Announcing Nirmata Control (nctl): The Universal Infrastructure as Code Scanner for IaC Scanning and IaC Security

Announcing Nirmata Control (nctl): The Universal Infrastructure as Code Scanner for IaC Scanning and IaC Security

Nirmata Control (nctl) for IaC scanning and IaC security

Nirmata Control (nctl) for IaC scanning and IaC security

At Nirmata, we are thrilled to introduce Nirmata Control (nctl), our new Command Line Interface (CLI) tool that redefines how you manage and secure your cloud native infrastructure and code. Designed with security and efficiency in mind, nctl empowers platform engineering and security teams to seamlessly integrate security into their workflows and ensures policy compliance across their entire cloud-native infrastructure.

What makes nctl unique is its universal Infrastructure as Code (IaC) scanning capability, allowing teams to scan virtually any IaC resource for misconfigurations and vulnerabilities. With deep support for Dockerfiles, Kubernetes manifests, Terraform, AWS CDK and other IaC tools, nctl helps teams “shift-left” security, catching issues early in development. Plus, with built-in remediation capabilities, it doesn’t just point out problems – it helps you fix them.

A Universal Infrastructure as Code Scanner

As cloud-native infrastructure becomes more complex, managing security and compliance can feel like an uphill battle. Misconfigurations in IaC can lead to significant security risks, but spotting them early is no easy task. That’s where Nirmata Control (nctl) comes in for universal IaC scanning.

nctl scans a wide variety of infrastructure as code resources, including:

  • Kubernetes Manifests: Scan your Kubernetes configurations to ensure they align with best practices and security policies.
  • Terraform & OpenTofu Plans: Identify vulnerabilities and misconfigurations in your infrastructure deployments. Check out this blog post for OpenTofu scanning!
  • Dockerfiles: Ensure that your container images are secure and built as per organization’s best practices.
  • AWS CDK and CloudFormation: Protect your cloud infrastructure by scanning and validating your AWS infrastructure code. Check out this example!
  • Ansible Playbooks: Automate security checks within your Ansible workflows to prevent issues before they arise. Here is an example!

With a single tool, nctl helps you achieve continuous compliance across your entire cloud-native stack, ensuring that your IaC deployments adhere to security policies and best practices at all times.

Comprehensive IaC Scanning for Early Risk Detection

When it comes to infrastructure security, time is of the essence. The earlier you can catch a misconfiguration or IaC security vulnerability, the easier and cheaper it is to fix. That’s why nctl’s scanning capabilities are built to identify risks as soon as they arise, right from your CI/CD pipelines and IaC workflows.

Whether you are developing applications with Kubernetes, managing infrastructure through Terraform, or deploying cloud services via AWS CDK, nctl performs a comprehensive scan of your resources. It checks for misconfigurations, policy violations, and known vulnerabilities to provide actionable insights – helping teams prevent costly issues before they make it to production.

With nctl, you can integrate IaC scanning into your CI/CD pipelines, ensuring that every change is checked against your security policies before it is deployed. This significantly reduces the risk of configuration drift, non-compliance, or introducing unintentional IaC security gaps.

Advanced Remediation Capabilities: From Detection to Fix

One of the most powerful features of nctl is its remediation capabilities. Security tools often stop at identifying vulnerabilities, leaving teams to figure out how to resolve them. With nctl, we take things a step further by not only detecting the issues but also offering solutions and guidance to the developers in resolving those issues faster.

Using the `remediate` command, nctl provides recommended fixes for any violations detected during a scan. For example, if your Kubernetes resource does not comply with best practices or security policies, nctl will show you exactly what needs to be changed and even generate the corrected YAML output.

Here’s how it works:

  1. Scan for Violations: Run `nctl scan` to identify policy violations in your Kubernetes, Terraform, or other IaC resources.
  2. Apply Remediation: Run `nctl remediate` to see suggested fixes. The CLI will show how the resource can be updated to comply with your organization’s security policies.
  3. Fix and Deploy: Apply the recommended changes, and you’ll have a fully remediated YAML or configuration file ready for deployment.

This ability to automate remediation dramatically accelerates development cycles, reduces manual errors, and ensures that security best practices are consistently enforced across all environments. Check out this video.

Nirmata Control Hub (NCH) Integration

While nctl works as a standalone tool, it also integrates seamlessly with Nirmata Control Hub (NCH), providing an extra layer of policy management and governance. From the CLI, you can interact directly with NCH, onboarding new clusters, managing policy exceptions, and enforcing policies at scale.

For teams using Kyverno, Nirmata Control Hub offers a rich set of features, including curated policy sets, insights, alerts, and reports, all integrated into nctl to give you complete control over your overall Kubernetes and Cloud security posture.

Universal, Flexible, and Fast

Whether you are managing a few clusters or hundreds, nctl’s universal IaC scanning and remediation features make it an indispensable tool for today’s platform and security teams. Its flexibility allows it to work with virtually any IaC tool, while its speed and simplicity ensure that it can be quickly integrated into any existing workflows without slowing down your development cycles.

nctl’s combination of scanning, remediation, and policy enforcement means that teams can maintain security-first development practices without sacrificing speed or agility.

Ready to Get Started?

Nirmata Control (nctl) is ready to transform how you secure your cloud-native infrastructure and is available now for free! To learn more about how nctl works and explore its documentation, visit our official nctl documentation.

Don’t wait until security incidents happen—shift left and shift down, automate remediation, and ensure your infrastructure is secure with Nirmata Control.

Get started today and take control of your IaC security like never before!

For any questions or to learn how nctl can fit into your security strategy, feel free to reach out. We’re here to help you succeed! Learn more about our IaC pipeline scanning solution while you’re here.

Introducing Offline Cluster Scanning with Nirmata
Optimizing Ansible Playbooks for Security and Efficiency with Nirmata
No Comments

Sorry, the comment form is closed at this time.