Manage Policies with cnspec

Use cnspec commands to create, validate, and manage policies. You can use policies locally or store and share them using Mondoo Platform. To learn about policies and policy bundles, read About Policies.

Connect cnspec to Mondoo Platform

The easiest way to scale cnspec across your infrastructure is to have all assets pull policies from a central location. Mondoo Platform provides a secure, multi-tenant environment for managing policies and scan results across your infrastructure.

To connect cnspec to Mondoo Platform, run:

cnspec login

Once authenticated, you can scan any target and cnspec sends the results to both standard output and Mondoo Platform:

cnspec scan <target>

Create a policy bundle

To set up a new policy bundle:

cnspec policy init example.mql.yaml

To learn how to modify existing policies or write your own, read the Policy Authoring Guide. You can also find open source policy bundles in Community Policies.

Validate a policy bundle

Lint a policy bundle to ensure that it compiles and that all queries and references work:

cnspec policy lint example.mql.yaml

Upload policies to Mondoo Platform

With a Mondoo Platform account, you can upload policies to make them available across your infrastructure:

cnspec policy upload mypolicy.mql.yaml

Policy commands reference

To...	Use...
List enabled policies in the connected space	cnspec policy list
Enable a policy in the connected space	cnspec policy enable
Disable a policy in the connected space	cnspec policy disable
Show more information about a policy from the connected space	cnspec policy info
Download a policy to a local bundle file	cnspec policy download
Create an example policy bundle	cnspec policy init
Apply style formatting to one or more policy bundles	cnspec policy format
Lint a policy bundle	cnspec policy lint
Upload a policy to the connected space	cnspec policy upload
Delete a policy from the connected space	cnspec policy delete