https://github.com/dev-sec/cnspec-collection-baselines

DevSec Security Baselines provide battle tested hardening checks for Linux, SSH, nginx, MySQL in cnspec
https://github.com/dev-sec/cnspec-collection-baselines

hardening security

Last synced: 5 months ago
JSON representation

DevSec Security Baselines provide battle tested hardening checks for Linux, SSH, nginx, MySQL in cnspec

• Host: GitHub
• URL: https://github.com/dev-sec/cnspec-collection-baselines
• Owner: dev-sec
• License: apache-2.0
• Created: 2023-05-09T10:23:17.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-08-06T09:21:38.000Z (over 1 year ago)
• Last Synced: 2025-07-04T17:43:10.537Z (7 months ago)
• Topics: hardening, security
• Homepage:
• Size: 19.5 KB
• Stars: 4
• Watchers: 6
• Forks: 1
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# cnspec DevSec Baseline Collection

## Description

This repository provides the DevSec Baselines for [cnspec](github.com/mondoohq/cnspec) and includes the following DevSec Baselines:

| Baseline                       | Version | Status                    |

| ------------------------------ | ------- | ------------------------- |

| DevSec Linux Security Baseline | 2.9.0   | in progress, 99% complete |

## Installation

- Install [cnspec](https://github.com/mondoohq/cnspec#installation)

- minimum required `cnspec`-version is 8.8.0. 

## Using the DevSec Baselines

Scan local workstation or server:

```bash

cnspec scan local -f linux-baseline.mql.yaml

```

Scan a running docker container:

```bash

cnspec scan docker 537f7fca28b9 -f linux-baseline.mql.yaml

```

Scan a remote VM:

```bash

cnspec scan ssh user@hostip -f linux-baseline.mql.yaml

```

## Roadmap

| Baseline                         | Status  |

| -------------------------------- | ------- |

| DevSec SSH Baseline              | planned |

| DevSec Windows Security Baseline | planned |

| DevSec Nginx Baseline            | planned |

| DevSec SSL/TLS Baseline          | planned |

| DevSec MySQL Baseline            | planned |

| DevSec Apache Baseline           | planned |

## Release Notes

See the [release notes](https://github.com/dev-sec/cnspec-collection-baselines/releases).

## Kudos

We like to thank all maintainers of the InSpec baselines. This implementation of the DevSec Baselines for cnspec is based on the collective knowledge of the Apache 2 - Licensed DevSec Baselines for InSpec.

## Licensing

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.