Software Supply Chain Security with Mondoo

Mondoo integrates into existing developer software development workflows with minimal friction. It empowers all developers to easily surface security vulnerabilities and misconfigurations before they reach production.

Ways to use Mondoo in software development

There are many ways to use Mondoo within the software development process:

• CI/CD testing - Mondoo integrates easily into all major CI tooling, such as:

  • Azure Pipelines

  • CircleCI

  • GitHub Actions

  • GitLab CI/CD

  • Jenkins

• Secure base images - Use cnspec to ensure you build virtual instances that are free of security vulnerabilities. It integrates with:

  • Docker

  • HashiCorp Packer

  • HashiCorp Terraform

• Container image security - Use cnspec to test containers for security vulnerabilities during development on your workstation before publishing to container registries, including:

  • AWS Elastic Container Registry

  • Azure Container Registry

  • Google Container Registry

  • Docker Hub

  • Harbor Container Registry

---