nctl scan helm

nctl scan helm

scan helm-charts

nctl scan helm [flags]

Examples


  # Scan a Helm chart from a local path
  nctl scan helm -r /path/to/helm-chart

  # Scan a Helm chart with a specific policy set
  nctl scan helm -r /path/to/helm-chart --policy-sets pss-baseline,pss-restricted

  # Scan a Helm chart with local and remote policy files
  nctl scan helm -r /path/to/helm-chart -p /path/to/policy.yaml,https://github.com/example/policy.yaml

  # Scan a Helm chart and output results to console
  nctl scan helm -r /path/to/helm-chart -o json

  # Specify output format and save results to a file with default name (scan-report.json)
  nctl scan helm -r /path/to/helm-chart -o json --file

  # Specify output format and save results to a file with user defined name
  nctl scan helm -r /path/to/helm-chart -o json --file=user-defined-name.json

  # Enable detailed result view for violating resources
  nctl scan helm -r /path/to/helm-chart --details

  # Disable color in the scan report output
  nctl scan helm -r /path/to/helm-chart --no-color

Options

      --audit-as-warn                 Report violations from policies in audit mode as warnings instead of failures
      --details                       Show result details for violating resources (default true)
  -e, --exceptions strings            Policy exceptions to be considered when evaluating policies against resources
      --file string[="scan-report"]   Output file (if --file is used without a value, defaults to 'scan-report')
  -h, --help                          help for helm
      --insecure                      allow connection to an address with a self-signed or non-verifiable certificate (not recommended)
      --kube-context string           the kube context from configured kubeconfig. Default is the current or sole context
      --kubeconfig string             kubeconfig path (defaults to $HOME/.kube/kubeconfig)
      --no-color                      disable the colors for the stdout reports
  -o, --output string                 Output format (text, json, yaml, scan-report) (default "text")
  -p, --policies strings              Path to policy files (local path, github URL, helm URL)
      --policy-sets strings           Comma-separated policy set names (pss-baseline, pss-restricted, rbac-best-practices)
      --policy-view                   Use with --details to reverse the view from resource->policy to policy->resource
      --publish                       Publish reports
      --publish-token string          scan reports publish token
      --report-sourceid string        Add source id for report created for local scan
  -r, --resources strings             Path to resource files (local path, github URL)
      --token string                  Nirmata API Login Key (env NIRMATA_TOKEN)
      --url string                    Nirmata server base URL (env NIRMATA_URL)
      --values string                 File containing values for policy variables
      --values-file strings           Path to values files

Options inherited from parent commands

  -v, --v Level   log level for V logs

SEE ALSO