Supply Chain

Secure Vagrant Boxes with cnspec

Scan Vagrant virtual machines for security misconfigurations and vulnerabilities with cnspec.

Validate Vagrant development environments against the same security policies you enforce in production. cnspec connects to Vagrant boxes over SSH and applies the OS security policy that matches the guest platform (typically Linux), so you can catch misconfigurations and CVEs in local VMs before promoting images or configurations upstream.

This page is part of scanning your supply chain with cnspec. If you're new to cnspec, start with the Quickstart to install cnspec and run your first scan.

Prerequisites

To scan Vagrant boxes with cnspec, you must have:

Scan a Vagrant box

To scan a running Vagrant box, provide the Vagrant machine name (or ID):

cnspec scan vagrant HOST

For example, to scan the default machine in the current Vagrant project directory:

cnspec scan vagrant default

Explore interactively

To open an interactive cnspec shell connected to a Vagrant box:

cnspec shell vagrant default

Connection options

OptionDescription
HOSTVagrant machine name or ID
--insecure, -kSkip TLS certificate verification

Learn more

  • To control the output format or send results to a file or CI system, read Report Results.

  • To learn more about how the MQL query language works, read Write Effective MQL.

Packer

Build secure machine images by scanning Packer builds with cnspec.

Overview

Scan SaaS platforms like GitHub, Microsoft 365, Google Workspace, Okta, Slack, and Snowflake for security and compliance misconfigurations with cnspec.

On this page

PrerequisitesScan a Vagrant boxExplore interactivelyConnection optionsLearn more