nctl scan repository
nctl scan repository
scan files in a git repository
nctl scan repository [flags]
Examples
# Scan the Nirmata demo-resources repository
nctl scan repository https://github.com/nirmata/demo-resources
# Scan the repository with a specific policy set
nctl scan repository https://github.com/nirmata/demo-resources --policy-sets pss-baseline,pss-restricted
# Scan the repository using specific policies from local and remote sources
nctl scan repository https://github.com/nirmata/demo-resources
# Scan a repository and output results to console in JSON format
nctl scan repository https://github.com/nirmata/demo-resources -o json
# Specify output format and save results to a file with default name (scan-report.json)
nctl scan repository https://github.com/nirmata/demo-resources -o json --file
# Specify output format and save results to a file with user defined name
nctl scan repository https://github.com/nirmata/demo-resources -o json --file=user-defined-name.json
# Scan a specific branch of the repository
nctl scan repository https://github.com/nirmata/demo-resources --branch main
# Enable audit mode to report violations as warnings instead of failures
nctl scan repository https://github.com/nirmata/demo-resources --audit-as-warn
# Display remediation suggestions for policy violations
nctl scan repository https://github.com/nirmata/demo-resources --remediate display
# Overwrite resource files with remediations
nctl scan repository https://github.com/nirmata/demo-resources --remediate overwrite
# Exclude a specific directory (use the full path as it appears in the repository),
# Avoid using single directory name like 'policies' for potential name collision on multi directory level.
nctl scan repository https://github.com/nirmata/demo-resources --exclude='nirmata/demo-resources/policies'
# Exclude a specific file by its exact name
nctl scan repository https://github.com/nirmata/demo-resources --exclude='disallow-secrets-from-env-vars.yaml'
# Exclude all YAML files (case-insensitive) using a regex pattern
nctl scan repository https://github.com/nirmata/demo-resources --exclude-regex='(?i)\.ya?ml$'
Options
--analyze Analyze cluster using AI
--analyzers strings Analyzers to enable (all,dockerfile,json,kubernetes,terraform-config,terraform-plan,terraform-state) (default [all])
--audit-as-warn Report violations from policies in audit mode as warnings instead of failures
--branch string name of the branch
--details Show result details for violating resources (default true)
--exclude strings List of filenames to exclude during the scan, separated by commas.
--exclude-regex string Regex pattern for excluding files during the scan.
--file string[="scan-report"] Output file (if --file is used without a value, defaults to 'scan-report')
-h, --help help for repository
--include strings List of filenames to include during the scan, separated by commas.
--include-regex string Regex pattern for including files during the scan. If not provided, all files are included.
--insecure allow connection to an address with a self-signed or non-verifiable certificate (not recommended)
--labels strings Report label
--no-color disable the colors for the stdout reports
-o, --output string Output format (text, json, yaml, scan-report) (default "text")
-p, --policies strings Path to policy files (local path, github URL, helm URL)
--policy-sets strings policy set names (pss-baseline, pss-restricted, rbac-best-practices)
--publish Publish reports (default true)
--publish-token string scan reports publish token
--remediate string Remediate resources ('show', 'patch')
--token string Nirmata API Login Key (env NIRMATA_TOKEN)
--url string Nirmata server base URL (env NIRMATA_URL)
Options inherited from parent commands
-v, --v Level log level for V logs
SEE ALSO
- nctl scan - Scan resources