Mondoo.com

cnquery
  • Docs
  • Community
  • cnspec
From the creators of InSpec

Your entire cloud at your fingertips

cnquery is an open source, cloud-native tool that answers every question about your infrastructure. It provides quick insights into every major technology platform used by developers, security engineers, and DevOps teams today.

Security header screenshot

cnquery gives you answers that would otherwise be difficult or impossible to uncover.

For example, aggregate all packages installed across containers, regardless of the OS. Find cloud instances exposed to the internet. Reveal old certificates across Kubernetes objects.

A single interface lets you query every part of your infrastructure.

Instead of studying the syntax for dozens of different APIs, get everything you need with cnquery.

Our graph database approach combines power and flexibility.

We started with GraphQL and stirred in our own powerful filters to get that unique cnquery flavor.

A ton of pre-written query packs get you started right out the gate.

Use pre-written query packs, or create and share with the community.

56

Resources

231

Queries

18

Query Packs

Find issues before they become incidents

Find any listening port.

Understand which process opened it.

Quickly access related fields.

Dive deep into your inventory

Get better visibility into your assets to make smarter decisions.

Find insecure storage buckets:

aws.ec2.instances.where( publicIp != '' )

Find user accounts that shouldn't exist:

users { name uid gid home }

Find all container repositories used for images in a Kubernetes cluster::

k8s.pods { name containers.map( containerImage.repository.fullName ) }

Quickly collect information during incidents

When your stuff is on fire, you only need one command. Use query packs to collect information quickly.

Automatically collect relevant data for forensic analysis during an incident:

cnquery run ssh user@target --pack incident-response

One API for all your assets

Access structured data on your infrastructure and its workloads. Take the guesswork out of your endpoints.

List all packages across your fleet, regardless of OS:

packages

We also made cnspec, an open source, cloud-native security tool that scans everything.

Built for automation

Add automation around cnquery and use its data to trigger actions.

Use your Ansible inventory to provide cnquery a list of objects to scan:

ansible-inventory -i hosts.ini --list | cnquery scan --inventory-ansible

Works with everything

Amazon AWS

Instances

Databases

S3

Lambda

Kubernetes

Kubernetes clusters

Kubernetes cluster nodes

Kubernetes manifests

Kubernetes workloads

Azure

Azure accounts

Subscriptions

Container images

Container registries

DNS records

Operating Systems

Linux hosts

macOS hosts

Windows hosts

GitHub

GitHub Organizations

GitHub Repositories

GitLab

GitLab Groups

GitLab Projects

Explore your infrastructure with cnquery

cnquery is an open source initiative of Mondoo, Inc.

We also made cnspec, an open source, cloud-native security tool that scans everything. For integrated, continuous cloud security scanning and much more, try Mondoo.

Learn more about cnspec

Mondoo

Mondoo Platform

cnquery

cnspec

Data Privacy Policy | About Mondoo

Ⓒ 2022, Mondoo, Inc.