Mondoo
Docs
Cloud

Assess DigitalOcean with cnspec

Query and assess DigitalOcean accounts with cnspec

Rely on cnspec to query and assess your DigitalOcean account, including Droplets, firewalls, Kubernetes clusters, databases, load balancers, VPCs, Spaces keys, and more.

Prerequisites

To analyze your DigitalOcean environment with cnspec, you must have:

Configure access to DigitalOcean

To create a personal access token:

  1. Log in to the DigitalOcean control panel.
  2. In the left navigation, choose API.
  3. On the Tokens tab, generate a new personal access token. Read scopes are sufficient for assessment.

Connect to DigitalOcean

To launch an interactive shell against your DigitalOcean account:

cnspec shell digitalocean --token YOUR_API_TOKEN

You can also set the DIGITALOCEAN_TOKEN environment variable instead of passing the --token flag:

export DIGITALOCEAN_TOKEN=your_token_here
cnspec shell digitalocean

Scan DigitalOcean

To scan your DigitalOcean account:

cnspec scan digitalocean --token YOUR_API_TOKEN

You can also create your own policies to meet your specific requirements.

Example queries

Retrieve account information

cnspec> digitalocean.account { email emailVerified status dropletLimit }

List Droplets

cnspec> digitalocean.droplets { name status region size memory vcpus }

Find Droplets without backups enabled

cnspec> digitalocean.droplets.where(backupsEnabled == false) { name region }

List firewalls and their rules

cnspec> digitalocean.firewalls { name status inboundRules outboundRules dropletIds }

List Kubernetes clusters

cnspec> digitalocean.kubernetesClusters { name version region status autoUpgrade ha }

List managed databases

cnspec> digitalocean.databases { name engine version numNodes region }

List load balancers

cnspec> digitalocean.loadBalancers { name status algorithm region redirectHttpToHttps }

List VPCs

cnspec> digitalocean.vpcs { name region ipRange default }

List SSH keys

cnspec> digitalocean.sshKeys { name fingerprint }

Learn more

Scan Virtual Machines

Scan Azure virtual machines, snapshots, and disks with cnspec.

Equinix

Query and assess Equinix Metal infrastructure with cnspec

On this page

PrerequisitesConfigure access to DigitalOceanConnect to DigitalOceanScan DigitalOceanExample queriesRetrieve account informationList DropletsFind Droplets without backups enabledList firewalls and their rulesList Kubernetes clustersList managed databasesList load balancersList VPCsList SSH keysLearn more