Get Started

Core Concepts

The handful of concepts that appear everywhere in Mondoo. Learn what an asset, policy, check, finding, and risk score are, and which Mondoo tool to use for what.

A few concepts show up everywhere in Mondoo, whether you work in the Platform console, the cnspec CLI, or your editor. Learn them once here, then follow the links to go deeper when you need to. Every term below is also in the glossary.

What Mondoo looks at

  • Asset. Anything Mondoo scans: a server, a cloud account, a Kubernetes cluster, a SaaS app, a container image, a Git repository, or a network device. Each asset belongs to exactly one space.
  • Space, organization, region. The containers you organize assets into. A space holds a set of assets you manage together; an organization groups spaces; a region is where your data lives. Read Plan your organization.
  • Integration. The connection between an asset and Mondoo. You add an integration for the platform an asset runs on (AWS, GitHub, a Linux host), and Mondoo scans it continuously. Browse them in Integrate your assets.
  • Provider. The component that knows how to talk to a given platform. cnspec loads the AWS provider to scan AWS, the Kubernetes provider to scan a cluster, and so on. Read About providers.

What Mondoo checks

  • Policy. A collection of checks, written as code, that defines what "secure" means for a kind of asset. Mondoo provides its own policies out of the box, plus certified CIS, NIST, and BSI benchmarks on Mondoo Platform, and you can write your own. Read how Mondoo evaluates assets.
  • Check. A single test inside a policy, for example "SSH does not allow root login." A check either passes or fails on an asset.
  • MQL. Mondoo Query Language, the language every check is written in. The same query you run to explore an asset becomes the check you ship in a policy. Read MQL.
  • Compliance framework and control. A framework (SOC 2, PCI DSS, CIS) is a set of controls, and Mondoo maps your checks to those controls so the same scans prove compliance. Read Compliance.

What you get back

  • Finding. Something Mondoo wants you to look at: a failed check, a vulnerability (CVE), or an advisory on a specific asset.
  • Risk score. Mondoo combines a finding's severity, exploitability, and your environment into one score, so the few findings that truly matter rise to the top instead of a flat list of alerts. Read Findings and risk.
  • Exception. Your decision to accept, snooze, or suppress a finding, with a reason. You stay in control of what counts. Read Exceptions.
  • Remediation. Fixing a finding. Mondoo gives you the guidance and can drive the work into tickets, pull requests, and playbooks. Read Track and fix findings.

Which Mondoo tool should I use?

Mondoo gives you several ways to work. They share the concepts above, so skills carry over from one to the next.

ToolUse it toRuns
Mondoo PlatformSee your whole fleet, prioritize risk, prove compliance, and track fixesHosted web console
cnspecScan infrastructure and query assets from your terminal or CI/CDOpen source CLI and agent
xgrepFind vulnerabilities and leaked secrets in source codeOpen source CLI and CI
VS Code extensionCatch code and infrastructure issues as you write themYour editor
MQLQuery any asset and author your own checks and policiesInside cnspec and policies

Most teams use more than one: cnspec and xgrep find the issues, MQL defines what to check, and the Platform turns the results into one prioritized path to resolution.

Keep going

Quickstart

Go from a new Mondoo account to your first prioritized security findings in about 15 minutes. Create a space, connect one asset, and see what needs fixing.

Overview

Plan how to structure your assets in Mondoo using regions, organizations, spaces, and workspaces.

On this page

What Mondoo looks atWhat Mondoo checksWhat you get backWhich Mondoo tool should I use?Keep going