Options
Flags
Flags for kubescape scan
command.
flag | default | description | options |
---|---|---|---|
-e /--exclude-namespaces | Scan all namespaces | Namespaces to exclude from scanning. Recommended to exclude kube-system and kube-public namespaces | |
--include-namespaces | Scan all namespaces | Scan specific namespaces | |
-t /--compliance-threshold | 100 (do not fail) | fail command (return exit code 1) if the result is above the threshold | 0% -> 100% |
-f /--format | pretty-printer | Output format | pretty-printer /json /junit /prometheus /pdf |
-o /--output | print to stdout | Save scan result in the file | |
--use-from | Load local framework object from the specified path. If not used will download the latest | ||
--use-artifacts-from | Load artifacts (frameworks, control-config, exceptions) from a local directory. If not used will download them | ||
--use-default | false | Load local framework object from default path. If not used will download the latest | true /false |
--exceptions | Path to an exceptions obj, examples. The default will download exceptions from Kubescape Cloud Platform | ||
--controls-config | Path to a controls-config obj. If not set will download controls-config from the Kubescape Cloud Platform. docs | ||
--severity-threshold | The severity threshold is the severity of failed controls at which the command fails and returns exit code 1 | low / medium / high / critical | |
--keep-local | false | Kubescape will not send scan results to the Cloud Platform. Use this flag if you run with the --account flag in the past and you do not want to submit your current scan results | true /false |
--account | Cloud Platform account ID. The default will load the account ID from configMap or config file | ||
--kube-context | current-context | Cluster context to scan | |
--verbose | false | Display all of the input resources and not only failed resources | true /false |
Global Flags
flag | type | default | description | options |
---|---|---|---|---|
--logger | string | info | Specify logger level. | debug /info /success /warning /error /fatal |
--cache-dir | string | ~/.kubescape | Cache directory | env $KS_CACHE_DIR |
Updated 3 months ago