Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mondoohq/cnspec-policies

This repository contains security policies for cnspec maintained by Mondoo and the cnspec community.
https://github.com/mondoohq/cnspec-policies

aws azure gcp kubernetes linux policy security windows

Last synced: 1 day ago
JSON representation

This repository contains security policies for cnspec maintained by Mondoo and the cnspec community.

Host: GitHub
URL: https://github.com/mondoohq/cnspec-policies
Owner: mondoohq
License: other
Created: 2022-09-13T10:11:31.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2024-04-20T08:33:59.000Z (7 months ago)
Last Synced: 2024-04-21T01:00:25.527Z (7 months ago)
Topics: aws, azure, gcp, kubernetes, linux, policy, security, windows
Language: HCL
Homepage:
Size: 1.69 MB
Stars: 40
Watchers: 8
Forks: 13
Open Issues: 21
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# cnspec-policies

This project contains security and operational best-practice policies (as code) for use with [cnspec](https://github.com/mondoohq/cnspec).

We've organized them into these directories:

- [core](core) - Core policies contain baseline security and operational best-practice checks for various scan targets. Core policies are maintained by Mondoo and have strict quality requirements.
- [extra](extra) - Extra policies are a mix of community- and Mondoo-maintained policy bundles that are outside Mondoo's core support tier.
- [community](community) - Community policies are primarily maintained by the community with the support of the Mondoo team. Community policies may move to extra or core over time.

> The latest version of the policies in this repository requires cnspec v8+

## Run policies

```bash
cnspec scan {TARGET} -f core/{POLICY_NAME}.mql.yaml
```

Examples:

```bash
# Linux
cnspec scan local -f core/mondoo-linux-security.mql.yaml

# macOS
cnspec scan local -f core/mondoo-macos-security.mql.yaml

# Windows
cnspec scan local -f core/mondoo-windows-security.mql.yaml
```

With the Open Security Registry

```bash
cnspec scan {TARGET} --policy mondoohq/{POLICY_UID}
```

Examples:

```bash
# Linux
cnspec scan local --policy mondoohq/mondoo-linux-security

# macOS
cnspec scan local --policy mondoohq/mondoo-macos-security

# Windows
cnspec scan local --policy mondoohq/mondoo-windows-security
```

## Join the community!

Join the [Mondoo Community GitHub Discussions](https://github.com/orgs/mondoohq/discussions) to collaborate on policy as code and security automation.

## Additional policies

Additional certified security and compliance policies can be found in the Policy Hub on Mondoo Platform. [Sign up for a free account](https://mondoo.com/pricing) to view the list of policies available.

## License

[Business Source License 1.1](LICENSE)