Install cnspec on macOS

Note: If you install cnspec on machines that can't download and install updates (because they're air-gapped or don't give cnspec write access), you must deploy cnspec providers. To learn more, read Manage cnspec Providers.

Quick start

To install cnspec using the automated install script:

bash -c "$(curl -sSL https://install.mondoo.com/sh)"

To register cnspec with Mondoo Platform during installation, set a registration token first:

export MONDOO_REGISTRATION_TOKEN="<your token from console.mondoo.com>"
bash -c "$(curl -sSL https://install.mondoo.com/sh)"

The automated installation script installs the mondoo package using either the Homebrew package manager or a .pkg installer if Homebrew is unavailable.

For manual installation using Homebrew or the standalone package, read on.

Install directly via Homebrew

Mondoo supports installation using the Homebrew package manager on macOS.

brew tap mondoohq/mondoo

brew install mondoo

brew upgrade mondoo

Install using the universal binary package

Mondoo releases a signed and notarized universal binary package (.pkg) for Intel & ARM (M1 and later) platforms available at releases.mondoo.com that installs cnspec on hosts.

Additionally, the package installs, but does not start or enable, a launchd configuration for running cnspec continuously as a service for endpoint security. This package is ideal for deployment by MDM solutions.

For more information on running Mondoo as a service on macOS, see Running Mondoo as a service.

To install the PKG non-interactively, use the installer utility in a Terminal:

sudo installer -pkg ./mondoo_(version)_darwin_universal.pkg -target /Library

Verify the installation

After installing, confirm that cnspec is available:

cnspec version

cnspec status

Learn more

• Register cnspec
• Run cnspec as a service
• Update cnspec
• Uninstall cnspec