Skip to main content

Chef Infra and Mondoo

This page covers how to use Chef Infra to install cnspec on hosts to run policies as code.

note

If you deploy cnspec to machines that can't download and install updates (because they're air-gapped or don't give cnspec write access), you must deploy cnspec providers. To learn more, read Manage cnspec Providers.

Installing using Chef Infra

We publish an official mondoo cookbook on Chef Supermarket. You can use the cookbook in your own wrapper cookbooks or Chef Infra roles

To apply the cookbook, set the Mondoo Registration Token via:

Command Line
default['cnspec']['registration_token'] = "changeme"

Example: Apply a cookbook to an Amazon EC2 instance

  1. Spin up a new Linux instance on AWS
  2. Create the run wrapper cookbook as documented in our example
  3. Run chef-run ssh://user@host ./run
  4. All instances reported their vulnerability status