nctl scan kubernetes
nctl scan kubernetes
scan kubernetes resources
nctl scan kubernetes [flags]
Options
--audit-as-warn Report violations from policies in audit mode as warnings instead of failures
--cluster Scan resources in a cluster (default value false)
--cluster-name string Override name of cluster while publishing report to NPM
--continue-on-fail If set to true, will continue to apply policies on the next resource upon failure to apply to the current resource instead of exiting out
--debug Debug command
--details Show result details for violating resources
--devtest Use devtest 2 for offline cluster (default true)
--devtest-token string Token for devtest 2 for offline cluster (default "wb2dlU4yJJUubotYBsqllDWZa1cdfVDQL3CoYOqPsFlQ04BJtPa3H0UbNdg9H3BZ5gSMcze40IjGhfVofc3sqHaBMOKzHs3GVdhfzwuV6Qg=")
-e, --exception strings Policy exception to be considered when evaluating policies against resources
--exclude-cluster-polex Exclude in-cluster policy exceptions in evaluation of cluster scan
--exclude-cluster-policies Exclude in-cluster policies in evaluation of cluster scan
--exclude-cluster-res Exclude in-cluster resources in evaluation of cluster scan
--file string Output file
-h, --help help for kubernetes
--insecure allow connection to an address with a self-signed or non-verifiable certificate (not recommended)
--kube-context string the kube context from configured kubeconfig. Default is the current or sole context
--kubeconfig string kubeconfig path (defaults to $HOME/.kube/kubeconfig)
-l, --label strings Label selector in the format key=value
-n, --namespace strings Namespace of the resources to scan
-o, --output string Output format (text, sarif, json, polr, yaml) (default "text")
-p, --policies strings Path to policy files (local path, github URL, helm URL)
--policy-report string Output policy report file (in JSON format)
--policy-sets strings Comma-separated policy set names (pss-baseline, pss-restricted, rbac-best-practices)
--policy-view Use with --details to reverse the view from resource->policy to policy->resource
--publish Publish reports
--publish-token string scan reports publish token
--report-sourceid string Add source id for report created for local scan (is required for local scans; is the cluster id for cluster scan)
-r, --resources strings Path to resource files (local path, github URL)
--scan-report string Output scan report file (in JSON format)
--token string Nirmata API Login Key (env NIRMATA_TOKEN)
--url string Nirmata server base URL (env NIRMATA_URL)
--values-file string File containing values for policy variables
Options inherited from parent commands
-v, --v Level log level for V logs
SEE ALSO
- nctl scan - Scan resources