Scan Your Supply Chain with cnspec
Scan containers, container images, registries, and infrastructure as code (Terraform, CloudFormation, Kubernetes manifests, Helm, and more) with cnspec.
cnspec secures your software supply chain by scanning the artifacts you build and the code that defines your infrastructure, before they reach production. Catch vulnerabilities and misconfigurations during development and in CI/CD, using the same security policies you run against your live environment.
New to cnspec? Read the Quickstart to install cnspec and run your first scan.
Containers and images
Docker containers
Scan running and stopped containers for CVEs and misconfigurations.
Docker images
Scan local and remote images before you run them.
Dockerfiles
Scan Dockerfiles for security issues as you write them.
Container registries
Scan images in Docker Hub, Amazon ECR, Azure ACR, and Google GCR.
Infrastructure as code
Scan the code that provisions your infrastructure. The same checks cnspec runs against your live cloud accounts run against the templates that create them.
Terraform
Scan Terraform configurations, plans, and state files.
AWS CloudFormation
Scan CloudFormation templates against AWS security controls.
Azure Bicep and ARM
Scan Bicep files and ARM templates.
Kubernetes manifests
Scan manifests during development and in CI/CD.
Helm charts
Scan Helm charts before you install them.
Kustomize overlays
Scan Kustomize overlays before you apply them.
Ansible playbooks
Scan Ansible playbooks for misconfigurations.
Build pipelines
HashiCorp Packer
Scan Packer builds so images are secure before they ship.
Vagrant
Scan Vagrant virtual machines for misconfigurations.
Go further with Mondoo Platform
To track supply chain findings over time and gate your CI/CD pipelines on security, register cnspec with Mondoo Platform.