Home

Awesome

cnspec-policies

This project contains security and operational best-practice policies (as code) for use with cnspec.

We've organized them into these directories:

The latest version of the policies in this repository requires cnspec v8+

Run policies

cnspec scan {TARGET} -f core/{POLICY_NAME}.mql.yaml

Examples:

# Linux
cnspec scan local -f core/mondoo-linux-security.mql.yaml

# macOS
cnspec scan local -f core/mondoo-macos-security.mql.yaml

# Windows
cnspec scan local -f core/mondoo-windows-security.mql.yaml

With the Open Security Registry

cnspec scan {TARGET} --policy mondoohq/{POLICY_UID}

Examples:

# Linux
cnspec scan local --policy mondoohq/mondoo-linux-security

# macOS
cnspec scan local --policy mondoohq/mondoo-macos-security

# Windows
cnspec scan local --policy mondoohq/mondoo-windows-security

Join the community!

Join the Mondoo Community GitHub Discussions to collaborate on policy as code and security automation.

Additional policies

Additional certified security and compliance policies can be found in the Policy Hub on Mondoo Platform. Sign up for a free account to view the list of policies available.

License

Business Source License 1.1