About cnquery Providers

cnquery can query and inventory dozens of different platforms, from AWS accounts to Windows hosts. Providers are the components of cnquery that allow it to query specific platforms.

When you download and install cnquery, you don't download or install any providers. Instead, when you run a cnquery command, cnquery automatically downloads and installs the provider(s) you need. This approach saves you download time, memory, and disk space. Each time you use cnquery, it ensures that you have the latest version of the necessary provider(s).

To learn what providers are available and the resources each one exposes, read Manage cnquery Providers.

For example, suppose you download cnquery and install it on a Linux workstation. There are no providers installed on the workstation. When you run a local query, cnquery checks and finds that the provider it needs, the operating systems (os) provider isn't present. cnquery automatically downloads and installs the os provider and then runs the scan. The os provider remains on your workstation for the next time you use cnquery for your operating system.

Continuing the example, suppose you then run cnquery shell aws to run some queries against your AWS account settings. cnquery downloads and installs the aws provider and opens the shell. The aws provider remains on your workstation for the next time you use cnquery for AWS.

Most users don't need to think about providers. cnquery manages them for you. However, there are some situations where you might want to manage providers yourself:

• Containers
• Read-only mode or air-gapped environments

Provider considerations for containers

By default, when you spin up a container with cnquery installed and run any cnquery command, cnquery retrieves the latest version of the providers it needs. When the container is destroyed, the providers are destroyed. Therefore, the next time you spin up a container based on the same image, the download and installation repeat.

You can eliminate the unnecessary processing by:

• Installing the provider(s) on the image. To learn how, read Install, update, and remove providers.

• Disabling provider auto-update. To learn how, read Disable automatic provider updates.

Provider considerations for read-only and air-gapped environments

In some environments, cnquery can't automatically download providers:

• Read-only mode: Some security situations require that cnquery must not write to the machine on which it's installed. While cnquery operates in read-only mode, it can't download and install the providers it needs.

• Air-gapped environments: Without network access, cnquery can't download the providers needed to query or inventory the system.

In both cases, you must manually install the providers when you install cnquery. To learn how, read Install, update, and remove providers.

To prevent error messages from displaying when you run commands, disable provider auto-update. To learn how, read Disable automatic provider updates.