We’re excited to unveil Mondoo’s Unified Policy as Code solution at Google Next 2025, the industry’s only platform that lets you define policies once, and enforce them everywhere. With Mondoo, organizations can express security, compliance, operations best practices, and cost control policies as code, then automate and scale them across every layer of their IT infrastructure from code to production.

Unlike fragmented tools that silo security from engineering, Mondoo bridges the gap between the software development lifecycle (SDLC) and IT operations, bringing unified policy enforcement to cloud, on-prem, Kubernetes, SaaS, endpoints, and more - all from a single platform. 

As enterprises increasingly adopt cloud-native and hybrid infrastructures, digital environments are becoming more complex, leaving organizations struggling with their security, compliance, and costs in a scalable way. Mondoo Policy as Code helps address these challenges by empowering security and platform engineering teams to seamlessly automate and scale their policies across cloud and on-prem environments. By adopting a declarative approach, organizations can shift from reactive security to proactive control, reducing misconfigurations and enhancing operational efficiency.

Mondoo Query Language (MQL) was designed from the ground up to be accessible to both security teams and platform engineers. In most organizations, there’s a gap between the people responsible for securing infrastructure and those responsible for building and operating it. Mondoo helps close that gap by providing a unified policy framework that empowers collaboration between DevOps, platform engineering, and security. Mondoo includes a rich library of common policies, industry best practices, and compliance frameworks that can be used out-of-the-box or fully customized. It also features a pre-trained AI policy generator to quickly create new policies or update existing ones, accelerating adoption across both teams.

“Mondoo offers an intuitive approach centered on YAML policies and lightweight Mondoo Query Language (MQL) scripts,” said Dominik Richter, Chief Product Officer at Mondoo. “Unlike other projects, these are purpose-built for security teams, making it the easiest solution to use and understand on the market. Thanks to LLMs, a lot of time and effort is saved while translating requirements. By codifying policies and automating enforcement, businesses can significantly reduce security risks, avoid compliance violations, and gain better visibility into their cloud spending.”

Mondoo Query Language (MQL) powers unified policy as code—enabling security and platform engineering teams to define policies once and enforce them consistently across the entire software delivery lifecycle. MQL is used in cnspec, Mondoo’s open source, cloud-native tool for assessing security, compliance, operational efficiency, and cost control across infrastructure, from code to runtime.

Mondoo policies work seamlessly across Terraform HCL, Terraform plan files, Terraform state, and the actual infrastructure those tools provision—ensuring a single policy definition can validate both configuration-as-code and real-world deployments. Policies are centrally visible and manageable via the Mondoo UI, making them accessible to both security/compliance teams and platform/DevOps engineers.

Key benefits of Mondoo Policy as Code include:

• Unify policies for security, compliance, operations, and cost
• Bridge the gap between security and engineering with shared visibility
• Define once, enforce everywhere—from local dev to runtime
• AI-assisted authoring with LLM-generated templates
• Inventory cloud, Kubernetes, SaaS, and endpoint assets
• Streamline exceptions management across environments
• Reduce manual effort and human error
• Optimize infrastructure costs through policy enforcement
• Improve cross-functional collaboration

Mondoo will be live at Google Cloud Next 2025, showcasing how security and platform engineering teams can define policy once and enforce it everywhere, from Terraform to runtime. Visit us at booth #3361 at the Mandalay Bay Convention Center in Las Vegas, April 9–11.

Want a deeper dive? Download our Policy as Code white paper or book a personalized demo to see how Mondoo helps you secure, optimize, and streamline your cloud infrastructure at scale.