What Is cnspec?

cnspec is an open source, cloud-native tool that assesses the security of your entire infrastructure. Built upon Mondoo's advanced security data fabric, it scans everything and identifies gaps that attackers can use to breach your systems.

Attackers rely on misconfigurations and deprioritized vulnerabilities; all they need is one entry point to compromise your entire infrastructure. cnspec finds the security issues that enable ransomware, data theft, and other attacks.

Security policies written in high-level code are the basis for cnspec scans. Each policy is a collection of checks against the target system. For example, a policy's checks might include:

• The system must use a secure SSL/TLS configuration.
• Multi-factor authentication must be required.
• User data must not include any secrets.

Each policy is based on standards set by the Center for Internet Security (CIS) and other industry best practices. It's easy to extend or modify a policy to fit your unique needs. To learn how to write your own policies, read the Mondoo Policy Authoring Guide.

You can export scan results in human-readable formats, or in machine-friendly formats like JUnit or JSON. This makes it easy to integrate security scanning into your development process or production monitoring.

You can also automatically save and share reports using Mondoo Platform. Mondoo's web-based console lets you explore your infrastructure data and identify issues.

To learn about more of Mondoo Platform's capabilities, visit mondoo.com.

To get started, contact Mondoo.

Learn more

• To learn what technologies cnspec integrates with, read Supported Scan Targets.