v4.7.0

NCTL 4.7.x Release Notes

v4.7.10

Enhancements

  • Added ValidatingPolicy support to all scan types.

Bug Fixes

  • Fixed incorrect filepath issue for AI remediations.
  • Automatically add all required permissions for RBAC policyset to reports-controller when using nctl add cluster.
  • CVE fixes

v4.7.9

Updates

  • Support for AI auto-remediations for resources present in the cluster.

Bug Fixes

  • Fix nctl scan helm --help showing irrelevant flags.
  • Fix nctl scan repository when local kubeconfig points to an EKS cluster. For scan repository, kubeconfig should not produce any side effects.
  • CVE fixes

v4.7.8

Updates

  • Improve logging. Use the klog style verbosity logging.
  • Remove support for terraform-config (.tf) and terraform-state (.tfstate) extensions from terraform scan.
  • Remove (old) remediation annotation from scan report results.

Bug Fixes

  • Fix file count mismatch for non-k8s files in repository scanning.
  • Add more e2e tests for better coverage of nctl.

v4.7.4

Major Changes

  • Using nctl to install Kyverno Operator and Nirmata Kube Controller follow secure-by-default standards (i.e., provide readonly access to resources).
  • Removed nctl install command. The recommended installation method for Enterprise Kyverno and Operator is via Helm.
  • nctl scan kubernetes now include K8s best practices policies out-of-the-box.
  • Add support for Kyverno 1.14’s ValidatingPolicy in nctl scan kubernetes command.
  • Changes to nctl login command. By default login is for NCH.

Enhancements

  • Include cluster name in SARIF reports.
  • Remove redundant logs from nctl scan command.
  • Exclude specific files or directories when using nctl scan repository command.
  • Support for --analyze flag for nctl scan repository command.
  • Added support for csv as a policy report output format.
  • Added severity field in detailed scan reports.
  • Support for directories in nctl scan remediate command.