> For the complete documentation index, see [llms.txt](https://docs.n8n.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.n8n.io/deploy/host-n8n/configure-n8n/security/run-security-audits.md).

# Run security audits

You can run a security audit on your n8n instance, to detect common security issues.

## Run an audit <a href="#run-an-audit" id="run-an-audit"></a>

You can run an audit using the CLI, the public API, or the n8n node.

### CLI <a href="#cli" id="cli"></a>

Run `n8n audit`.

### API <a href="#api" id="api"></a>

Make a `POST` call to the `/audit` endpoint. You must authenticate as the instance owner.

### n8n node <a href="#n8n-node" id="n8n-node"></a>

Add the [n8n node](/integrations/builtin/core-nodes/n8n-nodes-base.n8n.md) to your workflow. Select **Resource** > **Audit** and **Operation** > **Generate**.

## Report contents <a href="#report-contents" id="report-contents"></a>

The audit generates five risk reports:

### Credentials <a href="#credentials" id="credentials"></a>

This report shows:

* Credentials not used in a workflow.
* Credentials not used in an active workflow.
* Credentials not use in a recently active workflow.

### Database <a href="#database" id="database"></a>

This report shows:

* Expressions used in **Execute Query** fields in SQL nodes.
* Expressions used in **Query Parameters** fields in SQL nodes.
* Unused **Query Parameters** fields in SQL nodes.

### File system <a href="#file-system" id="file-system"></a>

This report lists nodes that interact with the file system.

### Nodes <a href="#nodes" id="nodes"></a>

This report shows:

* Official risky nodes. These are n8n built in nodes. You can use them to fetch and run any code on the host system, which exposes the instance to exploits. You can view the list in [n8n code | Audit constants](https://github.com/n8n-io/n8n/blob/master/packages/cli/src/security-audit/constants.ts#L51), under `OFFICIAL_RISKY_NODE_TYPES`.
* Community nodes.
* Custom nodes.

### Instance <a href="#instance" id="instance"></a>

This report shows:

* Unprotected webhooks in the instance.
* Missing security settings
* If your instance is outdated.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.n8n.io/deploy/host-n8n/configure-n8n/security/run-security-audits.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.