Software Supply Chain Security with Mondoo

Mondoo integrates into your existing development workflows to help you catch security issues early in the development process. Finding and fixing vulnerabilities during development is faster and less disruptive than discovering them in production.

Ways to use Mondoo in software development

There are many ways to use Mondoo within the software development process:

• CI/CD testing - Mondoo integrates easily into all major CI tooling, such as:

  • Azure Pipelines

  • CircleCI

  • GitHub Actions

  • GitLab CI/CD

  • Jenkins

• Secure base images - Use cnspec to ensure you build virtual instances that are free of security vulnerabilities. It integrates with:

  • Docker

  • HashiCorp Packer

  • HashiCorp Terraform

• Container image security - Use cnspec to test containers for security vulnerabilities during development on your workstation before publishing to container registries, including:

  • AWS Elastic Container Registry

  • Azure Container Registry

  • Google Container Registry

  • Docker Hub

---