nctl scan repository

nctl scan repository

scan files in a git repository

nctl scan repository [flags]

Examples


  # Scan the Nirmata demo-resources repository
  nctl scan repository https://github.com/nirmata/demo-resources

  # Scan the repository with a specific policy set
  nctl scan repository https://github.com/nirmata/demo-resources --policy-sets pss-baseline,pss-restricted

  # Scan the repository using specific policies from local and remote sources
  nctl scan repository https://github.com/nirmata/demo-resources -p /path/to/policy.yaml,https://github.com/example/policy.yaml

  # Scan a specific branch of the repository
  nctl scan repository https://github.com/nirmata/demo-resources --branch main

  # Enable audit mode to report violations as warnings instead of failures
  nctl scan repository https://github.com/nirmata/demo-resources --audit-as-warn

  # Display remediation suggestions for policy violations
  nctl scan repository https://github.com/nirmata/demo-resources --remediate display

  # Overwrite resource files with remediations
  nctl scan repository https://github.com/nirmata/demo-resources --remediate overwrite

Options

      --analyzers strings      Analyzers to enable (all,dockerfile,json,kubernetes,terraform-config,terraform-plan,terraform-state) (default [all])
      --audit-as-warn          Report violations from policies in audit mode as warnings instead of failures
      --branch string          name of the branch
      --details                Show result details for violating resources
      --file string            Output file
  -h, --help                   help for repository
      --insecure               allow connection to an address with a self-signed or non-verifiable certificate (not recommended)
      --labels strings         Report label
      --no-color               disable the colors for the stdout reports
  -o, --output string          Output format (text, json, yaml, scan-report) (default "text")
  -p, --policies strings       Path to policy files (local path, github URL, helm URL)
      --policy-sets strings    policy set names (pss-baseline, pss-restricted, rbac-best-practices)
      --publish                Publish reports (default true)
      --publish-token string   scan reports publish token
      --remediate string       Remediate resources ('show', 'patch')
      --token string           Nirmata API Login Key (env NIRMATA_TOKEN)
      --url string             Nirmata server base URL (env NIRMATA_URL)

Options inherited from parent commands

  -v, --v Level   log level for V logs

SEE ALSO