Submit Your Nominations for the 2023 MongoDB Innovation Awards

MongoDB
March 20, 2023 | Updated: March 18, 2025

Nominations are now open for the 2023 MongoDB Innovation Awards.

These awards aim to celebrate and recognize organizations that dream big and are pioneering new ways to use data, expanding the limits of technology, and enhancing their businesses with MongoDB. We invite you to nominate an organization that is building something dynamic, interesting, or innovative with MongoDB.


Past recipients include 7-Eleven, American Airlines, Barclays, Bosch, Comcast, Epic Games, IBM, LinkedIn, Pioneera, and Sogei. Read more about last year’s winners here.

This year, we’re excited to offer a robust prize package. Our 2023 winners will receive*:

  • An Innovation Award trophy

  • 10 passes (per organization) to a MongoDB.local event of your choosing

  • Inclusion in the MongoDB Innovation Awards announcement materials and social media

  • Digital badge to display all year long

  • A customer feature story on MongoDB.com

  • MongoDB Atlas credits

  • A tailored MongoDB Day, designed to enable your technical team members to deliver solutions better and faster

Submissions will be accepted through April 21, 2023 and winners will be notified by the MongoDB team by the end of May 2023. Read more about each of the award categories below.

Award categories

Optimizing for Impact

This will be awarded to an organization that realized tremendous business benefits by leveraging MongoDB, with an impact on its bottom line (time savings, cost savings, and/or reduction in operational complexity).

Industry Transformation

This will be awarded to a change-maker who moved their business to the next level and disrupted their industry by identifying new technologies, applying new skills, or increasing operational efficiency.

Inspiring Innovation

This will be awarded to an organization that is using MongoDB to make a better world possible. They are creatively expanding the limits of technology to solve societal, community, medical, or educational challenges.

Building the Next Big Thing

This will be awarded to a small- or medium- sized business that has been building its core offering/service on MongoDB Atlas from the beginning. They are leveraging MongoDB's modern database to build and scale some of the world's most innovative projects in data.

*View terms and conditions

We look forward to receiving your nominations!

← Previous

Visualizing Your MongoDB Atlas Data with Atlas Charts

MongoDB Atlas is the leading multi-cloud modern database. We see some of the world’s largest companies in manufacturing , healthcare , telecommunications , and financial services all build their businesses with Atlas at their foundation. Every company comes to MongoDB with a need to safely store operational data. But all companies also have a need to analyze data to gain insights into their business and data visualization is core to establishing that real-time business visibility. Data visualization enables the insights required to take action, whether that’s on key sales data, production and operations data, or product usage to improve your applications. The best way to do this as an Atlas user is by using Atlas Charts – MongoDB’s first-class data visualization tool, built natively into MongoDB Atlas. Why choose Charts First, Charts is natively built for the document model. If you’re familiar with MongoDB, you should be familiar with documents. The document model is a data model made for the way developers think. And with Charts, you can take your data from documents and collections in Atlas, and visualize them with no ETL, data movement or duplication. This speeds up your ability to discover insights. Second, Charts supports all cluster configurations you can create in Atlas, including dedicated clusters, serverless instances, data stored in Online Archive, as well as federated data in Atlas Data Federation. Typically when you learn about a company’s integrated products and services, you find some “gotchas” or limitations that make any benefits come at a significant cost. In the case of a MongoDB Atlas customer, that could come in the form of someone finding out that a cluster configuration option isn’t supported by Charts. But that will never be the case. If you create and manage your application data in Atlas, you can visualize it in Charts. That’s it. Third, Charts is a robust data visualization tool with a variety of chart types, extensive customization options, and interactivity. Compared to other options in the business intelligence market, you get the same key benefits, without all the complexity. You can learn how to use Charts in a few hours and you can easily teach your team. It’s the simplest data visualization solution for most teams. Fourth, the value of Charts can extend beyond individual use cases, with sharing and embedding . This lets you both flexibly share charts and dashboards with your team, as well as embed them into contexts that matter most to your data consumers, such as in a blog post or inside your company’s wiki. Finally, Charts is free for Atlas users up to 1GB per project per month, which covers moderate usage for most teams. There are no seat-based licensing fees associated with Charts, so no matter how many team members you have, Charts will remain a low-cost, if not zero cost solution for your data visualization needs. Beyond the included free usage, it’s just $1/GB transferred per month. You can check out more pricing details here . How to use Charts The best way to learn how to use Charts is to simply give it a try. It’s free to use and we have a variety of sample dashboards you can use to get started. But let’s walk through some basics to help illustrate the kinds of visualizations that Charts can enable. Charts makes visualizing your data easy by automatically making your Atlas deployments (any cluster configuration) available for visualization. If you’re a project owner, you can manage permissions to data sources in Charts. We could write an entire blog post on data sources, but if you’re just getting started, just know that your data is made easily available in Charts unless your project owner intentionally hides it. Create a dashboard Everything in Charts starts with a dashboard and creating a dashboard is easy. Simply select the Add Dashboard button at the top right of the Charts page in Atlas . From there, you’ll fill in some basic information like a title and optional description, and you’re on your way. Here’s what one of our new sample dashboards looks like. They are a great place to start: Build a chart Once you have a dashboard created, you can add your first chart. The chart builder gives you a simple and powerful drag and drop interface to help you quickly construct charts. The first step is selecting your data source: Once you have a data source selected, simply add desired fields into your chart and start customizing. The example below uses our IoT sample dashboard dataset to create a bar chart displaying the total distance traveled by different users. From there you can add filters and further customize your chart by adding custom colors, data labels, and more. The chart builder even allows you to write, save, and share queries and aggregation pipelines as shown below. You can learn more in our documentation. Play around with the chart builder to get familiar with all of its functionality. Share and embed A chart can be useful in itself to individual users, but we see users get the most benefit out of Charts when sharing visualizations with others. Once you have created a dashboard with one or more charts, we offer a variety of options letting you share your dashboards with your team, your organization, or via a public link if your data is not sensitive. If you would rather embed a chart or dashboard where your team is already consuming information, check out Charts embedding functionality. Charts lets you embed a chart or dashboard via iframe or SDK, depending on your use case. Check out our embedding documentation to learn more. That was just a brief overview of how to build your first charts and dashboards in Atlas Charts, but there’s a lot more functionality to explore. For a full walkthrough, watch our product demo here: Atlas Charts is the only native data visualization tool built for the document model and it’s the quickest and easiest way to get started visualizing data from Atlas. We hope this introduction helps you get started using Charts to gain greater visibility into your application data, helping you to make better decisions on your data. Get started with Atlas Charts today by logging into or signing up for MongoDB Atlas , deploying or selecting a cluster, and navigating to the Charts tab to activate for free.

