cnspec discover
Discover the assets defined by an inventory file's discovery targets and filters or by CLI parameters, without running any queries.
Use cnspec discover to find the assets defined by an inventory file's discovery targets and filters, or by CLI parameters. It prints a per-platform asset count to stdout without running any queries, so you can preview exactly what a scan would target before you run it. This is useful for validating discovery configuration and understanding the scope of a connection.
To also write every discovered asset to a file, pass --output-full PATH. Choose the file format with --output-format: json (default), jsonl, or yaml.
Discover the assets in an AWS account:
cnspec discover awsDiscover the assets defined by an inventory file:
cnspec discover --inventory-file inventory.ymlWrite every discovered asset to a file as YAML:
cnspec discover aws --output-full assets.yaml --output-format yamlOptions
--discover strings Enable the discovery of nested assets. Supports: all, auto, container, container-images
-h, --help help for discover
--inventory-file string Set the path to the inventory file
-f, --output-format string Format for --output-full: json (default), jsonl, or yaml. (default "json")
-o, --output-full string Write every discovered asset to this path. When empty, only the per-platform count summary is printed.
--record string Record all resource calls and use resources in the recording
--sudo Elevate privileges with sudo
--use-recording string Use a recording to inject resource data (read-only)Options inherited from parent commands
--api-proxy string Set the proxy for communications with Mondoo Platform API
--auto-update Enable automatic provider installation and update (default true)
--config string Set config file path (default $HOME/.config/mondoo/mondoo.yml)
--log-level string Set the log level: error, warn, info, debug, trace (default "info")
--logging-config string Path to a logging configuration file (YAML or JSON) that selects the log writer, level, and writer-specific options
-v, --verbose Enable verbose outputSEE ALSO
- cnspec - cnspec CLI