v4.3.0

NCTL 4.3.0 Release Notes

v4.3.5

Enhancements

  • Added --show-remediations flag for the nctl scan command. Now you can view the available remediations for scan results.
  • Added scan-report output format for all scan commands. Use -o scan-report to get the output in the scan-report format.

v4.3.4

Enhancements

  • Added the --no-color flag to scan commands. This fixes the color issue when running in Jenkins pipelines.
  • Includes bug fixes across scan commands.
  • Nirmata Control Hub (NCH) rebranding changes.

v4.3.3

Enhancements

  • GitHub Personal Access Token (PAT) can be read from the environment variable GITHUB_TOKEN and need not be passed in the command line.
  • Support for Private Git repositories across all commands.
  • Scan GitLab repo directly from the command line using nctl scan repository <gitlab-repo-url>.
  • Add --branch flag to the nctl scan repository command to scan a specific branch locally.

v4.3.1

Enhancements

  • Add support for the --mutate-policies flag for the remediate command. It is now possible to point to local mutate files that can be used for remediation. This is useful when authoring the mutate policy.

Bug Fixes

  • Include cluster exceptions when scanning a Kubernetes cluster.

v4.3.0

New Features

  • Scan any cluster with either default policy sets or configured policy sets and exceptions in NCH without having to install anything in the cluster. The results can be published to NCH with the --publish flag.

Deprecation

  • Add a deprecation notice to the nctl cluster and nctl login commands. These will be removed in a future release.

Removal

  • Removed --exclude-cluster-policies, --exclude-cluster-exceptions, and --exclude-cluster-resources from the nctl scan kubernetes command. Users relying on this command now have to use --cluster to include all resources (policies, exceptions, and resources) from the cluster. Individual flags are also available to explicitly include resources from the cluster: --cluster-resources, --cluster-policies, and --cluster-exceptions.

Improvements

  • Added the ability to pull policy sets and policy exceptions from NCH.
  • Enhanced debug logging. Use the -v flag to view verbose logs.
  • Added new flags for the nctl scan kubernetes command: --cluster-resources, --cluster-policies, and --cluster-exceptions to explicitly include resources from the cluster.
  • Configure credentials for private Helm charts.

Bug Fixes

  • Remove the --namespace flag for the nctl scan helm command. This flag is not required for this command.
  • Support Git URLs as values for the -p and -r flags in the nctl scan command.
  • Remove info messages when the output format is json.