nctl scan kubernetes

nctl scan kubernetes

scan kubernetes resources

nctl scan kubernetes [flags]

Options

      --audit-as-warn            Report violations from policies in audit mode as warnings instead of failures
      --cluster                  Scan resources in a cluster using cluster policies and exceptions (default value false)
      --cluster-exceptions       Use exceptions from a cluster (default value false)
      --cluster-name string      Override name of cluster while publishing report to Nirmata Control Hub (NCH)
      --cluster-policies         Use policies from a cluster (default value false)
      --cluster-resources        Use resources from a cluster (default value false)
      --continue-on-fail         If set to true, will continue to apply policies on the next resource upon failure to apply to the current resource instead of exiting out
      --details                  Show result details for violating resources
  -e, --exceptions strings       Policy exceptions to be considered when evaluating policies against resources
      --file string              Output file
  -h, --help                     help for kubernetes
      --insecure                 allow connection to an address with a self-signed or non-verifiable certificate (not recommended)
      --kube-context string      the kube context from configured kubeconfig. Default is the current or sole context
      --kubeconfig string        kubeconfig path (defaults to $HOME/.kube/kubeconfig)
  -l, --label strings            Label the cluster and Label selector in the format key=value for policy sets in Nirmata Control Hub (NCH)
  -n, --namespace strings        Namespace of the resources to scan
      --no-color                 disable the colors for the stdout reports
  -o, --output string            Output format (text, sarif, json, polr, yaml, scan-report) (default "text")
  -p, --policies strings         Path to policy files (local path, github URL, helm URL)
      --policy-sets strings      Comma-separated policy set names (pss-baseline, pss-restricted, rbac-best-practices)
      --policy-view              Use with --details to reverse the view from resource->policy to policy->resource
      --publish                  Publish reports
      --publish-token string     scan reports publish token
      --report-sourceid string   Add source id for report created for local scan (is required for local scans; is the cluster id for cluster scan)
  -r, --resources strings        Path to resource files (local path, github URL)
      --show-remediations        If set to true, remediation for the resources violating any policy will be obtained
      --token string             Nirmata API Login Key (env NIRMATA_TOKEN)
      --url string               Nirmata server base URL (env NIRMATA_URL)
      --values-file string       File containing values for policy variables

Options inherited from parent commands

  -v, --v Level   log level for V logs

SEE ALSO

• nctl scan - Scan resources