nctl scan dockerfile

Scan Command

Scan Dockerfile resources

nctl scan dockerfile -r <path to dockerfile> -p <path to policies>

Use this command to scan and validate a Dockerfile against custom policies. JSON equivalent of the Dockerfile can also be obtained by using the --show-json flag: nctl scan dockerfile -r <path to dockerfile> --show-json

Scan Options

Flag Shorthand Description
--file <string> mention the file name to store scan result
--help -h help for dockerfile command
--output <string> -o choose the output format of scan result. Available options are: json, text,yaml and sarif with the default option being text
--policies <strings> -p specify path to policy files (local path, github URL, helm URL) to scan against custom policies
--policy-sets <string> scan against different policy sets in one command, use this flag to provide a comma-separated list of policy sets to scan the resources(pss-baseline, pss-restricted, rbac-best-practices)
--resources <strings> -r Path to resource files (local path, github URL). scan specific resource files instead of all resources in a cluster, use this flag to point to a local path or gitHub URL containing the resource files.
--show-json convert a non-kubernetes resource type(ex: Dockerfile) to JSON format
--userinfo <string> -u admission Info including roles, cluster roles and subjects