nctl scan kubernetes

nctl scan kubernetes

scan kubernetes resources

nctl scan kubernetes [flags]

Examples


  # Scan a live Kubernetes cluster and use Nirmata's AI-powered services to analyze the scan result
  nctl scan kubernetes --cluster --analyze

  # Scan a live Kubernetes cluster and publish scan results to Nirmata Control Hub (NCH)
  nctl scan kubernetes --cluster --publish

  # Scan Kubernetes resources from a local file with a specific policy
  nctl scan kubernetes --resources ./resource.yaml --policies ./policy.yaml

  # Scan resources in a specific namespace using a policy set
  nctl scan kubernetes --namespace default --policy-sets pss-baseline

  # Scan a live Kubernetes cluster using cluster policies and exceptions
  nctl scan kubernetes --cluster --cluster-policies --cluster-exceptions

  # Scan with a specific kubeconfig and context
  nctl scan kubernetes --kubeconfig /path/to/kubeconfig --kube-context my-context

  # Output the scan results in JSON format with detailed violations
  nctl scan kubernetes --resources ./resource.yaml --policies ./policy.yaml --details -o json

  # Scan resources while allowing insecure connections (not recommended)
  nctl scan kubernetes --resources ./resource.yaml --insecure

  # Scan and show remediation suggestions for violating resources
  nctl scan kubernetes --resources ./resource.yaml --show-remediations

Options

      --analyze                  Analyze cluster using AI
      --audit-as-warn            Report violations from policies in audit mode as warnings instead of failures
      --cluster                  Scan resources in a cluster using cluster policies and exceptions (default value false)
      --cluster-exceptions       Use exceptions from a cluster (default value false)
      --cluster-name string      Override name of cluster while publishing report to Nirmata Control Hub (NCH)
      --cluster-policies         Use policies from a cluster (default value false)
      --cluster-resources        Use resources from a cluster (default value false)
      --continue-on-fail         If set to true, will continue to apply policies on the next resource upon failure to apply to the current resource instead of exiting out
      --details                  Show result details for violating resources
  -e, --exceptions strings       Policy exceptions to be considered when evaluating policies against resources
      --file string              Output file
  -h, --help                     help for kubernetes
      --insecure                 allow connection to an address with a self-signed or non-verifiable certificate (not recommended)
      --kube-context string      the kube context from configured kubeconfig. Default is the current or sole context
      --kubeconfig string        kubeconfig path (defaults to $HOME/.kube/kubeconfig)
  -l, --label strings            Label the cluster and Label selector in the format key=value for policy sets in Nirmata Control Hub (NCH)
  -n, --namespace strings        Namespace of the resources to scan
      --no-color                 disable the colors for the stdout reports
  -o, --output string            Output format (text, sarif, json, polr, yaml, scan-report) (default "text")
  -p, --policies strings         Path to policy files (local path, github URL, helm URL)
      --policy-sets strings      Comma-separated policy set names (pss-baseline, pss-restricted, rbac-best-practices)
      --policy-view              Use with --details to reverse the view from resource->policy to policy->resource
      --publish                  Publish reports
      --publish-token string     scan reports publish token
      --remediate string         Remediate resources ('show', 'patch')
      --report-sourceid string   Add source id for report created for local scan (is required for local scans; is the cluster id for cluster scan)
  -r, --resources strings        Path to resource files (local path, github URL)
      --token string             Nirmata API Login Key (env NIRMATA_TOKEN)
      --url string               Nirmata server base URL (env NIRMATA_URL)
      --values-file string       File containing values for policy variables

Options inherited from parent commands

  -v, --v Level   log level for V logs

SEE ALSO