Check nextcloud-security-scan


Checks the security of your private cloud server using Nextcloud Security Scan from, so the check itself does not need to run on the same host that serves Nextcloud. Triggers a rescan on if result is older than 14 days (default). Have a look at for further explanation. Works with ownCloud, too.


  • Run it once a day max. There is an API limit at the server at the /api/queue endpoint with less than 100 POST requests a day (you will then run into a „403 Forbidden“).

  • --noproxy not implemented

  • --insecure not implemented

Fact Sheet

Check Plugin Download

Check Interval Recommendation

Once a day or week

Can be called without parameters


Compiled for

Linux, Windows


usage: nextcloud-security-scan [-h] [-V] [--insecure] [--no-proxy]
                               [--timeout TIMEOUT] [--trigger TRIGGER] -u URL

Checks the security of your private Nextcloud server.

  -h, --help         show this help message and exit
  -V, --version      show program's version number and exit
  --insecure         This option explicitly allows to perform "insecure" SSL
                     connections. Default: False
  --no-proxy         Do not use a proxy. Default: False
  --timeout TIMEOUT  Network timeout in seconds. Default: 7 (seconds)
  --trigger TRIGGER  Trigger re-scan of the Nextcloud server if result on
            is older than n days. Default: 14
  -u URL, --url URL  Nextcloud API URL, for example "".

Usage Examples

./nextcloud-security-scan --url --timeout 1 --trigger 10


"A+" rating for, checked at 2021-06-04, on Nextcloud v21.0.2.1.


  • CRIT if Nextcloud Rating is F, E.

  • WARN if Nextcloud Rating is D, C.

  • Otherwise OK.

Perfdata / Metrics

There is no perfdata.

Credits, License