March 16, 2023
Next →

Introducing Kingfisher: Real-Time Secret Detection and Validation

Foreword from Kingfisher’s developer As a Staff Security Engineer at MongoDB, I spend a lot of time thinking about how to further harden the environments that our customers rely on to protect their data. Central to that is detecting and managing exposed secrets before they turn into security risks. My role involves using an array of tools, from static code analyzers 1 to secrets managers. 2 However, I have never been fully satisfied with the tools at my disposal. Frustrated by the performance issues, limited flexibility, and high false positive rates of existing open source secret scanners, I started building my own tool in July 2024. Ten months later, that project became Kingfisher , an open-source secret scanner that goes beyond detection. It also verifies the validity of the secrets it detects. What began as a pet project has grown into a core component of MongoDB’s internal security workflows. Kingfisher now helps MongoDB’s engineering teams rapidly scan and verify secrets across Git repositories, directories, and more. Kingfisher, along with moving to short-term credentials, is our answer to the growing challenges of stolen credentials and credential-stuffing attacks. I am happy to announce that we are now releasing Kingfisher to the broader community so all developers and security teams can benefit from it. And by releasing Kingfisher as open source, we’re continuing a tradition that goes back to MongoDB’s roots—empowering developers through open, accessible tools. What is Kingfisher? Kingfisher is a high-performance, open-source secret scanning tool that combs through code repositories, Git commit histories, and file systems. Kingfisher performs this to rapidly uncover hard-coded credentials, API keys, and other sensitive data. It can be used seamlessly across GitHub and GitLab repositories, both remote and local, as well as files and directories on disk, helping security teams quickly catch exposed secrets wherever they live. However, Kingfisher goes a step beyond traditional secret scanners. Most tools simply flag anything that may look like a secret, which means engineers need to sift through false positives. Kingfisher is different. It actively validates the secrets it detects by testing them against external systems, such as the relevant cloud services or API endpoints. This dynamic approach helps identify which secrets are truly active and, thus, high-risk. Figure 1. An example of an active AWS secret access key detected and validated by Kingfisher. Figure 2. An example of an inactive Slack app token discovered and validated by Kingfisher. Figure 3. An example scan summary produced by Kingfisher showing one active secret and four inactive secrets detected. Kingfisher is designed for on-premises use, running entirely within the user’s own infrastructure. As a result, discovered secrets never leave the environment or pass through a third-party service. This ensures that developers and security teams retain full control over sensitive data without inheriting a third party’s security posture or introducing yet another external store of credentials. Kingfisher is also cloud-agnostic: It verifies credentials from AWS, Azure, Google Cloud, and any other platform in use. Unlike cloud provider-specific tools that overlook cross-cloud risks, Kingfisher supports security teams’ unified visibility and control, no matter where secrets live. Built with both performance and security in mind, Kingfisher combines extremely fast pattern matching, source code parsing, entropy analysis, and real-time validation. This all reduces noise to surface only what actually matters. It is designed for practical, real-world use, whether scanning a single repo or integrating it into a larger CI/CD pipeline. Why MongoDB built Kingfisher The threat landscape is constantly evolving, and credential-related attacks are on the rise. Stolen credentials are frequently sold on underground markets. Attackers use automated tools to launch credential-stuffing attacks that can lead to unauthorized access and serious data breaches. Traditional secret-scanning tools have not kept up. Such tools often flood teams with false positives, are slow to run, and do not confirm whether a detected secret remains active or dangerous. This means developers and security teams waste time and effort chasing down dead ends while missing actual threats. Kingfisher was built to solve this challenge. It is fast, lightweight, and designed to detect exposed secrets. It then validates them in real time by checking whether the secret remains active. By cutting through the noise and focusing on active risks, Kingfisher enables teams to respond faster and protect systems effectively. Kingfisher also helps security teams progress toward higher Supply-chain Levels for Software Artifacts (SLSA) compliance. It does this by supporting secure configuration management through proactive detection and verification of exposed secrets across codebases and repositories. At the foundational level, it supports SLSA’s core requirement of preventing secrets from being embedded in source code. This is one of the most common and critical vulnerabilities in the software supply chain. For organizations targeting SLSA Levels 2 and above, Kingfisher also helps strengthen source code integrity by