Supply Chain

Assess Vagrant Box Security with cnspec

Scan Vagrant virtual machines for security misconfigurations and vulnerabilities using cnspec.

Validate Vagrant development environments against the same security policies you enforce in production. cnspec connects to Vagrant boxes over SSH, so you can catch misconfigurations and CVEs in local VMs before promoting images or configurations upstream.

Prerequisites

To scan Vagrant boxes with cnspec, you must have:

cnspec installed on your workstation
Vagrant installed
A running Vagrant virtual machine

Scan a Vagrant box

To scan a running Vagrant box, provide the Vagrant machine name (or ID):

cnspec scan vagrant HOST

For example, to scan the default machine in the current Vagrant project directory:

cnspec scan vagrant default

Explore interactively

To open an interactive cnspec shell connected to a Vagrant box:

cnspec shell vagrant default

Connection options

Option	Description
`HOST`	Vagrant machine name or ID
`--insecure`, `-k`	Skip TLS certificate verification

Learn more

To learn more about how the MQL query language works, read Write Effective MQL.

Kubernetes Manifests

Scan Kubernetes manifests for security misconfigurations during development and in CI/CD pipelines.

Elastic Container Registry (ECR)

Scan Amazon Elastic Container Registry images for security vulnerabilities and misconfigurations using cnspec.

On this page

Prerequisites Scan a Vagrant box Explore interactively Connection options Learn more