Skip to main content

Mondoo Platform and Mondoo Client set up

This guide covers signing up for an account on Mondoo Platform, and installing and configuring Mondoo Client on a workstation.

info

Need Help?

Join us in the Mondoo Community Slack channel if you run into any issues. We are here to help!

Step 1: Sign up - Mondoo Platform


Mondoo Platform - Sign Up

To use Mondoo you first need to sign up! Follow these steps to sign up for an account on Mondoo Platform:

  1. Open a browser and go to https://console.mondoo.com/signup.
  2. Create an account using single sign-on (SSO) via Google, GitHub, and Microsoft 365, or email/password.
  3. Log in to your account.

Getting started with Mondoo Platform

Mondoo Platform is a SaaS security platform for DevOps and security practitioners. It provides a central location to manage the security policies for your business-critical infrastructure. To help with management, Mondoo Platform provides a hierarchical structure of organizations and spaces. Each new account starts with one organization and one space.

  • Organization - Top-level structure to manage team members, and create additional spaces.
  • Space - Grouping mechanism and isolation boundary for your assets. Each space has its own POLICY HUB containing a collection of default security policies maintained by Mondoo that can be enabled, disabled, and customized for the assets connecting to that space. Additionally, you can develop your own policies and upload them to any, or all of the spaces that you create.
  • FLEET - Results for infrastructure scanned with Mondoo.
  • CI/CD - Results of security scans in CI/CD platforms and Kubernetes workload deployments
  • INTEGRATIONS - Configure integrations with Mondoo Platform.
  • SETTINGS - Manage space settings including space name, members, and service accounts.

For more information on configuring Mondoo Platform, see Platform Overview.

Step 2: Install and register Mondoo Client on a workstation


Mondoo Client is a cross-platform binary that provides a number of capabilities including:

  • Security scanning - Scan local and remote targets such as public cloud (AWS, Azure, Google Cloud), private cloud (VMware), Kubernetes clusters, servers and endpoints (Linux, Windows, macOS), containers, container registries, Terraform code, DNS, TLS/SSL certificates, and more.
  • Continuous security assessments - Run Mondoo Client as a background service on hosts to run continuous security assessments on assets.
  • Real-time discovery - Connect directly to local and remote targets with Mondoo Shell and query your assets using MQL.
  • Mondoo Platform administration - Use Mondoo as a command-line interface (CLI) to administer Mondoo Platform.

To get started scanning infrastructure you will need to install Mondoo Client and register it with Mondoo Platform.

Install and register Mondoo Client

When you first log in to your default space, you will be greeted with a landing page to help you start integrating assets. Select Get Started to add your integration.

Landing Page

On the Available Integrations page select Workstation to get started setting up your Workstation.

Add Integrations Page

On the Workstation page, select your operating system for OS-specific installation instructions. You can copy and paste these setup instructions directly into a terminal or PowerShell to install and register Mondoo Client.

Workstation Installation Page

info

Mondoo registration tokens generated in the Getting Started page expire every 600 seconds. Long-lived tokens can be generated by navigating to the Generate Long-Lived Tokens page instead of the Workstation page.

Next steps

Now that Mondoo Client is installed and registered with Mondoo Platform you are ready to begin scanning assets using Mondoo policies.