Security

Summary cnquery is an open-source tool from Mondoo for asking questions about the current state of your infrastructure. Using the Mondoo Query Language (MQL),

Summary cnspec is an open-source security and compliance scanner from Mondoo. It evaluates infrastructure against policies expressed as code—security

Summary OpenBao is an open-source platform for secrets management, encryption, and identity-based access to sensitive data. It originated as a community fork of

Summary An Access Control List (ACL) is an ordered set of rules attached to a resource that specifies which subjects (users, groups, source addresses, services)

Summary The Clarifying Lawful Overseas Use of Data Act (CLOUD Act) is a 2018 US federal law. It clarifies that US authorities can compel US-based technology

Summary Device posture is the security state of an endpoint at the moment it tries to connect — patch level, OS version, disk encryption, EDR/MDM enrolment,

Summary An identity provider (IdP) is the trusted service responsible for authenticating users and machines, and for issuing tokens or assertions that

Summary A mesh VPN is a VPN topology in which every authorised client builds direct, encrypted peer-to-peer connections to every other client. Only identity,

Summary Multi-Factor Authentication (MFA) requires a user to present more than one independent proof of identity. The common combination is "something you

Summary A reverse proxy is a server placed in front of one or more backend services. It accepts client requests on their behalf, applies cross-cutting concerns

Summary Schrems II is the 2020 judgment of the Court of Justice of the European Union (case C-311/18). It invalidated the EU–US Privacy Shield framework and

Summary SCIM (System for Cross-domain Identity Management) is an open REST/JSON standard for automatically provisioning, updating, and de-provisioning user

Summary A SIEM (Security Information and Event Management) platform ingests security events from across an environment, normalises and correlates them, and

Summary Single Sign-On (SSO) is an authentication pattern that lets a user sign in once with a trusted identity provider and then access multiple applications

Summary An SSL VPN is a remote-access VPN that wraps user traffic inside a TLS connection to a central concentrator. It became the dominant pattern for

Summary A VPN (Virtual Private Network) builds an encrypted tunnel between two endpoints over an untrusted network so that remote systems behave as if they were

Summary WireGuard is a modern open-source VPN protocol designed for simplicity, performance, and strong cryptography. It is built into the Linux kernel since

Summary Zero Trust is a security model that grants access based on continuously verified identity, device posture, and policy. It explicitly drops the idea that

Summary Ansible Vault is the built-in encryption mechanism for Ansible that allows teams to store sensitive values—passwords, API keys, certificates—alongside

Summary HashiCorp Boundary is an open-source access management tool that enables secure, identity-based remote access to hosts and services without requiring

Summary CINC Auditor is an open-source, license-free rebuild of Chef InSpec that enables infrastructure compliance testing and auditing using the same profile

Summary CVE (Common Vulnerabilities and Exposures) is a publicly maintained dictionary of known security vulnerabilities and exposures, each assigned a unique

Summary DORA (Digital Operational Resilience Act) is an EU regulation that entered into force in January 2025, requiring financial institutions and their

Summary A firewall enforces access control between network segments by inspecting packets and applying rules that permit or deny traffic based on source,

Summary GDPR (General Data Protection Regulation) is the EU regulation that sets out rights for individuals over their personal data and obligations for

Summary HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law that sets national standards for protecting sensitive patient health

Summary ISO 27001 is the leading international standard for information security management systems (ISMS), providing a systematic approach to managing

Summary Keycloak is an open-source Identity and Access Management (IAM) solution developed by Red Hat that provides single sign-on, identity brokering, and user

Summary Mondoo is a security posture management platform that enables organizations to continuously assess and enforce security policies across cloud

Summary The NIS2 Directive (Network and Information Security Directive 2) is an EU regulation that mandates minimum cybersecurity standards across critical and

If you've used Claude Code for more than a day, you know the drill. Every Bash command, every file write outside the working directory, every network call --

n8n 2.0 landed on December 8, 2024, and it's the kind of release nobody gets excited about but everyone eventually appreciates. No flashy features, no shiny UI

A lot has happened in the eight months since we covered Mondoo's March 2025 release. If you're already using the platform, you've probably noticed some big

The Problem: Hardcoded Credentials Every developer has faced this temptation: you need to test something quickly, so you hardcode an API key or database

Securing Communication in Kubernetes with Istio Service Mesh and Vault Agent Injector In modern cloud-native Kubernetes environments, security is paramount. One

Securing Communication in Kubernetes with Consul Connect and Vault Agent Injector In modern cloud-native Kubernetes environments, security is paramount. One of

In a cloud-native Kubernetes environment, secrets management is a critical aspect of security. HashiCorp Vault is a popular tool for managing secrets and

In modern infrastructure automation, teams often combine Terraform with configuration management tools like Ansible or Chef to get end-to-end control of their

In today’s fast-paced digital world security isn’t optional, it’s a foundation. Whether you're running microservices in Kubernetes, managing cloud resources, or

Mondoo bills itself as a comprehensive exposure management platform – think a single pane for all your security needs, on-prem and in the cloud. In practice,

In the ever-evolving landscape of IT automation, AWX serves as a powerful web-based user interface for Ansible, streamlining complex and repetitive tasks within

In the evolving landscape of cloud computing, the reliance on US-based cloud services has become a topic of significant debate. I've observed a growing

In the rapidly evolving world of software development, securing and managing the integrity of codebases is paramount, particularly for organizations subject to

Ensuring Access Control and Secrets Management with HashiCorp Boundary and Vault in HCP and AWS Ensuring access controls and secrets management is critical in

In today's fast-paced digital landscape, efficient case management is crucial for organizations to stay on top of security and compliance issues. Mondoo, a

In the previous posts of this blog series, we introduced the Mondoo platform, its Terraform provider resources, data sources, and imports, exploring how they

Introduction In today's fast-paced digital landscape, ensuring compliance with various frameworks is crucial for companies to maintain the security and

In the previous posts of this blog series, we introduced the Mondoo platform, its Terraform provider resources and data sources, exploring how they enhance

As organizations strive to safeguard their digital assets, innovative solutions like Mondoo have emerged to enhance security and compliance across various

Supply Chain Security with CIS SecureSuite Certification and Mondoo's Compliance on Autopilot In today's digital landscape, ensuring the security of your supply

In an era where information security management is more crucial than ever, organizations are seeking innovative solutions to safeguard their digital assets

In today's dynamic and complex cloud environments, organisations face significant challenges in managing costs while ensuring compliance and operational