cnquery

Security & Compliance intermediate

cnquery is Mondoo's open-source tool for querying the state of infrastructure—across operating systems, cloud, Kubernetes, and network devices—using the Mondoo Query Language (MQL) and exporting results as structured data.

Summary

cnquery is an open-source tool from Mondoo for asking questions about the current state of your infrastructure. Using the Mondoo Query Language (MQL), it discovers and queries resources across operating systems, cloud accounts, Kubernetes clusters, and network devices, and can export the results as structured JSON for further analysis.

What is cnquery?

cnquery acts as the discovery layer of the Mondoo toolchain. It covers a very broad set of resource types across four layers—OS, cloud, Kubernetes, and network—including network hardware from multiple vendors, which sets it apart from comparable inventory tools. Engineers use it for ad-hoc queries ("which hosts have this package?", "which buckets are public?") and to feed inventory data into downstream pipelines and data lakes.

It is the complement to cnspec: where cnquery answers open-ended questions and exports raw data, cnspec runs continuous pass/fail policy checks. One caveat to plan for is that the JSON output schema is not guaranteed stable across major versions, so downstream consumers should be version-aware.

Why is cnquery relevant?

  • Broad discovery: One tool inventories OS, cloud, Kubernetes, and network resources, including network hardware
  • Queryable infrastructure: MQL turns the live state of your estate into something you can ask precise questions about
  • Pipeline input: Structured JSON export feeds inventories, audits, and architecture-verification workflows
  • Pairs with cnspec: Discovery (cnquery) and continuous policy enforcement (cnspec) cover both halves of security posture

Similar Solutions

Mondoo

Project collaboration for security and compliance with Mondoo. From vulnerability scanning to continuous compliance, we help teams implement automated security assessment across their infrastructure.

Discover more

For Security & SOC Teams

Security teams don’t protect organizations because they issue reports. They protect organizations because vulnerabilities are managed continuously. We work with security and SOC teams to strengthen processes, proactively address risks, and align with compliance requirements. We focus on actionable practices, not theory.

Discover more

Related Terms

Mondoo

Mondoo is a cloud-native security posture management platform that continuously assesses infrastructure, workloads, and software supply chains against security policies.

Discover more

cnspec

cnspec is Mondoo's open-source security and policy-as-code scanner that continuously checks infrastructure, cloud, containers, and Kubernetes against compliance policies and security benchmarks in CI/CD.

Discover more

CVE (Common Vulnerabilities and Exposures)

CVE is a standardized system for identifying and naming publicly known cybersecurity vulnerabilities.

Discover more

SIEM (Security Information and Event Management)

A SIEM platform ingests security events from across an environment, correlates them, and alerts on patterns that indicate attacks, policy violations, or operational issues.

Discover more

We are here for you

You are interested in our courses or you simply have a question that needs answering? You can contact us at anytime! We will do our best to answer all your questions.

Contact us