nctl scan github-actions
Scan GitHub Actions workflow files for security vulnerabilities
nctl scan github-actions [path] [flags]
Examples
# Scan the current directory for GitHub Actions workflows
nctl scan github-actions
# Scan a specific local repository path
nctl scan github-actions /path/to/repo
# Scan with additional custom policies on top of the built-in set
nctl scan github-actions --policies ./my-policies --severity high
# Output SARIF for GitHub Code Scanning integration
nctl scan github-actions --output sarif > results.sarif
# Publish results to Nirmata Control Hub
nctl scan github-actions --publish
# Scan and save a JSON report
nctl scan github-actions --scan-report ./report.json
Options
--audit-as-warn Report violations from policies in audit mode as warnings instead of failures
--details Show result details for violating resources (default true)
--file string[="scan-report"] Output file (if --file is used without a value, defaults to 'scan-report')
--git-token string Git authentication token (for Git URLs in --policies)
--git-username string Git username (for Git URLs in --policies)
-h, --help help for github-actions
--no-color disable the colors for the stdout reports
-o, --output string Output format (text, json, yaml, scan-report, sarif) (default "text")
-p, --policies strings Path to policy files (optional; bundled defaults used when omitted)
--publish Publish reports
--publish-token string scan reports publish token
--remediate string Remediate resources ('show', 'patch')
--report-sourceid string Add source id for report created for local scan
--scan-report string Output scan report file (in JSON format)
Options inherited from parent commands
-v, --v Level number for the log level verbosity
SEE ALSO
- nctl scan - Scan resources