GitHub Action

A dedicated GitHub Action is availble through the GitHub marketplace. With this action, nctl scan can be used in the GitHub actions workflows to scan the configuration files present in the repository against the policies that are defined centrally. In case of a failure, the entire action can be configured to fail, meaning that the test pipeline will fail, and the users will get quick feedback for their changes. The results of the scan are available in NPM for viewing. NPM provides insights to platform administrators on overall governance of different code repositories in their organization.

Understanding the GitHub Action Workflow

To have a look at the workflow manifest file, refer to the scan-outputs.yaml file in the .github/workflows section of the nctl-shift-left Github repository.

Use the readily available nctl action.

- name: nctl-scan-installer
        uses: nirmata/action-install-nctl-scan@v0.0.5

Set the right environment secrets.

env:
  NIRMATA_TOKEN: ${{secrets.NIRMATA_TOKEN}}
  NIRMATA_URL: ${{secrets.NIRMATA_URL}}

Perform repository scan.

- name: NCTL Scan Repository
        run: nctl scan repository --policies <path|url to policy folder|repo>

View Scan Reports in NPM

By default, the results of the scan action are published to NPM. This allows administrators to govern their repositories alongside clusters and namespaces. Below is a snap shot of viewing scan reports in NPM.

Note: This is available as a private preview feature. Reach out to Nirmata Support to enrol for this feature.