diff --git a/docs/cnspec/cli/cnspec_scan.md b/docs/cnspec/cli/cnspec_scan.md index 7724c2b72..bd58c7fd9 100644 --- a/docs/cnspec/cli/cnspec_scan.md +++ b/docs/cnspec/cli/cnspec_scan.md @@ -3,64 +3,184 @@ id: cnspec_scan title: cnspec scan --- -Scan assets with one or more policies. +Run a security scan on an asset based on one or more Mondoo policies. + +To learn more, read [Get Started with cnspec](/cnspec/). ### Synopsis -This command triggers a new policy scan for an asset. By default, cnspec scans the local -system with its pre-configured policies: +This command triggers a new policy-based scan on an asset. By default, cnspec scans the local system with the default [policies](/cnspec/cnspec-policies/) built specifically for the platform. If you [register cnspec with Mondoo](/cnspec/cnspec-adv-install/registration/), this command scans using the applicable [enabled policies](/platform/security/posture/policies/). + +```bash +cnspec scan local +``` + +You can also specify a local policy and run it without storing results in Mondoo Platform: + +```bash +cnspec scan local --policy-bundle POLICYFILE.yaml --incognito +``` + +In addition, cnspec can scan assets remotely using SSH. By default, cnspec uses the operating system's SSH agent and SSH config to retrieve the credentials: + +```bash +cnspec scan ssh ec2-user@52.51.185.215 +``` + +```bash +cnspec scan ssh ec2-user@52.51.185.215:2222 +``` + +### Examples: cloud + +#### Scan AWS + +```bash +cnspec scan aws --region us-east-1 +``` + +To learn more, read [Assess AWS Security with cnspec](/cnspec/cnspec-aws/). - $ cnspec scan local +#### Scan Azure -You can also manually select a local policy to execute and run it without -storing results in the server: +```bash +cnspec scan azure --subscription SUBSCRIPTION_ID --group GROUP_NAME +``` + +To learn more, read [Assess Azure Security with cnspec](/cnspec/cnspec-azure/). + +#### Scan Google Cloud (GCP) + +```bash +cnspec scan gcp project PROJECT_ID +``` + +To learn more, read [Assess Google Cloud Security with cnspec](/cnspec/cnspec-gcp/). - $ cnspec scan local --policy-bundle policyfile.yaml --incognito +#### Scan Kubernetes + +```bash +cnspec scan k8s +``` -In addition, cnspec can scan assets remotely via SSH. By default, cnspec uses the operating system -SSH agent and SSH config to retrieve the credentials: +```bash +cnspec scan k8s MANIFEST_FILE +``` - $ cnspec scan ssh ec2-user@52.51.185.215 - $ cnspec scan ssh ec2-user@52.51.185.215:2222 +To learn more, read [Assess Kubernetes Security with cnspec](/cnspec/cnspec-k8s/). -cnspec supports scanning AWS, Azure, and GCP accounts and instances. -Find out more in each sub-commands help menu. Here are a few examples: +#### Scan Oracle Cloud Infrastructure (OCI) - $ cnspec scan aws --region us-east-1 - $ cnspec scan azure --subscription ID --group NAME - $ cnspec scan gcp project ID +```bash +cnspec scan oci +``` -You can also access Docker containers and images. cnspec supports local containers -and images as well as images in Docker registries: +To learn more, read [Assess Oracle Cloud Infrastructure (OCI) Security with cnspec](/cnspec/cnspec-oci/). - $ cnspec scan docker container b62b276baab6 - $ cnspec scan docker image ubuntu:latest +### Examples: SaaS -Additionally, you can quickly scan a container registry: +#### Scan GitHub - $ cnspec scan container registry harbor.lunalectric.com - $ cnspec scan container registry 123456789.dkr.ecr.us-east-1.amazonaws.com/repository +```bash +export GITHUB_TOKEN=YOUR_PERSONAL_ACCESS_TOKEN +cnspec scan github repo ORG/REPO +``` -cnspec also supports GCP's container registry, GCR: +To learn more, read [Assess GitHub Security with cnspec](/cnspec/saas/github/). - $ cnspec scan gcp gcr PROJECT_ID +#### Scan GitLab -Vagrant is supported as well: +```bash +cnspec scan gitlab --group YOUR_GROUP_NAME --token YOUR_TOKEN +``` - $ cnspec scan vagrant HOST +#### Scan Google Workspace -You can also use an inventory file: +```bash +export GOOGLEWORKSPACE_CLOUD_KEYFILE_JSON=/home/user/my-project-6646123456789.json +cnspec scan google-workspace --customer-id 5amp13iD --impersonated-user-email admin@domain.com +``` - $ cnspec scan --inventory-file inventory.yml +To learn more, read [Assess Google Workspace Security with cnspec](/cnspec/saas/google_workspace/). -This scan uses an existing Ansible inventory: +#### Scan Jira - $ ansible-inventory -i hosts.ini --list | cnspec scan --inventory-ansible +```bash +cnspec scan