Skip to main content

Annotate (Tag) Assets

Use Mondoo annotations to add metadata to an asset. Annotations are key-value pairs that let you tag or categorize your assets. Add whatever metadata you need. Some examples are:

Example keyExample value
ownercosmo@lunalectric.com
buildterraform
asset-tagluna000262
team01research

You can reuse key-value pairs or you can reuse only the key and give each asset a unique value.

For example, suppose you want to create annotations that match the physical asset tags on your company's workstations. You'd give every workstation in your inventory an asset-tag key, but give each workstation a unique value to match the unique physical tags.

As another example, you might assign the key build and the value terraform to every asset in your inventory that is built using Terraform.

Annotations display in the Mondoo Console when you view an asset. When you export data from Mondoo, annotations are included. You can search for assets based on their annotations. To learn how, read Search Your Inventory

Add annotations

There are multiple ways to annotate an asset:

  • The Mondoo Console

  • The cnspec scan command

  • The asset's local Mondoo configuration file

  • A cnspec inventory file

  • A cnspec inventory template

note

Only team members with Editor or Owner access can perform this task.

Annotate an asset in the Mondoo Console

  1. In the Mondoo Console, navigate to the asset you want to annotate.

  2. In the bottom-right corner of the asset page, locate MONDOO ANNOTATIONS.

    Find MONDOO ANNOTATIONS on the Mondoo asset page

  3. Select the + icon.

    Add and annotation to a Mondoo asset

  4. Enter a key and a value, then select the ✔️ icon to add the annotation.

    Annotation on a Mondoo asset

Annotate an asset using the cnspec scan command

You can add an annotation to an asset when you scan it using cnspec, the Mondoo CLI. To do so, include the --annotation flag in the cnspec scan command and provide the key and value:

cnspec scan TARGET --annotation KEY=VALUE

For example:

cnspec scan local --annotation asset-tag=luna0003644

To learn more about cnspec, read the cnspec documentation. To learn about the cnspec scan command, read cnspec scan.

Annotate an asset using the local Mondoo configuration file

You can add an annotation to an asset's local configuration file.

On a Linux or macOS host, the configuration is stored in one of these locations:

  • /etc/opt/mondoo/mondoo.yml configures Mondoo for all user accounts.

  • ~/.config/mondoo/mondoo.yml configures Mondoo for a single user.

On a Windows host, configuration is stored in one of these locations:

  • C:\ProgramData\mondoo\mondoo.yml configures Mondoo for all users.

  • C:\Users\{username}\.config\mondoo\mondoo.yml configures Mondoo for a single user.

Include these lines to annotate an asset:

annotations:
   KEY1:VALUE1
   KEY2:VALUE2
   ...

For example, this annotation identifies an asset that belongs to the research team:

annotations:
   team:research

Annotate an asset using a cnspec inventory file

You can use a cnspec inventory file to define a list of target assets to scan. When you do so, you can add annotations to the target assets.

Include these lines in the cnspec inventory file to annotate an asset:

annotations:
   KEY1:VALUE1
   KEY2:VALUE2
   ...

For example, this annotation identifies an asset in the Mars Rover project:

annotations:
   project:mars-rover

Programmatically annotate assets using a cnspec inventory template

cnspec inventory templates let you re-use cnspec inventory files with custom variables. This is especially helpful in CI/CD pipelines.

This example inventory template uses variables to define both the asset name and a value for the project annotation:

spec:
  assets:
    - name: {{ getenv "ASSET_NAME" }}
      connections:
        - type: local
          discover:
            targets:
              - auto
      annotations:
        project: {{ getenv "PROJECT" }}

To execute cnspec scan using the inventory template and define the Mondoo asset name and project annotation key value, run:

ASSET_NAME="my_asset" PROJECT="mars-rover" cnquery scan --inventory-template template.yaml

Change or remove an annotation

note

Only team members with Editor or Owner access can perform this task.

  1. In the Mondoo Console, navigate to the asset containing the annotation you want to change or remove.

  2. In the bottom-right corner of the asset page, locate MONDOO ANNOTATIONS.

    Annotation on a Mondoo asset

  3. Select the pencil icon.

    Add and annotation to a Mondoo asset

  4. Change the key and/or the value, then select the ✔️ icon to save the changes.

    Annotation on a Mondoo asset

    To remove the annotation, select the trash can icon.