Skip to content

Commit

Permalink
🧹 update readme (#360)
Browse files Browse the repository at this point in the history
  • Loading branch information
@chris-rock
chris-rock authored Feb 9, 2025
1 parent 6b4fca4 commit 3178a2b
Show file tree
Hide file tree
Showing 7 changed files with 31 additions and 46 deletions.
6 changes: 2 additions & 4 deletions .web-docs/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,8 @@ $ packer plugins install github.com/mondoohq/cnspec
#### Provisioners

- [cnspec](/packer/integrations/mondoohq/cnspec/latest/components/provisioner/cnspec) - Packer plugin [cnspec](https://github.com/mondoohq/cnspec) by [Mondoo](https://mondoo.com) scans
Linux and Windows machine images for vulnerabilities and security misconfigurations. The plugin retrieves CVE data from Mondoo, which is updated daily with the latest CVEs and advisories. Additionally, cnspec runs security scans using [cnspec-policies](https://github.com/mondoohq/cnspec-policies) to uncover common misconfigurations that open your hosts to the risk of attack.
- [mondoo](/packer/integrations/mondoohq/cnspec/latest/components/provisioner/mondoo) - The `mondoo` provisioner scans [Packer](https://www.packer.io) builds for vulnerabilities and misconfigurations by executing security
policies-as-code enabled in [Mondoo Platform](https://console.mondoo.com). Mondoo Platform comes stocked with an ever-increasing collection of
certified security policies which can be easily customize to meet your needs.
Linux and Windows machine images for vulnerabilities and security misconfigurations. The plugin retrieves CVE data from Mondoo, which is updated daily with the latest CVEs and advisories. Additionally, cnspec runs policy-as-code security scans using [cnspec-policies](https://github.com/mondoohq/cnspec-policies) to uncover common misconfigurations that open your hosts to the risk of attack.
- [mondoo](/packer/integrations/mondoohq/cnspec/latest/components/provisioner/mondoo) - Deprecated. Use the `cnspec` provisioner instead.

### Tutorials

Expand Down
11 changes: 11 additions & 0 deletions .web-docs/components/provisioner/cnspec/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ Type: `cnspec`
Packer plugin [cnspec](https://github.com/mondoohq/cnspec) by [Mondoo](https://mondoo.com) scans Linux and Windows machine images for vulnerabilities and security misconfigurations. The plugin retrieves CVE data from Mondoo, which is updated daily with the latest CVEs and advisories. Additionally, cnspec runs security scans using [cnspec-policies](https://github.com/mondoohq/cnspec-policies) to uncover common misconfigurations that open your hosts to the risk of attack.

## Basic Example

```hcl
provisioner "cnspec" {
on_failure = "continue"
Expand All @@ -13,6 +14,16 @@ provisioner "cnspec" {
}
```

The following configuration shows how to set the output format to JUnit and the output target to `test-results.xml`:

```hcl
provisioner "cnspec" {
on_failure = "continue"
output = "junit"
output_target = "test-results.xml"
}
```

## Configuration Reference

Optional Parameters:
Expand Down
2 changes: 1 addition & 1 deletion .web-docs/components/provisioner/mondoo/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Type: `mondoo`
> This plugin has been deprecated. Migrate to [Packer plugin cnspec by Mondoo](https://developer.hashicorp.com/packer/plugins/provisioner/mondoo/cnspec) for even easier security scanning of your Packer builds.
The `mondoo` provisioner scans [Packer](https://www.packer.io) builds for vulnerabilities and misconfigurations by executing security
policies-as-code enabled in [Mondoo Platform](https://console.mondoo.com). Mondoo Platform comes stocked with an ever-increasing collection of
policy-as-code enabled in [Mondoo Platform](https://console.mondoo.com). Mondoo Platform comes stocked with an ever-increasing collection of
certified security policies which can be easily customize to meet your needs.

Mondoo supports scanning of Linux, Windows, and macOS, as well as Docker containers.
Expand Down
35 changes: 1 addition & 34 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,40 +79,7 @@ packer build amazon-linux-2.pkr.hcl

## Configure Packer Plugin cnspec

| **Name** | **Description** | **Type** | **Default** | **Required** |
| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ----------- | ------------ |
| `annotations` | Apply custom annotations to Packer build assets to provide additional metadata for asset tracking. | `map of strings` | None | No |
| `asset_name` | Overwrite the asset name in Mondoo Platform. | `string` | None | No |
| `on_failure` | Set `on_failure = "continue"` to ignore build failures that do not meet any set `score_threshold`. | `string` | None | No |
| `score_threshold` | Set a score threshold for Packer builds `[0-100]`. Any scans that fall below the `score_threshold` will fail unless `on_failure = "continue"`. To learn more, read [How Mondoo scores policies](https://mondoo.com/docs/platform/console/monitor/#how-mondoo-scores-policies) in the Mondoo documentation. | `int` | None | No |
| `sudo` | Use sudo to elevate permissions when running Mondoo scans. | `bool` | None | No |
| `mondoo_config_path` | The path to the Mondoo's service account. Defaults to `$HOME/.config/mondoo/mondoo.yml` | `string` | None | No |
| `output` | Set output format: compact, csv, full, json, junit, report, summary, yaml (default "compact") | `string` | None | No |
| `output_target` | Set output target. E.g. path to local file `result.xml` | `string` | None | No |

