The POLICY HUB is a collection of policies, advisories, vulnerabilities and exploits used to assess risk across your assets.
Every new space contains a default set of policies which are developed and continuously maintained by Mondoo.
Any modifications to policies in a given space only affect that space, which allows you to customize policies for specific cloud accounts, environments, or assets.
A security advisory is a publication by a technology vendor that acknowledges one or more vulnerabilities in their products and often contains a way to fix them. Advisories may or may not be released before vulnerabilities are disclosed. Sometimes, advisories provide workarounds or other steps that users can take to mitigate a security weakness in the vendor’s products.
A vulnerability is a weakness in a computer system, which an attacker can exploit to gain access or extract information. Vulnerabilities may or may not contain a way to address the weakness.
Vendors often release advisories that provide recommendations on how to fix or mitigate vulnerabilities in their products.
Vulnerabilities may or may not contain exploits.
|Alpine Linux||Alpine Security Database|
|Arch Linux||Arch Linux Security|
|Amazon Linux 1 & 2||Amazon Linux Security Center|
|Debian||Debian Security Information|
|Microsoft||Microsoft Security Response Center|
|NVD||National Vulnerability Database|
|Oracle Linux||Oracle Linux Security|
|RHEL||Red Hat Product Security Center|
|SLES/openSUSE||SUSE Update Advisories|
|Ubuntu||Ubuntu Security Notices|
|VMware Photon||Photon Security Advisory|
|VMware Security Advisories||VMware Security|