Quick Start
The Nirmata Controller (nctl) is a command line application that makes it easy to scan Kubernetes, Terraform, Dockerfiles and other resources for misconfigurations using default or custom Kyverno policy sets.
You can use nctl to apply policies and shift-left by applying policies to Kubernetes and IaC resources directly in your code repositories, or to scan Kubernetes clusters without installing a policy engine as an admission controller in each cluster.
Install nctl
Install nctl using Homebrew:
brew tap nirmata/tap
brew install nctl
For more installation options, refer to the installation guide.
Scan a Kubernetes Cluster
To scan a Kubernetes Cluster and publish the report, run:
nctl scan kubernetes --cluster --publish
This command will scan your cluster using default policy sets (Pod Security Standards, RBAC Best Practices, and Kubernetes Best Practices) and publish a shareable report to Nirmata Control Hub (NCH). An email will be required to sign-in.
To view additional options and detailed examples, run:
nctl scan kubernetes --help
Scan a repository
To scan a Git repository, run:
nctl scan repository https://github.com/nirmata/demo-resources
To scan manifests in the current repository, run:
nctl scan repository .
For more information and examples, run:
nctl scan repository --help
Login to the NCH
To interact with the Nirmata Control Hub (NCH), you should first login to your account.
nctl login
Note: Enter the right URL, email address, and the API Key associated with your account. The API Key can be generated by logging into your Nirmata account and navigating to the Settings -> Profile tab. Upon successful login, you should see this line in the output: Validating user credentials...done!. The configuration is written to ~/.nirmata/config
Commands Help
For the available commands and details for each command, refer to the Commands section.
To learn more about the commands and different arguments supported, you can also view the command help. Here are a few examples.
nctl help
nctl scan --help