Mondoo.com

cnquery
  • Docs
  • Community
  • cnspec
From the creators of InSpec

Your entire cloud at your fingertips

cnquery is an open source, cloud-native tool that answers every question about your infrastructure. It provides quick insights into every major technology platform used by developers, security engineers, and DevOps teams today.

Security header screenshot

cnquery gives you answers that would otherwise be difficult or impossible to uncover.

For example, aggregate all packages installed across containers, regardless of the OS. Find cloud instances exposed to the internet. Reveal old certificates across Kubernetes objects.

A single interface lets you query every part of your infrastructure.

Instead of studying the syntax for dozens of different APIs, get everything you need with cnquery.

Our graph database approach combines power and flexibility.

We started with GraphQL and stirred in our own powerful filters to get that unique cnquery flavor.

A ton of pre-written query packs get you started right out the gate.

Use pre-written query packs, or create and share with the community.


Object Object


Queries


Packs

Find issues before they become incidents

Find any listening port.

Understand which process opened it.

Quickly access related fields.

Dive deep into your inventory

Get better visibility into your assets to make smarter decisions.

Find ec2 instances configured with a public IP address:

aws.ec2.instances.where( publicIp != '' )

Find user accounts that shouldn't exist:

users { name uid gid home }

Find all container repositories used for images in a Kubernetes cluster::

k8s.pods { name containers.map( containerImage.repository.fullName ) }

Quickly collect information during incidents

When your stuff is on fire, you only need one command. Use query packs to collect information quickly.

Automatically collect relevant data for forensic analysis during an incident:

cnquery run ssh user@target --pack incident-response

One API for all your assets

Access structured data on your infrastructure and its workloads. Take the guesswork out of your endpoints.

List all packages across your fleet, regardless of OS:

packages

We also made cnspec, an open source, cloud-native security tool that scans everything.

Built for automation

Add automation around cnquery and use its data to trigger actions.

Use your Ansible inventory to provide cnquery a list of objects to scan:

ansible-inventory -i hosts.ini --list | cnquery scan --inventory-ansible

Works with everything

Amazon AWS

Instances

S3

Databases

Lambda

ECR

Kubernetes

Clusters

Cluster nodes

Manifest files

Workloads

Containers

Azure

Instances

Blog Storage

Databases

Container registries

DNS records

Operating Systems

Linux hosts

macOS hosts

Windows hosts

FreeBSD hosts

GitHub

Organizations

Teams

Users

Repositories

GitLab

Groups

Projects

Explore your infrastructure with cnquery

cnquery is an open source initiative of Mondoo, Inc.

We also made cnspec, an open source, cloud-native security tool that scans everything. For integrated, continuous cloud security scanning and much more, try Mondoo.

Learn more about cnspec

Mondoo

Mondoo Platform

cnquery

cnspec

Data Privacy Policy | About Mondoo

Ⓒ 2023, Mondoo, Inc.