Mondoo Documentation
Find, prioritize, and fix the vulnerabilities and misconfigurations that put your business at risk. Everything you need to work with the Mondoo Platform, the cnspec CLI, MQL, and the xgrep code scanner.
Platform
Connect your infrastructure, assess its security posture, prove compliance, and track every finding to resolution in the Mondoo console.
Explore Platform docscnspec
Scan systems, clouds, SaaS services, and APIs against security policies from your terminal with the open source cnspec CLI.
Explore cnspec docsMQL
Query any asset and write security checks with MQL, the language behind cnspec. Includes the full resource reference for every provider.
Explore MQL docsxgrep
Scan code for real, exploitable vulnerabilities with xgrep, the fast Semgrep-compatible scanner with code intelligence built for AI agents.
Explore xgrep docsVS Code
Catch code and infrastructure security issues without leaving your editor with the Mondoo Security extension for Visual Studio Code.
Explore VS Code docsExplore the docs
Integrate your infrastructure
Connect cloud, Kubernetes, SaaS, network devices, servers, and endpoints.
Assess security
Measure your security posture and prioritize the riskiest findings.
Reach continuous compliance
Monitor compliance frameworks and customize them to your needs.
Track and fix findings
Drive remediation to done with your ticketing and workflow tools.
Run reports
Share results with your team and export Mondoo data.
Gain asset intelligence
Understand every asset in your inventory and how it changes.
Manage Mondoo
Administer access, organizations, spaces, and agents.
MQL resource reference
Browse every resource, field, and example by provider.
Can't find what you need?
Join the Mondoo community Slack channel to chat with the Mondoo team and other users. For definitions of Mondoo terms, read the glossary.