--- title: "EOL Releases" description: "End of Life (EOL) Releases of NCTL" diataxis: how-to applies_to: product: "nctl" audience: ["developer","platform-engineer"] last_updated: 2026-04-16 url: https://docs.nirmata.io/docs/release-notes/nctl/eol/ --- ## v4.5 ### v4.5.0 #### Enhancements * AI-powered remediations enable automated resolution of misconfigurations using Nirmata's AI technology, enhancing speed and consistency across scans. * Unified `--show-remediation` flag added across all scan commands, including Repository, Kubernetes, Terraform, JSON, Helm, and Docker scans. * Removed AWS scan functionality to streamline supported features in NCTL. * Help documentation updated to include clear usage examples for all NCTL commands. * Refactored loader logic for improved modularity and code maintainability. * Internal package structure reorganized to improve scalability and long-term maintainability. #### Bug Fixes * Clear error message now shown when the Kubernetes cluster is unreachable during scan. * Fixed issue where `--remediate patch` updated temporary files unintentionally. * Fixed multiple remediations being triggered for a single source file during scan. ## v4.3 ### v4.3.5 #### Enhancements * Added `--show-remediations` flag for the nctl scan command. Now you can view the available remediations for scan results. * Added `scan-report` output format for all scan commands. Use `-o scan-report` to get the output in the scan-report format. ### v4.3.4 #### Enhancements * Added the `--no-color` flag to scan commands. This fixes the color issue when running in Jenkins pipelines. * Includes bug fixes across scan commands. * Nirmata Control Hub rebranding changes. ### v4.3.3 #### Enhancements * GitHub Personal Access Token (PAT) can be read from the environment variable GITHUB_TOKEN and need not be passed in the command line. * Support for Private Git repositories across all commands. * Scan GitLab repo directly from the command line using `nctl scan repository `. * Add `--branch` flag to the `nctl scan repository` command to scan a specific branch locally. ### v4.3.1 #### Enhancements * Add support for the `--mutate-policies` flag for the `remediate` command. It is now possible to point to local mutate files that can be used for remediation. This is useful when authoring the mutate policy. #### Bug Fixes * Include cluster exceptions when scanning a Kubernetes cluster. ### v4.3.0 #### New Features * Scan **any** cluster with either default policy sets or configured policy sets and exceptions in Nirmata Control Hub without having to install anything in the cluster. The results can be published to Nirmata Control Hub with the `--publish` flag. #### Deprecation * Add a deprecation notice to the `nctl cluster` and `nctl login` commands. These will be removed in a future release. ### Removal * Removed `--exclude-cluster-policies`, `--exclude-cluster-exceptions`, and `--exclude-cluster-resources` from the `nctl scan kubernetes` command. Users relying on this command now have to use `--cluster` to include all resources (policies, exceptions, and resources) from the cluster. Individual flags are also available to explicitly include resources from the cluster: `--cluster-resources`, `--cluster-policies`, and `--cluster-exceptions`. #### Improvements * Added the ability to pull policy sets and policy exceptions from Nirmata Control Hub. * Enhanced debug logging. Use the `-v` flag to view verbose logs. * Added new flags for the `nctl scan kubernetes` command: `--cluster-resources`, `--cluster-policies`, and `--cluster-exceptions` to explicitly include resources from the cluster. * Configure credentials for private Helm charts. #### Bug Fixes * Remove the `--namespace` flag for the `nctl scan helm` command. This flag is not required for this command. * Support Git URLs as values for the `-p` and `-r` flags in the `nctl scan` command. * Remove info messages when the output format is `json`. ## v4.2 ### v4.2.1 #### New Features * Install nctl v4.2.1 with the help of Homebrew on macOS and Linux devices. Learn more about `nctl` installation with Homebrew from the [official documentation](https://docs.nirmata.io/docs/nctl/installation/). #### Minor updates and Bug Fixes * Add name and ID labels in the scan command. * Fix CVE for nctl v4.2.0. * Fix Terraform plan scanning. * Fix Terraform state scanning. * Fix silent errors in scan commands. ### v4.2.0 This release comes with new features, updates, and bug fixes. #### New Features * Use nctl to integrate the PolicyException workflow in Nirmata Control Hub with GitOps. As part of this, new commands are added to `nctl`. ```bash nctl login github nctl create pull-request ```text #### Enhancements * Support `polr` output format for kubernetes scan results. * Support `--details` for non-K8s scans to display detailed outputs. * A new flag `--continue-on-fail` is added to continue processing results even if there is some error or the Kyverno engine panics. It is not advisable to use this flag unless absolutely needed. This flag may be deprecated and removed in the future. #### Minor Updates and Bug Fixes * Update stdout text for scan results. * Fixed dockerfile scan when policy reference is a GitHub path. * Fixed regressions for `nctl remediate` command. * Scan locally cloned repository and publish results to Nirmata Control Hub (cloned either with ssh or https). ## v4.1 ### v4.1.5 #### New features * Introduced a top-level label in scan reports to identify whether the report ID was autogenerated or user-provided. #### Updates and Bug Fixes * Added a label for remediation docs in non-K8s reports. * Fixed policy UID to match for non-K8s resources in reports and policies sent to Nirmata Control Hub. * Fixed violation messages for non-K8s scan results. * Upgraded Kyverno version to 1.12.5. > Note: v4.1.3 and v4.1.4 are faulty versions. It is advisable to use v4.1.5 for work. ### v4.1.2 #### Bug Fixes * Fixed CVE with the update of Golang version 1.22.4. ### v4.1.1 #### Updates and Bug Fixes * Removed the `--cluster-name` flag from the `scan kubernetes` command. * Fixed inconsistency within the `scan helm` command. * Fixed incorrect usage of the explicit `values.yaml` file for a Helm chart. ### v4.1.0 This release comes with new features, updates, and bug fixes. #### New Features * Added support for scanning both public and private Helm charts. * Introduced a new command to scan AWS ECS resources. Refer to the [scan command](../../commands/v4.x/scan/aws/ecs/_index.md) for more details. * `nctl transform` command helps to convert resource files into their JSON equivalent. This is useful when writing Kyverno JSON policies that need JSON input payloads. #### Updates and Bug Fixes * Supported the `--publish` flag for all types of scan commands to publish reports to Nirmata Control Hub. * Fixed status `403 error code` in the `scan kubernetes --cluster` command. * Fixed the `add cluster` command when the user provides custom configuration. * Added the `--audit-as-warn` flag for all types of scan commands so that the command does not exit with a non-zero status. This is useful in CI pipelines to only flag the violation and not fail the pipeline itself. ## v4.0 The major improvements and additions of the above version are listed below: ### UX Improvements The v4.0.0 release is a huge release with most commands having **breaking UX changes**. The general syntax follows the conventional ` ` format. >**Note**: Only the `nctl clusters` command follows backward compatibility with 3.x, and all other commands should be carefully investigated before upgrading to this new release. Please contact [Nirmata Support](mailto:support@nirmata.com) for more information and assistance. Refer to the list of 4.x compatible commands [here](https://docs.nirmata.io/docs/nctl/commands/nctl/). ### New Commands #### nctl scan repository Scan any Git repository using the `nctl scan repository` command. This command will recursively scan the entire repository against the policies as configured with the `-p` flag. Nirmata Control Hub customers can view the scan results in Nirmata Control Hub under the Policy Reports > Repositories tab. Learn more about the pipeline scanning workflow [here](https://docs.nirmata.io/docs/control-hub/how-to/pipelinescanning/github-action/).