nctl scan repository
nctl scan repository
scan files in a git repository
nctl scan repository [flags]
Examples
# Scan the Nirmata demo-resources repository
nctl scan repository https://github.com/nirmata/demo-resources
# Scan the repository with a specific policy set
nctl scan repository https://github.com/nirmata/demo-resources --policy-sets pss-baseline,pss-restricted
# Scan the repository using specific policies from local and remote sources
nctl scan repository https://github.com/nirmata/demo-resources -p /path/to/policy.yaml,https://github.com/example/policy.yaml
# Scan a specific branch of the repository
nctl scan repository https://github.com/nirmata/demo-resources --branch main
# Enable audit mode to report violations as warnings instead of failures
nctl scan repository https://github.com/nirmata/demo-resources --audit-as-warn
# Display remediation suggestions for policy violations
nctl scan repository https://github.com/nirmata/demo-resources --remediate display
# Overwrite resource files with remediations
nctl scan repository https://github.com/nirmata/demo-resources --remediate overwrite
Options
--analyzers strings Analyzers to enable (all,dockerfile,json,kubernetes,terraform-config,terraform-plan,terraform-state) (default [all])
--audit-as-warn Report violations from policies in audit mode as warnings instead of failures
--branch string name of the branch
--details Show result details for violating resources
--file string Output file
-h, --help help for repository
--insecure allow connection to an address with a self-signed or non-verifiable certificate (not recommended)
--labels strings Report label
--no-color disable the colors for the stdout reports
-o, --output string Output format (text, json, yaml, scan-report) (default "text")
-p, --policies strings Path to policy files (local path, github URL, helm URL)
--policy-sets strings policy set names (pss-baseline, pss-restricted, rbac-best-practices)
--publish Publish reports (default true)
--publish-token string scan reports publish token
--remediate string Remediate resources ('show', 'patch')
--token string Nirmata API Login Key (env NIRMATA_TOKEN)
--url string Nirmata server base URL (env NIRMATA_URL)
Options inherited from parent commands
-v, --v Level log level for V logs
SEE ALSO
- nctl scan - Scan resources