Skip to main content

cnspec vuln azure

Connect to a Microsoft Azure subscription or virtual machines.


Connect to a Microsoft Azure subscriptions or virtual machines. cnspec uses your local Azure configuration for the account scan. To scan your Azure compute, you must configure your Azure credentials and have SSH access to your virtual machines.

cnspec vuln azure [flags]


      --annotation stringToString        Add an annotation to the asset. (default [])
--ask-pass Ask for connection password.
--certificate-path string Path (in PKCS #12/PFX or PEM format) to the authentication certificate.
--certificate-secret string Passphrase for the authentication certificate file.
--client-id string Application (client) ID of the service principal.
--client-secret string Secret for application.
--detect-cicd Try to detect CI/CD environments. If successful, sets the asset category to 'cicd'. (default true)
--discover string Enable the discovery of nested assets. Supported: 'all|instances|host-instances|host-machines|container|container-images|pods|cronjobs|statefulsets|deployments|jobs|replicasets|daemonsets' (default "auto")
--discover-filter stringToString Additional filter for asset discovery. (default [])
-h, --help help for azure
--id-detector string User override for platform ID detection mechanism. Supported: hostname, machine-id, aws-ec2, cloud-detect, ssh-host-key, transport-platform-id
-i, --identity-file string Select a file from which too read the identity (private key) for public key authentication.
--incognito Incognito mode. Do not report scan results to Mondoo Platform.
--insecure Disable TLS/SSL checks or SSH hostkey config.
--inventory-ansible Set inventory format to Ansible.
--inventory-domainlist Set inventory format to domain list.
--inventory-file string Path to inventory file.
-j, --json Set output to JSON (shorthand).
--no-pager Disable interactive scan output pagination.
--option --option key=value Additional connection options. You can pass multiple options using --option key=value (default [])
-o, --output string Set output format: compact, csv, full, json, junit, report, summary, yaml (default "compact")
--pager string Enable scan output pagination with custom pagination command. The default is 'less -R'.
-p, --password string Password, such as for SSH/WinRM.
--path string Path to a local file or directory for the connection to use
--policy --policy POLICY List policies to execute. This requires incognito mode. To scan multiple policies, pass --policy POLICY
-f, --policy-bundle strings Path to local policy bundle file.
--score-threshold int If any score falls below the threshold, exit 1.
--subscription string ID of the Azure subscription to scan.
--subscriptions string Comma-separated list of Azure subscriptions to include.
--subscriptions-exclude string Comma-separated list of Azure subscriptions to exclude.
--sudo Elevate privileges with sudo.
--tenant-id string Directory (tenant) ID of the service principal.

Options inherited from parent commands

      --api-proxy string   Set proxy for communications with Mondoo API
--config string Set config file path (default $HOME/.config/mondoo/mondoo.yml)
--log-level string Set log level: error, warn, info, debug, trace (default "info")
-v, --verbose Enable verbose output