Skip to main content

Policy Hub

Mondoo Platform Policies Hub

The POLICY HUB is a collection of policies, advisories, vulnerabilities and exploits used to assess risk across your assets.


Every new space contains a default set of policies which are developed and continuously maintained by Mondoo.

Any modifications to policies in a given space only affect that space, which allows you to customize policies for specific cloud accounts, environments, or assets.


A security advisory is a publication by a technology vendor that acknowledges one or more vulnerabilities in their products and often contains a way to fix them. Advisories may or may not be released before vulnerabilities are disclosed. Sometimes, advisories provide workarounds or other steps that users can take to mitigate a security weakness in the vendor’s products.


A vulnerability is a weakness in a computer system, which an attacker can exploit to gain access or extract information. Vulnerabilities may or may not contain a way to address the weakness.

Vendors often release advisories that provide recommendations on how to fix or mitigate vulnerabilities in their products.

Vulnerabilities may or may not contain exploits.

Vulnerability sources

Alpine LinuxAlpine Security Database
Arch LinuxArch Linux Security
Amazon Linux 1 & 2Amazon Linux Security Center
CentOSCentOS Updates
DebianDebian Security Information
FedoraFedora Updates
MicrosoftMicrosoft Security Response Center
NVDNational Vulnerability Database
Oracle LinuxOracle Linux Security
RHELRed Hat Product Security Center
SLES/openSUSESUSE Update Advisories
UbuntuUbuntu Security Notices
VMware PhotonPhoton Security Advisory
VMware Security AdvisoriesVMware Security