### Example: Complete Configuration

A simple configuration where we set a score threshold of 85 and use sudo to elevate permissions when running the scans:

```hcl
provisioner "cnspec" {
on_failure = "continue"
score_threshold = 85
sudo {
active = true
}
}
```

The following configuration shows how to set the output format to JUnit and the output target to `test-results.xml`:

```hcl
provisioner "cnspec" {
on_failure = "continue"
output = "junit"
output_target = "test-results.xml"
}
```
For detailed instructions on configuring the Packer Plugin cnspec, please visit the official HashiCorp documentation at Packer Plugin cnspec. There you'll find comprehensive guidance on setup and configuration options.

## Sample Packer Templates

Expand Down
6 changes: 2 additions & 4 deletions docs/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,8 @@ $ packer plugins install github.com/mondoohq/cnspec
#### Provisioners

- [cnspec](/packer/integrations/mondoohq/cnspec/latest/components/provisioner/cnspec) - Packer plugin [cnspec](https://github.com/mondoohq/cnspec) by [Mondoo](https://mondoo.com) scans
Linux and Windows machine images for vulnerabilities and security misconfigurations. The plugin retrieves CVE data from Mondoo, which is updated daily with the latest CVEs and advisories. Additionally, cnspec runs security scans using [cnspec-policies](https://github.com/mondoohq/cnspec-policies) to uncover common misconfigurations that open your hosts to the risk of attack.
- [mondoo](/packer/integrations/mondoohq/cnspec/latest/components/provisioner/mondoo) - The `mondoo` provisioner scans [Packer](https://www.packer.io) builds for vulnerabilities and misconfigurations by executing security
policies-as-code enabled in [Mondoo Platform](https://console.mondoo.com). Mondoo Platform comes stocked with an ever-increasing collection of
certified security policies which can be easily customize to meet your needs.
Linux and Windows machine images for vulnerabilities and security misconfigurations. The plugin retrieves CVE data from Mondoo, which is updated daily with the latest CVEs and advisories. Additionally, cnspec runs policy-as-code security scans using [cnspec-policies](https://github.com/mondoohq/cnspec-policies) to uncover common misconfigurations that open your hosts to the risk of attack.
- [mondoo](/packer/integrations/mondoohq/cnspec/latest/components/provisioner/mondoo) - Deprecated. Use the `cnspec` provisioner instead.

### Tutorials

Expand Down
13 changes: 12 additions & 1 deletion docs/provisioners/cnspec.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
description: |
The cnspec packer provisioner by Mondoo scans machine-image builds for vulnerabilities
and misconfigurations by executing security policies-as-code.
and misconfigurations by executing security policy-as-code.
page_title: cnspec - Provisioner
sidebar_title: cnspec
---
Expand All @@ -13,6 +13,7 @@ Type: `cnspec`
Packer plugin [cnspec](https://github.com/mondoohq/cnspec) by [Mondoo](https://mondoo.com) scans Linux and Windows machine images for vulnerabilities and security misconfigurations. The plugin retrieves CVE data from Mondoo, which is updated daily with the latest CVEs and advisories. Additionally, cnspec runs security scans using [cnspec-policies](https://github.com/mondoohq/cnspec-policies) to uncover common misconfigurations that open your hosts to the risk of attack.

## Basic Example

```hcl
provisioner "cnspec" {
on_failure = "continue"
Expand All @@ -23,6 +24,16 @@ provisioner "cnspec" {
}
```

The following configuration shows how to set the output format to JUnit and the output target to `test-results.xml`:

```hcl
provisioner "cnspec" {
on_failure = "continue"
output = "junit"
output_target = "test-results.xml"
}
```

## Configuration Reference

Optional Parameters:
Expand Down
4 changes: 2 additions & 2 deletions docs/provisioners/mondoo.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
description: |
The Mondoo packer provisioner scans machine-image builds for vulnerabilities
and misconfigurations by executing security policies-as-code.
and misconfigurations by executing security policy-as-code.
page_title: Mondoo - Provisioner
sidebar_title: Mondoo
---
Expand All @@ -14,7 +14,7 @@ Type: `mondoo`
> This plugin has been deprecated. Migrate to [Packer plugin cnspec by Mondoo](https://developer.hashicorp.com/packer/plugins/provisioners/mondoo/cnspec) for even easier security scanning of your Packer builds.
The `mondoo` provisioner scans [Packer](https://www.packer.io) builds for vulnerabilities and misconfigurations by executing security
policies-as-code enabled in [Mondoo Platform](https://console.mondoo.com). Mondoo Platform comes stocked with an ever-increasing collection of
policy-as-code enabled in [Mondoo Platform](https://console.mondoo.com). Mondoo Platform comes stocked with an ever-increasing collection of
certified security policies which can be easily customize to meet your needs.

Mondoo supports scanning of Linux, Windows, and macOS, as well as Docker containers.
Expand Down

0 comments on commit 3178a2b

Please sign in to comment.