Skip to main content

Get Started with cnquery

Welcome to cnquery, an open source project created by Mondoo!

Download and install cnquery​

Install cnquery with our installation script:

Linux and macOS

bash -c "$(curl -sSL"

Read the script before you run it:


Set-ExecutionPolicy Unrestricted -Scope Process -Force;
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072;
iex ((New-Object System.Net.WebClient).DownloadString(''));
Install-Mondoo -Product cnquery;

Read the script before you run it:

Manual Installation

Manual installation packages are available on GitHub releases.

About cnquery

cnquery is Mondoo's open source, cloud-native tool that answers every question about your infrastructure. It integrates with over 300 resources to provide quick insight into your operations and development platforms.

Use cnquery to learn about your systems and reveal information that would otherwise be difficult or impossible to uncover. For example:

  • Aggregate all packages installed across containers, regardless of the OS.
  • Find cloud instances exposed to the internet.
  • Reveal old certificates on Kubernetes clusters.

Now consider what's possible when you write automation around cnquery. It's an incredibly broad and versatile tool for solving DevOps challenges.

Our query language is MQL, which combines a graph database approach and powerful filters. Simply describe what you want, and get only the results you need—fast! To explore MQL's capabilities, browse the MQL docs.

Run queries in the cnquery shell​

The easiest way to discover cnquery's capabilities is to use the interactive shell, which has auto-complete to guide you:

cnquery shell

Once inside the shell, you can enter MQL queries. For example, this query returns the name of the current machine and the platform it's running:

asset { name title }

Get help in the cnquery shell​

To see what information cnquery can retrieve, use the help command. These are some examples of how the help can guide you:

This command...Describes the queryable resources for...
helpAll of cnquery
help k8sKubernetes
help k8s.rbacRole-based access control in Kubernetes
help azureAzure
help azurermAzure Resource Manager
help terraformTerraform

Exit the cnquery shell​

To exit cnquery shell, either press Ctrl + D or type exit.

Run queries in your own shell​

To run standalone queries in your shell, use the cnquery run command:

cnquery run TARGET -c "QUERY"
TARGETThe asset to query, such as local or a transport to a remote machine.
QUERYThe MQL query that specifies the information you want.

For example, this command runs a query against your local system. It lists the services installed and whether each service is running:

cnquery run local -c "services.list { name running }"

For a list of supported targets, use the help command:

cnquery help run

Learn more​