reducing the risk of malicious or accidental secret exposure, which could compromise the trustworthiness of builds. Secure configuration management is a critical part of achieving higher SLSA levels. Kingfisher helps teams adopt these best practices by helping keep secrets out of source code and managing them securely throughout the development lifecycle. Figure 4. Runtime chart comparing Kingfisher with two other popular open-source secrets scanning tools. The runtime chart above presents the results of internal testing conducted by MongoDB engineers. It compares Kingfisher against two other popular open-source secret scanning tools: TruffleHog and GitLeaks . In this comparison, lower runtime values indicate superior performance. This underscores Kingfisher’s balance of speed and robust, real-time secret validation. How Kingfisher works Kingfisher is built in Rust, which was chosen for its speed, safety, and concurrency capabilities. Initially inspired by and built on top of a forked version of the Apache 2 licensed " Nosey Parker " code, Kingfisher re-engineers and extends its foundation with modern, high-performance technologies. Kingfisher’s features include: table, th, td { border: 1px solid black; border-collapse: collapse; } th, td { padding: 5px; } Feature Description Rust-powered performance Writing Kingfisher in Rust maximizes performance while providing memory safety. This makes it ideal for scanning large codebases without sacrificing reliability. High-speed regex matching with Hyperscan Kingfisher uses Hyperscan to handle complex and high-volume pattern matching. This engine delivers high-speed regular expression matching that enables real-time scanning on the largest code repositories. Multi-language source parsing with Tree-sitter Kingfisher employs Tree-sitter to parse source code accurately across 20+ programming languages. This enables Kingfisher to understand language-specific syntax, reducing false positives and improving detection accuracy. Efficient scanning engine In addition to its advanced parsing and regex capabilities, Kingfisher uses multi-threaded scanning to traverse files, commit histories, and binary blobs. Custom-built rules combine pattern matching with Shannon entropy checks 3 , flagging only high-confidence secret exposures. Dynamic validation Once a potential secret is detected, Kingfisher validates it by performing external checks. This includes testing database connectivity and calling cloud service APIs to confirm whether the secret is active and poses an immediate risk. Extensible rulesets Kingfisher supports a rich set of rules defined in YAML files. These rules describe the patterns and metadata to look for. This includes confidence levels, examples, and dependency rules to provide nuanced secret detection and validation. Integration ready Kingfisher is designed to be easily integrated into automated CI/CD pipelines and be used in conjunction with GitHub’s secret scanning program. This enhances its role as part of a comprehensive security strategy. How MongoDB uses Kingfisher internally At MongoDB, Kingfisher plays a critical role in safeguarding code repositories and internal systems. As part of the company's comprehensive security strategy, Kingfisher is used across various stages of MongoDB’s development and deployment pipeline. This helps secure MongoDB’s codebase and complements our move away from long-lived secrets. Below are four key ways Kingfisher is used at MongoDB: Pre-commit scanning: MongoDB developers run Kingfisher locally to catch accidentally hard-coded secrets before they commit code. CI/CD integration: Kingfisher is integrated into MongoDB’s continuous integration and deployment (CI/CD) pipelines. Thus, it automatically ensures that every build is scanned for potential secret exposure. Historical code analysis: Kingfisher scans Git commit histories to identify and remediate legacy exposures in MongoDB’s code repositories. Cloud and database validation: Kingfisher automatically tests whether a detected credential is still valid using its dynamic validation capabilities. This allows MongoDB engineers to take immediate action if a secret has been compromised. Get started with Kingfisher The development—and now release—of Kingfisher represents a major leap forward in MongoDB’s approach to securing code and infrastructure. More than a tool, it embodies our ongoing commitment to contribute open-source solutions that empower organizations to protect their critical assets against evolving cyber threats. Kingfisher builds on a solid foundation and introduces significant improvements. This includes: Real-time secret validation Enhanced accuracy with source code parsing with Tree-sitter, Over 700 rules for detecting and validating a broader range of secrets, Cross-platform support for macOS, Linux, and Windows To learn more about Kingfisher and start using it in your own workflows, visit our GitHub repository for detailed documentation and join the community discussions. 1 Tools that examine source code without executing it to identify potential errors, vulnerabilities, or code quality issues. 2 Tools used to securely store, manage, and access sensitive information like API keys, credentials, and tokens. 3 A method of measuring randomness in a string, often used to identify high-entropy values like passwords or API keys that may indicate a secret.

June 16, 2025