nctl scan repository

nctl scan repository

scan files in a git repository

nctl scan repository [flags]

Examples


  # Scan the Nirmata demo-resources repository
  nctl scan repository https://github.com/nirmata/demo-resources

  # Scan the repository with a specific policy set
  nctl scan repository https://github.com/nirmata/demo-resources --policy-sets pss-baseline,pss-restricted

  # Scan the repository using specific policies from local and remote sources
  nctl scan repository https://github.com/nirmata/demo-resources 

    # Scan a repository and output results to console in JSON format
  nctl scan repository https://github.com/nirmata/demo-resources -o json

  # Specify output format and save results to a file with default name (scan-report.json)
  nctl scan repository https://github.com/nirmata/demo-resources -o json --file

  # Specify output format and save results to a file with user defined name
  nctl scan repository https://github.com/nirmata/demo-resources -o json --file=user-defined-name.json

  # Scan a specific branch of the repository
  nctl scan repository https://github.com/nirmata/demo-resources --branch main

  # Enable audit mode to report violations as warnings instead of failures
  nctl scan repository https://github.com/nirmata/demo-resources --audit-as-warn

  # Display remediation suggestions for policy violations
  nctl scan repository https://github.com/nirmata/demo-resources --remediate display

  # Overwrite resource files with remediations
  nctl scan repository https://github.com/nirmata/demo-resources --remediate overwrite

  # Exclude a specific directory (use the full path as it appears in the repository), 
  # Avoid using single directory name like 'policies' for potential name collision on multi directory level.
  nctl scan repository https://github.com/nirmata/demo-resources --exclude='nirmata/demo-resources/policies'

  # Exclude a specific file by its exact name
  nctl scan repository https://github.com/nirmata/demo-resources --exclude='disallow-secrets-from-env-vars.yaml'

  # Exclude all YAML files (case-insensitive) using a regex pattern
  nctl scan repository https://github.com/nirmata/demo-resources --exclude-regex='(?i)\.ya?ml$'

Options

      --analyze                       Analyze cluster using AI
      --analyzers strings             Analyzers to enable (all,dockerfile,json,kubernetes,terraform-config,terraform-plan,terraform-state) (default [all])
      --audit-as-warn                 Report violations from policies in audit mode as warnings instead of failures
      --branch string                 name of the branch
      --details                       Show result details for violating resources (default true)
      --exclude strings               List of filenames to exclude during the scan, separated by commas.
      --exclude-regex string          Regex pattern for excluding files during the scan.
      --file string[="scan-report"]   Output file (if --file is used without a value, defaults to 'scan-report')
  -h, --help                          help for repository
      --include strings               List of filenames to include during the scan, separated by commas.
      --include-regex string          Regex pattern for including files during the scan. If not provided, all files are included.
      --insecure                      allow connection to an address with a self-signed or non-verifiable certificate (not recommended)
      --labels strings                Report label
      --no-color                      disable the colors for the stdout reports
  -o, --output string                 Output format (text, json, yaml, scan-report) (default "text")
  -p, --policies strings              Path to policy files (local path, github URL, helm URL)
      --policy-sets strings           policy set names (pss-baseline, pss-restricted, rbac-best-practices)
      --publish                       Publish reports (default true)
      --publish-token string          scan reports publish token
      --remediate string              Remediate resources ('show', 'patch')
      --token string                  Nirmata API Login Key (env NIRMATA_TOKEN)
      --url string                    Nirmata server base URL (env NIRMATA_URL)

Options inherited from parent commands

  -v, --v Level   log level for V logs

SEE ALSO