Mondoo Glossary

Key terms and concepts used throughout Mondoo Platform, cnspec, cnquery, and MQL documentation.

advisory

An advisory is a notice released by a software vendor that provides recommendations on how to fix or mitigate a vulnerability in their product.

Metadata that you add to an asset in Mondoo is called an annotation. Annotations are key-value pairs that you can use for organizing, filtering, and categorizing assets. Common uses include tagging assets by team, environment (production, staging), project, or cost center.

API token

An API token gives an application or service access to an application programming interface (API). It's one way to enable different software programs to interact. Some Mondoo integrations rely on API tokens. You can also create API tokens that provide access to Mondoo's GraphQL API.

asset

An asset is a physical or virtual computing, network, or storage device or other component of the information environment. Workstations, servers, SaaS environments, cloud storage, repositories, and virtual machines are only a few examples.

base score

Each finding that Mondoo reveals has a base score associated with it. For misconfigurations exposed by Mondoo's security policies, the base score comes from the policy. For CVEs and advisories, the base score is the CVSS score.

blast radius

The blast radius of a finding is the number of assets in the space affected by that finding. A higher blast radius means fixing the issue will improve security across more assets, helping you prioritize which findings to remediate first.

check

A check is a verification of information. For example, a check can assert that an asset has a certain setting enabled or a software version installed. To learn more, read Policy as Code.

check variant

A check variant is an alternative version of a check that behaves differently based on conditions you define. Variants allow a single check to apply to different asset types or platforms using filters. For example, a check that verifies S3 bucket encryption can have variants for both an AWS S3 bucket and Terraform code that creates that bucket.

CI/CD

Continuous integration and continuous delivery/deployment (CI/CD) is a highly automated software development practice in which teams make, test, and deploy frequent, incremental code changes. Mondoo integrates with major CI/CD platforms to enable security testing throughout the development process.

console

The Mondoo Console is a browser-based user interface for managing your Mondoo account. Access the Mondoo Console at console.mondoo.com.

contextual risk factors

When calculating risk, Mondoo considers the environment in which a finding exists. Contextual risk factors, such as an end-of-life operating system, a running service, or defensive countermeasures on the asset, increase or decrease the risk of a finding.

cnquery

cnquery is Mondoo's open source, cloud-native tool that answers every question about your infrastructure. It integrates with over 600 resources to provide quick insight into your operations and development platforms.

cnspec

cnspec is Mondoo's open source, cloud-native tool that evaluates the security of your entire infrastructure. It's also a core component of the Mondoo Platform, serving as both a CLI and an agent for scanning.

compliance framework

A compliance framework is a set of standards, procedures, and controls written by a governing or authority organization. Businesses and agencies use compliance frameworks to ensure they are operating within legal and ethical boundaries, meeting mandated regulations and industry standards, and managing risk. Some examples of compliance frameworks are SOC 2 Type II, PCI DSS, and HIPAA.

In Mondoo, compliance frameworks are codified sets of checks that programmatically verify that your infrastructure meets the written standards.

control

A control is a general guideline in a compliance framework. For example, "Log sensitive data access" and "Maintain secure network architecture" are controls in a framework.

CVE

A CVE (Common Vulnerabilities and Exposures) is a publicly disclosed security flaw in software that an attacker can exploit. Each CVE has a unique identifier (like CVE-2026-1234) and a severity rating.

drift

See security drift.

framework

See compliance framework.

finding

A finding is a potential security issue discovered during a scan. Findings can include misconfigurations detected by policy checks, known vulnerabilities (CVEs), or advisories. Each finding has a risk score based on its severity and contextual factors.

integration

An integration is Mondoo's connection and communication with an external system. Most integrations are with assets. They allow Mondoo to gather inventory details, assess the security of an asset, and measure compliance.

A Mondoo integration can also provide communication with a data export destination or a project management or ticket system.

inventory

An inventory is a collection of all the assets in your infrastructure. Mondoo's inventory gives you visibility into the details of all your assets across multiple platforms.

Mondoo Platform

Mondoo Platform is Mondoo's full-stack compliance, security, and asset intelligence solution for the enterprise. It integrates with your infrastructure to continuously monitor security and evaluate compliance with the most common industry frameworks.

MQL

MQL (Mondoo Query Language) is a graph-based query language built for searching and checking infrastructure configuration data and building security policies. For example, aws.ec2.instances { instanceId region state } queries EC2 instance details. To learn more, read Write Effective MQL.

organization

An organization contains one or more spaces. Organizations typically represent a company or business unit. They provide centralized billing, allow you to manage team member access across multiple spaces, and let you set organization-wide security policies.

policy

A policy is a codified benchmark used to assess your infrastructure. Policies control what misconfigurations and security issues Mondoo checks for when it evaluates your digital business assets. To learn more, read Policy as Code.

policy bundle

A policy bundle is a collection of policies packaged together in a single file. Bundles allow you to organize related policies and reuse queries and checks across multiple policies.

property

A property is a variable part of a check. Properties let you customize the checks in a policy. For example, a policy might include a check to ensure that passwords are at least eight characters. The password length is a property that you can change.

provider

A provider is a component of cnquery and cnspec that enables querying and scanning specific platforms and infrastructure types. Examples include the AWS provider, Kubernetes provider, and OS provider. Providers are automatically downloaded as needed or can be manually installed.

query

A query is a request for information. The cnquery CLI tool allows you to query assets in your infrastructure.

query pack

A query pack is a collection of queries bundled together to gather specific information from your infrastructure. Query packs let you run multiple related queries at once.

region

A region is the part of the world in which an organization conducts business. Mondoo stores and processes your data in different regions to comply with global regulations.

registration token

A registration token is a credential used to register cnspec with Mondoo Platform. When you register cnspec using a token, it creates a service account that allows the agent to report scan results to the Mondoo Console.

risk factor

Risk factors are attributes that can raise or lower the risk that a finding poses to your organization. Examples include whether an asset is internet-facing, has a running service, stores sensitive data, or has defensive countermeasures in place.

risk score

Mondoo assigns a risk score of Low, Medium, High, or Critical to each finding. This score is calculated using a base score (from the policy) and contextual risks such as credentials exposed to the internet or a running service or database.

score

Mondoo gives each asset and space a security score that represents its ability to withstand attack. Scores are based on the security policies you choose. To learn how Mondoo calculates scores, read How Mondoo Evaluates Risk.

SBOM

A software bill of materials (SBOM) is a detailed inventory of all software components, libraries, and dependencies on an asset. cnquery can generate SBOMs in standard formats such as CycloneDX and SPDX.

scan

A scan is the process of running cnspec or cnquery against a target asset to evaluate its security posture, check compliance, or gather inventory information. Scans can run on-demand from the command line or continuously through Mondoo Platform integrations.

security drift

Security drift (also known as "security posture drift" or just "drift") occurs when your infrastructure becomes more vulnerable to attack. Security practices and controls can deteriorate over time as your system configurations deviate from your established baselines. It's important to catch drift before it becomes a big problem. You can configure Mondoo to automatically create a ticket in your tracking system (such as Jira or ServiceNow) when it detects drift.

security posture

Your security posture is your organization's ability to identify, respond to, and recover from security threats and risks.

service account

A service account is an identity used by a non-human (such as an application or a service) to access a software system. Mondoo relies on service accounts for some integrations. You can also create service accounts that provide access to Mondoo.

service-level agreement

For security, development, and operations, a service-level agreement (SLA) is a contract between different teams outlining expectations and promises. Mondoo's focus on SLAs is timing: the committed maximum time to remediate security findings after they're discovered.

On this page