Manage Policies
If you customize or build your own policies, you can store and share access to them using Mondoo Platform.
Scale cnspec across your infrastructure
The easiest way to scale cnspec across your infrastructure is to have all of your infrastructure pull policies from a central location. One simple approach is to sign up for a free account on Mondoo Platform. The platform is designed for multi-tenancy and provides a secure, private environment that keeps data about your assets in your own account. With Mondoo Platform, all assets can report on policies and you can define custom exceptions for your infrastructure.
To use cnspec with Mondoo Platform, run:
cnspec login
Once authenticated, you can scan any target:
cnspec scan <target>
cnspec returns the results from the scan to STDOUT and to Mondoo Platform.
Upload policies to your account
With an account on Mondoo Platform, you can upload policies:
cnspec policy upload mypolicy.mql.yaml
Create a policy bundle
To learn about policies and policy bundles, read Policies.
To set up a new policy bundle:
cnspec bundle init example.mql.yaml
Validate a policy bundle
Validate a policy bundle to ensure that the bundle compiles and that all queries and references work:
cnspec bundle validate example.mql.yaml
Commands for managing policies
To learn more about managing policies, read about these commands:
| To... | Use... |
|---|---|
| List enabled policies in the connected space | cnspec policy list |
| Enable a policy in the connected space | cnspec policy enable |
| Disable a policy in the connected space | cnspec policy disable |
| Show more information about a policy from the connected space | cnspec policy info |
| Download a policy to a local bundle file | cnspec policy download |
| Create an example policy bundle | cnspec policy init |
| Apply style formatting to one or more policy bundles | Apply style formatting to one or more policy bundles |
| Lint a policy bundle | (/cnspec/cli/cnspec_policy_lint/) |
| Upload a policy to the connected space | cnspec policy upload |
| Delete a policy from the connected space | cnspec policy delete |