Supported Scan Targets

A list of technologies that cnspec can scan

cnspec can make assertions against and scan a wide range of platforms, from cloud accounts and Kubernetes clusters to network devices, SaaS providers, and individual hosts. The table below lists every supported scan target with an example command. Each linked target name opens a guide with prerequisites, authentication details, and more examples.

New to cnspec? Start with the Quickstart to install cnspec and run your first scan. For a full breakdown of the cnspec scan command and its flags, read the cnspec scan CLI reference.

cnspec can make assertions against and scan the following targets:

TargetExample
Active Directory domainscnspec scan activedirectory --dc DC_HOST --user USER --password PASSWORD
AIX hostscnspec scan ssh user@HOST
Ansible playbookscnspec scan ansible YOUR_PLAYBOOK.yml
Arista EOS network devicescnspec scan arista USER@DEVICE_PUBLIC_IP --ask-pass
Atlassian organizationscnspec scan atlassian --host YOUR_HOST_URL --admin-token YOUR_TOKEN
AWS accountscnspec scan aws
AWS CloudFormation templatescnspec scan cloudformation cloudformation_file.json
AWS EC2 EBS snapshotcnspec scan aws ec2 ebs snapshot SNAPSHOTID
AWS EC2 EBS volumecnspec scan aws ec2 ebs volume VOLUMEID
AWS EC2 Instance Connectcnspec scan aws ec2 instance-connect ec2-user@INSTANCEID
AWS EC2 instances via SSMcnspec scan aws ec2 ssm INSTANCEID
Azure Bicep templatescnspec scan bicep main.bicep
Cisco Catalyst Centercnspec scan ciscocatalyst HOST --user ADMIN --ask-pass
Cisco IOS / NX-OS devicescnspec scan nd-ssh USER_NAME@DEVICE_IP --ask-pass
Cloudflarecnspec scan cloudflare --token TOKEN
Confluence userscnspec scan atlassian --host YOUR_HOST_URL --admin-token YOUR_TOKEN
Container imagescnspec scan container ubuntu:latest
Container registriescnspec scan container registry index.docker.io/library/rockylinux:8
Datadog accountscnspec scan datadog --api-key API_KEY --app-key APP_KEY
deps.dev Go module dependenciescnspec scan depsdev --path PATH/TO/go.mod
DigitalOcean accountscnspec scan digitalocean --token YOUR_API_TOKEN
DNS recordscnspec scan host mondoo.com
Dockerfilescnspec scan docker file FILENAME
Equinix Metal organizationscnspec scan equinix org ORG_ID --token YOUR_API_TOKEN
F5 BIG-IP devicescnspec scan bigip --hostname DEVICE_IP --username admin --ask-pass
Fortinet FortiOS devicescnspec scan fortios --hostname DEVICE_IP --token API_TOKEN
FreeBSD hostscnspec scan ssh user@HOST
GitHub organizationscnspec scan github org mondoohq
GitHub repositoriescnspec scan github repo mondoohq/cnspec
GitLab groupscnspec scan gitlab --group mondoohq
Google Cloud projectscnspec scan gcp
Google Workspacecnspec scan google-workspace --customer-id CUSTOMER_ID --impersonated-user-email EMAIL --credentials-path JSON_FILE
Grafana organizationscnspec scan grafana --token TOKEN --url https://myorg.grafana.net
Helm chartscnspec scan helm ./my-chart
Hetzner Cloud projectscnspec scan hetzner --token YOUR_API_TOKEN
IPMIcnspec scan ipmi USER@HOST --ask-pass
Jamf Procnspec scan jamf --client-id CLIENT_ID --client-secret CLIENT_SECRET --instance-domain https://yourdomain.jamfcloud.com
Jira projectscnspec scan atlassian --host YOUR_HOST_URL --admin-token YOUR_TOKEN
Juniper Junos OS devicescnspec scan junos --hostname DEVICE_IP --username admin --ask-pass
Kubernetes cluster nodescnspec scan ssh user@host
Kubernetes clusterscnspec scan k8s
Kubernetes manifestscnspec scan k8s manifest.yaml
Kubernetes workloadscnspec scan k8s --discover pods,deployments
Kustomize overlayscnspec scan kustomize ./overlays/production
Linux hostscnspec scan local orcnspec scan ssh user@host
macOS hostscnspec scan local orcnspec scan ssh user@IP_ADDRESS
MCP serverscnspec scan mcp http https://mcp.example.com/mcp
Microsoft 365 tenantscnspec scan ms365 --tenant-id TENANT_ID --client-id CLIENT_ID --certificate-path PFX_FILE
Microsoft Azure subscriptionscnspec scan azure --subscription SUBSCRIPTION_ID
Nutanix Prism Centralcnspec scan nutanix --endpoint pc.example.com --api-key API_KEY
Okta orgcnspec scan okta --token TOKEN --organization ORGANIZATION
OPC UA IoT devicescnspec scan opcua
OpenStack projectscnspec scan openstack --cloud my-cloud
Oracle Cloud Infrastructure (OCI)cnspec scan oci
Palo Alto Networks PAN-OS devicescnspec scan panos --hostname DEVICE_IP --username USERNAME --ask-pass
Proxmox VE clusterscnspec scan proxmox --host https://HOST:8006 --token 'PVEAPIToken=user@realm!tokenid=secret'
Running containerscnspec scan docker CONTAINER_ID
Shodan search enginecnspec scan shodan --token TOKEN
Slack teamcnspec scan slack --token TOKEN
Snowflakecnspec scan snowflake --account ACCOUNT-ID --region REGION --user YOUR-USER-ID --role YOUR-ROLE --ask-pass
SSL certificates on websitescnspec scan host mondoo.com
STACKIT projectscnspec scan stackit --project-id PROJECT_ID --service-account-key-path SA_KEY_FILE
Tailscalecnspec scan tailscale --token TOKEN
Terraform HCLcnspec scan terraform HCL_FILE_OR_PATH
Terraform plancnspec scan terraform plan plan.json
Terraform statecnspec scan terraform state state.json
Ubiquiti UniFi controllerscnspec scan unifi --hostname CONTROLLER_IP --username admin --ask-pass
Vagrant virtual machinescnspec scan vagrant HOST
vLLM serverscnspec scan vllm https://vllm.example.com --api-key API_KEY
VMware Cloud Directorcnspec scan vcd user@domain@host --ask-pass
VMware vSpherecnspec scan vsphere user@domain@host --ask-pass
Windows hostscnspec scan local,cnspec scan ssh Administrator@IP_ADDRESS --ask-pass orcnspec scan winrm Administrator@IP_ADDRESS --ask-pass
YARA file scanningcnspec shell then use yara.scan(path: "/path/to/file")

Migrate from Trivy

A practical guide for migrating from Aqua Trivy to cnspec, covering container scanning, IaC, Kubernetes, CI/CD, and custom policies.

About Providers

Learn about cnspec providers and special considerations for containers and air-gapped or limited access assets