--- title: "v4.7.0" description: "NCTL 4.7.x Release Notes" diataxis: how-to applies_to: product: "nctl" audience: ["developer","platform-engineer"] last_updated: 2026-03-25 url: https://docs.nirmata.io/docs/release-notes/nctl/v4.7/ --- ## v4.7.10 ### Enhancements * Added ValidatingPolicy support to all scan types. ### Bug Fixes * Fixed incorrect filepath issue for AI remediations. * Automatically add all required permissions for RBAC policyset to reports-controller when using `nctl add cluster`. * CVE fixes ## v4.7.9 ### Updates * Support for AI auto-remediations for resources present in the cluster. ### Bug Fixes * Fix `nctl scan helm --help` showing irrelevant flags. * Fix `nctl scan repository` when local kubeconfig points to an EKS cluster. For scan repository, kubeconfig should not produce any side effects. * CVE fixes ## v4.7.8 ### Updates * Improve logging. Use the `klog` style verbosity logging. * Remove support for `terraform-config` (`.tf`) and `terraform-state` (`.tfstate`) extensions from terraform scan. * Remove (old) remediation annotation from scan report results. ### Bug Fixes * Fix file count mismatch for non-k8s files in repository scanning. * Add more e2e tests for better coverage of `nctl`. ## v4.7.4 ### Major Changes * Using nctl to install Kyverno Operator and Nirmata Kube Controller follow secure-by-default standards (i.e., provide readonly access to resources). * Removed `nctl install` command. The recommended installation method for Enterprise Kyverno and Operator is via Helm. * `nctl scan kubernetes` now include K8s best practices policies out-of-the-box. * Add support for Kyverno 1.14's ValidatingPolicy in `nctl scan kubernetes` command. * Changes to `nctl login` command. By default login is for Nirmata Control Hub. ### Enhancements * Include cluster name in SARIF reports. * Remove redundant logs from `nctl scan` command. * Exclude specific files or directories when using `nctl scan repository` command. * Support for `--analyze` flag for `nctl scan repository` command. * Added support for csv as a policy report output format. * Added severity field in detailed scan reports. * Support for directories in `nctl scan remediate` command.