+  - ./require-replicas-allow-disruption/require-replicas-allow-disruption.yaml
+  - ./require-storageclass/require-storageclass.yaml
+  - ./require-unique-external-dns/require-unique-external-dns.yaml
+  - ./require-unique-service-selector/require-unique-service-selector.yaml
+  - ./require-unique-uid-per-workload/require-unique-uid-per-workload.yaml
+  - ./require-vulnerability-scan/require-vulnerability-scan.yaml
+  - ./resolve-image-to-digest/resolve-image-to-digest.yaml
+  - ./resource-creation-updating-denied/resource-creation-updating-denied.yaml
+  - ./restart-deployment-on-secret-change/restart-deployment-on-secret-change.yaml
+  - ./restrict-annotations/restrict-annotations.yaml
+  - ./restrict-automount-sa-token/restrict-automount-sa-token.yaml
+  - ./restrict-binding-clusteradmin/restrict-binding-clusteradmin.yaml
+  - ./restrict-binding-system-groups/restrict-binding-system-groups.yaml
+  - ./restrict-clusterrole-csr/restrict-clusterrole-csr.yaml
+  - ./restrict-clusterrole-mutating-validating-admission-webhooks/restrict-clusterrole-mutating-validating-admission-webhooks.yaml
+  - ./restrict-clusterrole-nodesproxy/restrict-clusterrole-nodesproxy.yaml
+  - ./restrict-controlplane-scheduling/restrict-controlplane-scheduling.yaml
+  - ./restrict-deprecated-registry/restrict-deprecated-registry.yaml
+  - ./restrict-edit-for-endpoints/restrict-edit-for-endpoints.yaml
+  - ./restrict-escalation-verbs-roles/restrict-escalation-verbs-roles.yaml
+  - ./restrict-ingress-classes/restrict-ingress-classes.yaml
+  - ./restrict-ingress-defaultbackend/restrict-ingress-defaultbackend.yaml
+  - ./restrict-ingress-host/restrict-ingress-host.yaml
+  - ./restrict-ingress-wildcard/restrict-ingress-wildcard.yaml
+  - ./restrict-jobs/restrict-jobs.yaml
+  - ./restrict-loadbalancer/restrict-loadbalancer.yaml
+  - ./restrict-networkpolicy-empty-podselector/restrict-networkpolicy-empty-podselector.yaml
+  - ./restrict-node-affinity/restrict-node-affinity.yaml
+  - ./restrict-node-label-changes/restrict-node-label-changes.yaml
+  - ./restrict-node-label-creation/restrict-node-label-creation.yaml
+  - ./restrict-node-selection/restrict-node-selection.yaml
+  - ./restrict-pod-controller-serviceaccount-updates/restrict-pod-controller-serviceaccount-updates.yaml
+  - ./restrict-pod-count-per-node/restrict-pod-count-per-node.yaml
+  - ./restrict-sa-automount-sa-token/restrict-sa-automount-sa-token.yaml
+  - ./restrict-scale/restrict-scale.yaml
+  - ./restrict-secret-role-verbs/restrict-secret-role-verbs.yaml
+  - ./restrict-secrets-by-label/restrict-secrets-by-label.yaml
+  - ./restrict-secrets-by-name/restrict-secrets-by-name.yaml
+  - ./restrict-service-account/restrict-service-account.yaml
+  - ./restrict-service-port-range/restrict-service-port-range.yaml
+  - ./restrict-storageclass/restrict-storageclass.yaml
+  - ./restrict-usergroup-fsgroup-id/restrict-usergroup-fsgroup-id.yaml
+  - ./restrict-wildcard-resources/restrict-wildcard-resources.yaml
+  - ./restrict-wildcard-verbs/restrict-wildcard-verbs.yaml
+  - ./scale-deployment-zero/scale-deployment-zero.yaml
+  - ./spread-pods-across-topology/spread-pods-across-topology.yaml
+  - ./sync-secrets/sync-secrets.yaml
+  - ./time-bound-policy/time-bound-policy.yaml
+  - ./topologyspreadconstraints-policy/topologyspreadconstraints-policy.yaml
+  - ./unique-ingress-host-and-path/unique-ingress-host-and-path.yaml
+  - ./unique-ingress-paths/unique-ingress-paths.yaml
+  - ./update-image-tag/update-image-tag.yaml
+  - ./verify-image-cve-2022-42889/verify-image-cve-2022-42889.yaml
+  - ./verify-image-gcpkms/verify-image-gcpkms.yaml
+  - ./verify-image-slsa/verify-image-slsa.yaml
+  - ./verify-image-with-multi-keys/verify-image-with-multi-keys.yaml
+  - ./verify-image/verify-image.yaml
+  - ./verify-manifest-integrity/verify-manifest-integrity.yaml
+  - ./verify-sbom-cyclonedx/verify-sbom-cyclonedx.yaml
+  - ./verify-vpa-target/verify-vpa-target.yaml
diff --git a/pod-security-cel/kustomization.yaml b/pod-security-cel/kustomization.yaml
new file mode 100644
index 000000000..a03611dd2
--- /dev/null
+++ b/pod-security-cel/kustomization.yaml
@@ -0,0 +1,2 @@
+  - ./baseline//baseline/.yaml
+  - ./restricted//restricted/.yaml
diff --git a/psa-cel/kustomization.yaml b/psa-cel/kustomization.yaml
