Skip to main content

Software Supply Chain Security with Mondoo

As businesses mature in their use of automation to build applications, and cloud computing environments, the opportunity to inject security into that process grows as well.

Mondoo is designed to integrate into existing developer software development workflows with minimal friction. The purpose of this is to empower all developers to easily surface security vulnerabilities and misconfigurations before they reach production.

Ways to use Mondoo in software development

Mondoo can be used within the software development process in the following ways:

  • Container Build Security - Use Mondoo to test containers for security vulnerabilities during development on your workstation before publishing to a container registry.

  • Secure Base Images - Use Mondoo with tools like HashiCorp Packer and EC2 Image Builder to build virtual instances that are free of security vulnerabilities.

  • CI/CD Testing - Mondoo integrates easily into all CI tooling such as Azure Pipelines, CircleCI, GitHub Actions, GitLab CI/CD, and more.

  • Live Query Infrastructure - Use Mondoo Shell to query systems for their configuration in real time as you develop automation code such as Terraform.

  • Develop Policies As Code - Use Mondoo Query Language (MQL) to develop policies to ensure your infrastructure and applications adhere to the specific standards of your environment.