Skip to main content

What Is cnspec?

-> To install and get up and running quickly, read Get Started with cnspec.

cnspec is an open source, cloud-native tool that assesses the security of your entire infrastructure. It scans everything and tells you where there are gaps that hackers can use to breach your systems.

Attackers rely on misconfigurations and deprioritized vulnerabilities; all they need is one entry point to compromise your entire infrastructure. cnspec finds all the security issues that welcome ransomware, data theft, and other attacks.

Security policies written in high-level code are the basis for cnspec scans. Each policy is a collection of checks against the target system. For example, a policy's checks might include:

  • The system must use a secure SSL/TLS configuration.
  • Multi-factor authentication must be required.
  • User data must not include any secrets.

Each policy is based on standards set by the Center for Internet Security (CIS) and other industry best practices. It's easy to extend or modify a policy to fit your unique needs. To learn how to write your own policies, read the Mondoo Policy Authoring Guide.

You can export scan results in human-readable formats, or export them to machine-friendly formats like junit or JSON. This opens up endless possibilities for automation, to make security scanning a part of your development process or your production monitoring.

You can also automatically save and share reports using the free Mondoo Platform. Mondoo's web-based console allows you to explore your infrastructure data and identify issues.

To learn about more of Mondoo Platform's capabilities, visit

To learn how to sign up for a free Mondoo account and register cnspec, read Log into Mondoo Platform for More Capabilities.

Learn more