new file mode 100644
index 000000000..e1ca8789a
--- /dev/null
+++ b/psa-cel/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./add-psa-namespace-reporting/add-psa-namespace-reporting.yaml
+  - ./deny-privileged-profile/deny-privileged-profile.yaml
diff --git a/psa/kustomization.yaml b/psa/kustomization.yaml
new file mode 100644
index 000000000..472f8ed2f
--- /dev/null
+++ b/psa/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./add-privileged-existing-namespaces/add-privileged-existing-namespaces.yaml
+  - ./add-psa-labels/add-psa-labels.yaml
+  - ./add-psa-namespace-reporting/add-psa-namespace-reporting.yaml
+  - ./deny-privileged-profile/deny-privileged-profile.yaml
diff --git a/psp-migration-cel/kustomization.yaml b/psp-migration-cel/kustomization.yaml
new file mode 100644
index 000000000..d283c1891
--- /dev/null
+++ b/psp-migration-cel/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./check-supplemental-groups/check-supplemental-groups.yaml
+  - ./restrict-adding-capabilities/restrict-adding-capabilities.yaml
+  - ./restrict-runtimeClassName/restrict-runtimeClassName.yaml
diff --git a/psp-migration/kustomization.yaml b/psp-migration/kustomization.yaml
new file mode 100644
index 000000000..ccbc3bd57
--- /dev/null
+++ b/psp-migration/kustomization.yaml
@@ -0,0 +1,12 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./add-apparmor/add-apparmor.yaml
+  - ./add-capabilities/add-capabilities.yaml
+  - ./add-runtimeClassName/add-runtimeClassName.yaml
+  - ./check-supplemental-groups/check-supplemental-groups.yaml
+  - ./restrict-adding-capabilities/restrict-adding-capabilities.yaml
+  - ./restrict-runtimeClassName/restrict-runtimeClassName.yaml
diff --git a/tekton-cel/kustomization.yaml b/tekton-cel/kustomization.yaml
new file mode 100644
index 000000000..2a370262b
--- /dev/null
+++ b/tekton-cel/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./block-tekton-task-runs/block-tekton-task-runs.yaml
+  - ./require-tekton-bundle/require-tekton-bundle.yaml
diff --git a/tekton/kustomization.yaml b/tekton/kustomization.yaml
new file mode 100644
index 000000000..95ccf4a4d
--- /dev/null
+++ b/tekton/kustomization.yaml
@@ -0,0 +1,13 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./block-tekton-task-runs/block-tekton-task-runs.yaml
+  - ./require-tekton-bundle/require-tekton-bundle.yaml
+  - ./require-tekton-namespace-pipelinerun/require-tekton-namespace-pipelinerun.yaml
+  - ./require-tekton-securitycontext/require-tekton-securitycontext.yaml
+  - ./verify-tekton-pipeline-bundle-signatures/verify-tekton-pipeline-bundle-signatures.yaml
+  - ./verify-tekton-taskrun-signatures/verify-tekton-taskrun-signatures.yaml
+  - ./verify-tekton-taskrun-vuln-scan/verify-tekton-taskrun-vuln-scan.yaml
diff --git a/traefik-cel/kustomization.yaml b/traefik-cel/kustomization.yaml
new file mode 100644
index 000000000..286c6c432
--- /dev/null
+++ b/traefik-cel/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./disallow-default-tlsoptions/disallow-default-tlsoptions.yaml
diff --git a/traefik/kustomization.yaml b/traefik/kustomization.yaml
new file mode 100644
index 000000000..286c6c432
--- /dev/null
+++ b/traefik/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./disallow-default-tlsoptions/disallow-default-tlsoptions.yaml
diff --git a/velero-cel/kustomization.yaml b/velero-cel/kustomization.yaml
new file mode 100644
index 000000000..8ae831f1d
--- /dev/null
+++ b/velero-cel/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./block-velero-restore/block-velero-restore.yaml
+  - ./validate-cron-schedule/validate-cron-schedule.yaml
diff --git a/velero/kustomization.yaml b/velero/kustomization.yaml
new file mode 100644
index 000000000..b904e8cf5
--- /dev/null
+++ b/velero/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./backup-all-volumes/backup-all-volumes.yaml
+  - ./block-velero-restore/block-velero-restore.yaml
+  - ./validate-cron-schedule/validate-cron-schedule.yaml
diff --git a/windows-security/kustomization.yaml b/windows-security/kustomization.yaml
new file mode 100644
index 000000000..534a0bfa2
--- /dev/null
+++ b/windows-security/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./require-run-as-containeruser/require-run-as-containeruser.yaml