Meet Mondoo: Unified Security for DevOps and Cloud

Mondoo bills itself as a comprehensive exposure management platform – think a single pane for all your security needs, on-prem and in the cloud. In practice, Mondoo continuously discovers and scans every asset in your infrastructure (servers, containers, cloud VMs, endpoints, you name it), finding vulnerabilities and misconfigurations early. It’s powered by open-source engines (cnquery and cnspec) and built for DevSecOps, so security checks slide right into your CI/CD pipelines. In short, Mondoo helps you find the biggest risks in your environment and then fix them fast – before they cause trouble.

Mondoo also automates compliance. Out of the box it includes built-in security policies and frameworks (NIST, CIS, ISO, NIS2, etc.) that continuously check your systems. These thousands of automated checks mean Mondoo can "gather audit evidence" and keep you compliant with industry standards around the clock. In other words, rather than manually hunting for compliance gaps, Mondoo does the heavy lifting. This policy-as-code approach even lets teams translate security and compliance rules into YAML and scripts, shifting security from a reactive chore to proactive control.

The tech world is evolving fast, and one of the latest shifts is a significant change to SSL/TLS certificate validity. By 2029, the industry will see certificates limited to just 47 days of validity — a move that’s expected to dramatically impact how organizations manage certificates and their security posture. This change will encourage more frequent renewals and better overall security practices. By using MQL (Mondoo Query Language), you can instantly spot certificates that are about to expire or fall under the new 47-day limit. The following MQL query, for example, checks for certificates that fall within this window:

1tls.certificates.first {notAfter - notBefore <= 47*time.day}

New DACH LinkedIn Page

Great news for our readers in Germany, Austria, and Switzerland: Mondoo just launched a German-language DACH LinkedIn page! This new channel will share lokalized content – news, events, and how-tos – on Mondoo’s Exposure Management platform and cloud security. Follow the Mondoo DACH page for deutschsprachige Updates on vulnerabilities, compliance, and all things Mondoo. You won’t miss important local webinars or product news relevant to the DACH community.

March 2025 Release: Highlights

Mondoo’s engineering team has been busy, and the March 2025 release is packed with exciting features. Here are the top highlights for the month:

• Smarter CVE Scanning: A completely new CVE detection engine was rolled out, hunting vulnerabilities across macOS, Linux, Windows and more. This means Mondoo now spots CVEs in places it didn’t before – like IBM AIX systems, Microsoft SQL Server, and even Office/Microsoft 365 apps. In short, "CVEs can’t hide" from Mondoo anymore.
• Actionable Findings: Every vulnerability report now includes a big "Take Action" button. In the Mondoo console you can quickly dive into a finding, hit Take Action, and instantly create a ticket, set an exception, or share the result with a teammate. The new CVE detail pages show asset info side-by-side with recommendations, so remediation is faster than ever.
• Flexible Exceptions: Not every warning needs immediate fixing. Mondoo now lets you create exceptions for specific CVEs or advisories. This is great for known low-risk issues (or vendor-acknowledged ones) – you can "whitelist" them and focus on the threats that matter most.
• Simplified Risk Scoring: The old A–F grades have been replaced with a clear LOW / MEDIUM / HIGH / CRITICAL scale. New risk factors (for example, an Internet-Exposed tag for cloud instances with public IPs) automatically surface your biggest priorities. When you drill into an asset, Mondoo now highlights why an asset is risky (high-risk configs, exposure, etc.), so you immediately know where to harden.
• Extended Asset Insights: Mondoo’s inventory just got richer. A new cloud metadata query can pull details (cloud provider, hostnames, public/private IPs, etc.) from AWS, Azure, and GCP instances. Meanwhile a new hypervisor-detection resource tells you if a box is running under VMware, Hyper-V, Xen, etc. All this context is now shown in the console so you see exactly what each asset is (bare metal vs. cloud VM, which hypervisor, etc.).
• SLA Tracking & Exports: Keeping up with remediation SLAs is easier now. The March update added a dedicated SLA section on dashboards, using PCI-DSS–style timeframes by default (customizable, of course). And if you love spreadsheets, Mondoo now supports one-click CSV exports of your entire data set. That means you can pull all your scan results into your BI tools or share them offline.
• Updated Compliance Policies: To keep detection sharp, Mondoo shipped updated benchmarks and policies. For example, the CIS benchmark for SUSE Linux Enterprise was refreshed to 2.0, and new AWS/Azure Kubernetes policies (EKS 1.6, AKS 1.6) are live. The team also rewrote the AWS Security Policy end-to-end (v4.0) with tons of new checks for cloud resources and Terraform plans. In short, Mondoo’s compliance content is staying up-to-date with the latest best practices.

Why Tech Teams Should Pay Attention

If you haven’t looked at Mondoo lately, now’s a great time. The platform embodies a modern DevSecOps approach: it unifies security, compliance and even cost-control policies in code, and plugs directly into your cloud/CI pipelines. In fact, Mondoo’s own "Policy as Code" solution is all about helping teams go from reactive to proactive security. By automating enforcement of security and compliance rules, organizations can dramatically cut misconfigurations and audit headaches. In practice this means developers and ops engineers get immediate feedback on infra-as-code or container changes, long before anything hits production.

Security teams also get the big picture. Mondoo "inventories" your entire attack surface – from VMs to Kubernetes to SaaS apps – and continuously prioritizes the most critical risks. This way you’re not scrambling after every alarm, but instead focusing on the high-impact fixes first. As Mondoo’s product team says, adopting a declarative, policy-driven approach lets you shift from reactive to proactive control, reducing misconfigurations and boosting efficiency. And with built-in compliance frameworks, Mondoo even handles evidence collection for you, so audits turn from a headache into a dashboard view.

Bottom line: Mondoo brings security automation and "shifts left" in cloud and DevOps environments. The latest features (like the CVE engine and risk factors) show how the platform is constantly improving. If you care about secure, compliant infrastructure – especially in multi-cloud or hybrid setups – Mondoo is worth checking out.

Kickstart Your Mondoo Journey

Loving what you see? Ready to dive deeper? We (as official Mondoo partners) offers "Mondoo Essentials" training – a hands-on course that walks you through deploying Mondoo, writing custom policies, and automating security tasks. It’s a 2 day deep-dive (online or in-person) that turns newcomers into Mondoo power-users. Sign up for a Mondoo Essentials session at https://infralovers.com and level up your security automation skills. Your team’s next audit might just thank you for it!