Mondoo
Docs
Get Started

What Is Mondoo?

Mondoo finds, prioritizes, and resolves the vulnerabilities and misconfigurations that put your business at risk across cloud, Kubernetes, containers, servers, SaaS, network devices, and your SDLC.

Mondoo is a unified security platform built to resolve vulnerabilities and misconfigurations, not just detect them. Mondoo combines a finding's severity, exploitability, and environment context into one risk score, so you focus on the few critical issues that truly matter instead of drowning in alerts.

You scan every layer of your stack with one policy engine, one query language, and one remediation workflow. Mondoo continuously assesses your environment throughout the development lifecycle and in production, and turns risks into actionable fixes (code changes, pull requests, or playbooks).

What you can do with Mondoo

  • Continuously assess every asset across the development lifecycle and in production, with real-time drift detection

  • Prioritize what matters using risk scoring that combines exploitability, exposure, and business impact

  • Resolve risk with code-level fixes, pull requests, and Ansible or Terraform playbooks

  • Automate compliance against frameworks and CIS benchmarks with automated evidence collection

  • Track outcomes through executive reports, vulnerability trends, and posture metrics

  • Customize everything with policy as code that fits your organization's standards

  • Stay in control: every check is auditable, and you decide what gets remediated

Security and compliance testing for any infrastructure

Misconfigurations and unpatched vulnerabilities pose the biggest risk to the technology, infrastructure, and services that power your business. Mondoo protects your:

  • Public clouds: Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Oracle Cloud Infrastructure (OCI)

  • Private clouds: VMware vSphere

  • Operating systems: Linux, Windows, macOS, AIX, FreeBSD

  • Containers: Docker, container registries (Amazon ECR, Azure ACR, Google GCR, Harbor, Docker Hub)

  • Orchestration: Kubernetes (Amazon EKS, Google GKE, Azure AKS, Red Hat OpenShift, self-managed)

  • SaaS platforms: GitHub, GitLab, Okta, Slack, Microsoft 365, Google Workspace, Cloudflare, Snowflake, Tailscale

  • Network devices: Arista EOS, Cisco IOS/NX-OS, F5 BIG-IP, Fortinet FortiOS, Juniper Junos OS, Palo Alto PAN-OS, Ubiquiti UniFi

  • Server applications: Apache2, Microsoft Exchange, and Nginx

For the full list, read Supported Scan Targets.

Integrate security into every phase of the change process

Use Mondoo to find and fix security vulnerabilities and misconfigurations before they reach production. Mondoo does this by:

  • Testing your code, containers, and infrastructure as you build

  • Integrating with your CI/CD pipeline to test every change against your policies, without breaking builds

  • Running continuously across all environments, so drift surfaces the moment it happens

Policy as code

Mondoo policies are high-level code that automate security and compliance. Adopt out-of-the-box policies certified by Mondoo and the Center for Internet Security (CIS), or write your own to match your organization's unique standards. Every policy, every check, and every result is auditable.

Get started

To create a Mondoo account, sign in at console.mondoo.com. For enterprise plans or hands-on help, contact Mondoo.

If you already have an account:

For questions or to share feedback, join the Mondoo Community Slack.

Mondoo Platform Docs

Previous Page

Overview

Plan how to structure your assets in Mondoo using regions, organizations, spaces, and workspaces.

On this page

What you can do with MondooSecurity and compliance testing for any infrastructureIntegrate security into every phase of the change processPolicy as codeGet started