There are two ways to install the CloudGraph CLI tool:
You can install CloudGraph using homebrew with the following command
- Requires Node 16+
Use this command to install and update CloudGraph to the latest version using NPM:
And add in compliance policy packs to supplement your data with instant security insights. You can find a list of currently supported policy packs in the Policy Packs repo
You can get up and running with three simple commands:
- This initializes CloudGraph's configuration. This command will ask you a series of questions about what providers you are using and how you would like CloudGraph configured.
2. This command launches an instance of Dgraph, the graphdb CloudGraph uses to store data under the hood. Note that there are 2 ways to launch an instance. BOTH of these require Docker to be installed and running. The preferred solution is to use our cg launch convenience command.
Note that if you do not want to use this command, for example, if you want to launch the Dgraph container in interactive mode, you can use the docker command below.
3. Scan for cloud infrastructure for all configured providers. This command will reach out and read all of the metadata on your cloud infrastructure. Note that it is completely normal to see warnings and errors while the cg scan command runs, these are usually caused by permissions issues. That said, if you encounter any problematic errors running CloudGraph you can prepend CG_DEBUG=5 to the beginning of your command as in, CG_DEBUG=5 cg scan. This will print out the verbose logs with more information and save the output to cg-debug.log. Please share your logs with us either by opening an issue on GitHub or let us know in our Slack Workspace.
That's it, you are all set to start querying! The query tool you selected during the cg init command will then be opened in your preferred browser to run queries, mutations, and visualizations on all of your cloud infrastructure! Note that if you installed any policy packs, such as AWS CIS 1.2, policy pack insight data will be automatically added to your cloud data!
Note that you may also use any GraphQL query tool you would like by connecting it to http://localhost:8997/graphql.
To stop the Dgraph instance(stop the Dgraph container) run:
Additionally, if you wish to remove the container after stopping it, run:
CloudGraph stores as many previous versions of your data as you configured in the cg init command. In order to load and query a previous version of your data simply run the cg load command and select the version of your data you wish to inspect like so: