nctl scan kubernetes

nctl scan kubernetes

scan kubernetes resources

nctl scan kubernetes [flags]

Options

      --audit-as-warn              Report violations from policies in audit mode as warnings instead of failures
      --cluster                    Scan resources in a cluster (default value false)
      --cluster-name string        Override name of cluster while publishing report to NPM
      --continue-on-fail           If set to true, will continue to apply policies on the next resource upon failure to apply to the current resource instead of exiting out
      --debug                      Debug command
      --details                    Show result details for violating resources
      --devtest                    Use devtest 2 for offline cluster (default true)
      --devtest-token string       Token for devtest 2 for offline cluster (default "wb2dlU4yJJUubotYBsqllDWZa1cdfVDQL3CoYOqPsFlQ04BJtPa3H0UbNdg9H3BZ5gSMcze40IjGhfVofc3sqHaBMOKzHs3GVdhfzwuV6Qg=")
  -e, --exception strings          Policy exception to be considered when evaluating policies against resources
      --exclude-cluster-polex      Exclude in-cluster policy exceptions in evaluation of cluster scan
      --exclude-cluster-policies   Exclude in-cluster policies in evaluation of cluster scan
      --exclude-cluster-res        Exclude in-cluster resources in evaluation of cluster scan
      --file string                Output file
  -h, --help                       help for kubernetes
      --insecure                   allow connection to an address with a self-signed or non-verifiable certificate (not recommended)
      --kube-context string        the kube context from configured kubeconfig. Default is the current or sole context
      --kubeconfig string          kubeconfig path (defaults to $HOME/.kube/kubeconfig)
  -l, --label strings              Label selector in the format key=value
  -n, --namespace strings          Namespace of the resources to scan
  -o, --output string              Output format (text, sarif, json, polr, yaml) (default "text")
  -p, --policies strings           Path to policy files (local path, github URL, helm URL)
      --policy-report string       Output policy report file (in JSON format)
      --policy-sets strings        Comma-separated policy set names (pss-baseline, pss-restricted, rbac-best-practices)
      --policy-view                Use with --details to reverse the view from resource->policy to policy->resource
      --publish                    Publish reports
      --publish-token string       scan reports publish token
      --report-sourceid string     Add source id for report created for local scan (is required for local scans; is the cluster id for cluster scan)
  -r, --resources strings          Path to resource files (local path, github URL)
      --scan-report string         Output scan report file (in JSON format)
      --token string               Nirmata API Login Key (env NIRMATA_TOKEN)
      --url string                 Nirmata server base URL (env NIRMATA_URL)
      --values-file string         File containing values for policy variables

Options inherited from parent commands

  -v, --v Level   log level for V logs

SEE ALSO