Platform Quickstart
Go from a new Mondoo account to your first prioritized security findings in about 15 minutes. Create a space, connect one asset, and see what needs fixing.
This quickstart takes you from a brand-new account to your first prioritized findings in about 15 minutes. You connect a single asset, let Mondoo assess it, and see what to fix first. You can grow into the full structure later.
Just want to try the CLI?
You don't need a Mondoo Platform account to scan something. The open source cnspec CLI scans a laptop, cloud account, or container from your terminal in a couple of minutes, with no sign-up. Come back here when you want a continuously updated dashboard across all of your assets.
Step 1: Create your account and a space
- Sign in at app.mondoo.com to create your account.
- Create an organization to hold your work.
- Inside that organization, create a single space. A space is where your assets, findings, policies, and reports live.
Keep it simple to start
Mondoo gives you regions, organizations, spaces, and workspaces to organize large fleets, but you don't need to design all of that now. Start with one space. When you understand how you want to group things, read Plan Your Mondoo Organization and reorganize. You can move assets and add spaces at any time.
Step 2: Connect your first asset
Mondoo can assess clouds, Kubernetes, servers, SaaS platforms, containers, and network devices. For your first asset, pick whichever path is fastest for you:
- Easiest for most teams: a SaaS integration. Connecting GitHub or GitLab is agentless. You authorize Mondoo and it starts assessing right away.
- A cloud account. Connect AWS, Azure, or Google Cloud. Have your account ID and an administrative or read-only role ready.
- A server or laptop. Install the cnspec agent on a Linux, macOS, or Windows host and register it with Mondoo. This takes two commands.
See Integrate Your Assets for the full list of integrations and their requirements.
What happens next
As soon as an integration is connected, Mondoo begins scanning. Cloud and SaaS integrations re-scan on a schedule, so your findings stay current as your environment changes.
Step 3: See your first findings
Once your asset is connected and scanned, open your space. The Dashboard shows your space's overall risk, and Findings > Security lists the individual findings behind it.
- The security posture view lets you zoom from your whole space down to a single asset.
- Each finding carries a risk score that combines severity, exploitability, and your environment, so the most urgent issues rise to the top instead of getting lost in a flat list.
A new asset usually surfaces a mix of misconfigurations and known vulnerabilities. That's expected. The point of the next step is to work through them in priority order rather than all at once.
Step 4: Fix something
Open Initiatives. Mondoo ranks the fixes that remove the most risk for the least effort, so you always have a clear "do this next."
Pick the top item and either:
- Follow the remediation guidance to fix it directly, or
- Route it into your workflow. Mondoo can open tickets in your issue tracker or drive fixes as pull requests and playbooks.
That loop, connect, prioritize, fix, repeat, is the core of using Mondoo day to day.
Where to go next
Connect more assets
Add the rest of your clouds, clusters, SaaS, and servers.
Explore your inventory
See every asset Mondoo discovered and drill into its configuration.
Plan your organization
Design the regions, organizations, spaces, and workspaces for your real fleet.
Navigate the Mondoo App
Learn your way around the console.
Reach continuous compliance
Map your findings to SOC 2, CIS, PCI DSS, and other frameworks.
For questions or to share feedback, join the Mondoo Community Slack.
What Is Mondoo?
Mondoo finds, prioritizes, and resolves the vulnerabilities and misconfigurations that put your business at risk across cloud, Kubernetes, containers, servers, SaaS, network devices, and your SDLC.
Core Concepts
The handful of concepts that appear everywhere in Mondoo. Learn what an asset, policy, check, finding, and risk score are, and which Mondoo tool to use for what.