atlassian jira --host HOST_URL --user USER@DOMAIN --user-token YOUR_TOKEN +``` -To learn more, read the [cnspec docs](/cnspec/home/). +#### Scan Microsoft 365 (MS 365) +```bash +cnspec scan ms365 --certificate-path certificate.combo.pem --tenant-id YOUR_TENANT_ID --client-id YOUR_CLIENT_ID ``` -cnspec scan [flags] + +To learn more, read [Assess Microsoft 365 Security with cnspec](/cnspec/saas/ms365/). + +#### Scan Okta + +```bash +cnspec scan okta --organization your_org.okta.com --token API_TOKEN +``` + +To learn more, read [Assess Okta Security with cnspec](/cnspec/saas/okta/). + +#### Scan Slack + +```bash +cnspec scan slack --token API_TOKEN +``` + +To learn more, read [Assess Slack Security with cnspec](/cnspec/saas/slack/). + +### Examples: supply chain and containers + +cnspec supports local containers and images as well as images in Docker registries. + +#### Scan Docker + +```bash +cnspec scan docker container b62b276baab6 +``` + +```bash +cnspec scan docker image ubuntu:latest +``` + +#### Scan Harbor + +```bash +cnspec scan container registry harbor.lunalectric.com +``` + +#### Scan ECR + +```bash +cnspec scan container registry 123456789.dkr.ecr.us-east-1.amazonaws.com/repository +``` + +#### Scan GCR + +```bash +cnspec scan gcp gcr PROJECT_ID +``` + +#### Scan Vagrant + +```bash +cnspec scan vagrant HOST +``` + +#### Scan an inventory file + +```bash +cnspec scan --inventory-file inventory.yml +``` + +#### Scan Ansible + +```bash +ansible-inventory -i hosts.ini --list | cnspec scan --inventory-ansible ``` ### Options diff --git a/docs/cnspec/cli/cnspec_shell.md b/docs/cnspec/cli/cnspec_shell.md index d45e78182..3dd733ecf 100644 --- a/docs/cnspec/cli/cnspec_shell.md +++ b/docs/cnspec/cli/cnspec_shell.md @@ -3,16 +3,104 @@ id: cnspec_shell title: cnspec shell --- -Interactive query shell for MQL. +Run an interactive shell to make easy queries and assertions. + +To learn more, read [Get Started with cnspec](/cnspec/). ### Synopsis -Run an interactive shell in which you can explore MQL queries. +Open an interactive shell in which you can explore [MQL](/mql/home/) queries and assertions. Auto-complete and help make it easy. ``` cnspec shell [flags] ``` +### Examples: cloud + +#### Query AWS + +```bash +cnspec shell aws +``` + +To learn more, read [Assess AWS Security with cnspec](/cnspec/cnspec-aws/). + +#### Query Azure + +```bash +cnspec shell azure --subscription SUBSCRIPTION_ID --group GROUP_NAME +``` + +To learn more, read [Assess Azure Security with cnspec](/cnspec/cnspec-azure/). + +#### Query Google Cloud (GCP) + +```bash +cnspec shell gcp project PROJECT_ID +``` + +To learn more, read [Assess Google Cloud Security with cnspec](/cnspec/cnspec-gcp/). + +#### Query Kubernetes + +```bash +cnspec shell k8s +``` + +To learn more, read [Assess Kubernetes Security with cnspec](/cnspec/cnspec-k8s/). + +#### Query Oracle Cloud Infrastructure (OCI) + +```bash +cnspec shell oci +``` + +To learn more, read [Assess Oracle Cloud Infrastructure (OCI) Security with cnspec](/cnspec/cnspec-oci/). + +### Examples: SaaS + +#### Query GitHub + +```bash +export GITHUB_TOKEN=YOUR_PERSONAL_ACCESS_TOKEN +cnspec shell github repo ORG/REPO +``` + +To learn more, read [Assess GitHub Security with cnspec](/cnspec/saas/github/). + +#### Query Google Workspace + +```bash +export GOOGLEWORKSPACE_CLOUD_KEYFILE_JSON=/home/user/my-project-6646123456789.json +cnspec shell google-workspace --customer-id 5amp13iD --impersonated-user-email admin@domain.com +``` + +To learn more, read [Assess Google Workspace Security with cnspec](/cnspec/saas/google_workspace/). + +#### Query Microsoft 365 (MS 365) + +```bash +cnspec shell ms365 --certificate-path certificate.combo.pem --tenant-id YOUR_TENANT_ID --client-id YOUR_CLIENT_ID +``` + +To learn more, read [Assess Microsoft 365 Security with cnspec](/cnspec/saas/ms365/). + +#### Query Okta + +```bash +cnspec shell okta --organization your_org.okta.com --token API_TOKEN +``` + +To learn more, read [Assess Okta Security with cnspec](/cnspec/saas/okta/). + +#### Query Slack + +```bash +cnspec shell slack --token API_TOKEN +``` + +To learn more, read [Assess Slack Security with cnspec](/cnspec/saas/slack/). + ### Options ``` diff --git a/docs/mql/home.md b/docs/mql/home.md index fbefb83c0..84b85a41c 100644 --- a/docs/mql/home.md +++ b/docs/mql/home.md @@ -1,5 +1,5 @@ --- -title: "MQL Docs" +title: MQL Docs sidebar_label: MQL Docs Home displayed_sidebar: MQL sidebar_position: 1