v4.3.0

NCTL 4.3.0 Release Notes

v4.3.1

Enhancements

  • Add support for --mutate-policies flag for the remediate command. It is now possible to point to local mutate files that can be used for remediation. This is useful when authoring the mutate policy.

Bug Fixes

  • Include cluster exceptions when scanning a Kubernetes cluster.

v4.3.0

New Features

  • Scan any cluster with either default policysets or configured policysets and exceptions in NCH without having to install anything in the cluster. The results can be published to NCH with the --publish flag.

Deprecation

  • Add deprecation notice to nctl cluster and nctl login commands. This will be removed in a future release.

Removal

  • Removed --exclue-cluster-policies, --exclude-cluster-exceptions, --exclude-cluster-resources from nctl scan kubernetes command. For users relying on this command now have to use --cluster to include all resources (policies, exceptions, and resources) from the cluster. Individual flags are also available to explicitly include resources from the cluster: --cluster-resources, --cluster-policies, and --cluster-exceptions.

Improvements

  • Added the ability to pull policysets and policy exceptions from NCH.
  • Enhanced debug logging. Use the -v flag to view verbose logs.
  • Added new flags for nctl scan kubernetes command: --cluster-resources, --cluster-policies, and --cluster-exceptions to explicitly include resources from the cluster.
  • Configure credentials for private Helm chart.

Bug Fixes

  • Remove the --namespace flag for nctl scan helm command. This flag is not required for this command.
  • Support Git URLs as values for -p and -r flags in nctl scan command.
  • Remove info messages when output format is json.