CLI Commands
cnspec vuln
Scan a target asset for known vulnerabilities.
Scan an asset for known vulnerabilities (CVEs) and get a report of what needs patching. Unlike cnspec scan, which checks policy compliance, cnspec vuln focuses specifically on identifying vulnerable packages and software with known security issues. By default, cnspec scans the local system:
cnspec vuln localYou can also scan remote targets:
cnspec vuln ssh user@HOSTcnspec vuln [flags]
cnspec vuln [command]Options
--discover strings Enable the discovery of nested assets. Supports: all, auto, container, container-images
-h, --help help for vuln
--inventory-ansible Set the inventory format to Ansible
--inventory-domainlist Set the inventory format to domain list
--inventory-file string Set the path to the inventory file
-o, --output string Set the output format: compact, csv, full, json, json-v1, json-v2, junit, report, summary, yaml, yaml-v1, yaml-v2 (default "full")
--platform-id string Select a specific target asset by providing its platform ID
--record string Record all resource calls and use resources in the recording
--sudo Elevate privileges with sudo
--use-recording string Use a recording to inject resource data (read-only)Options inherited from parent commands
--api-proxy string Set the proxy for communications with Mondoo Platform API
--auto-update Enable automatic provider installation and update (default true)
--config string Set config file path (default $HOME/.config/mondoo/mondoo.yml)
--log-level string Set the log level: error, warn, info, debug, trace (default "info")
-v, --verbose Enable verbose outputSEE ALSO
- cnspec - cnspec CLI