GitHub Action
A dedicated GitHub Action is availble through the GitHub marketplace. With this action, nctl scan
can be used in the GitHub actions workflows to scan the configuration files present in the repository against the policies that are defined centrally. In case of a failure, the entire action can be configured to fail, meaning that the test pipeline will fail, and the users will get quick feedback for their changes. The results of the scan are available in NPM for viewing. NPM provides insights to platform administrators on overall governance of different code repositories in their organization.
Understanding the GitHub Action Workflow
To have a look at the workflow manifest file, refer to the scan-outputs.yaml
file in the .github/workflows
section of the nctl-shift-left Github repository.
Use the readily available nctl
action.
- name: nctl-scan-installer
uses: nirmata/action-install-nctl-scan@v0.0.6
Set the right environment secrets.
env:
NIRMATA_TOKEN: ${{secrets.NIRMATA_TOKEN}}
NIRMATA_URL: ${{secrets.NIRMATA_URL}}
Perform repository scan.
- name: NCTL Scan Repository
run: nctl scan repository --policies <path|url to policy folder|repo>
View Scan Reports in NPM
By default, the results of the scan action are published to NPM. This allows administrators to govern their repositories alongside clusters and namespaces. Below is a snap shot of viewing scan reports in NPM.
Note: This is available as a private preview feature. Reach out to Nirmata Support to enrol for this feature.