Mondoo March 2024 Release Highlights

At Mondoo we wrapped up our winter efforts with a productive month of March. We added SCIM 2.0 support, new features that help you prioritize and speed through your security fixes, and improvements to policies and resources.

Okta and Microsoft Entra ID SCIM 2.0 support save you work

Separately maintaining user accounts in dozens of systems can be a major time suck. With Okta and Microsoft Entra ID SCIM 2.0 support in Mondoo private instances, you can reclaim that time. 

Sync your users and groups automatically so the right users always have the proper access. You can now automatically:

  • Provision access for new team members when they start
  • Manage employees' administrative access to Mondoo spaces and organizations
  • Meet compliance requirements for removing access for terminated team members
  • Deploy with the Mondoo Terraform provider

To learn more about enabling SCIM 2.0 support, talk with a Mondoo team member.

Prioritizing and fixing CVEs and advisories just got easier

Automate CVE remediation

Mondoo does more than just reveal the critical software vulnerabilities that threaten your infrastructure. We also provide Ansible and Bash remediation scripts for you to automate patching your systems.

Prioritize remote exploit prevention

Remote code execution opportunities are like Trojan horses in your organization, waiting for exploits. With the new remote execution risk attribute for CVEs and advisories, you can now prioritize and patch these highest risks to your business before attackers find them. 

Mondoo lets you sort by and search for CVEs and vendor advisories that are known to be susceptible to remote code execution over the network.

Monitor your infrastructure for security misconfigurations and maps those checks automatically to top compliance frameworks.

Easily access advisory resources

When you need to learn more about an advisory, Mondoo has you covered. With direct links to the vendor's advisory information, advisory education and remediation are only a click away.

Access the data you need with resource improvements


We added a new annotations field.


We improved handling of integer values in AWS. Fields representing maximum/minimum values, such as aws.cloudfront.distribution.origin.connectionTimeout, now return 0 when no value has been set. When a field represents a port value, such as aws.rds.dbInstance.port, Mondoo now represents unset values as -1.


We added support for advanced selectors in the eventSelectors field.


We added a new deliveryChannels field.


This new resource has fields representing an individual AWS Config delivery channel configured within an account.


We added a new assumeRolePolicyDocument field.


We fixed parsing data in the attachedRoles field.


We added three new fields:

  • hostedZoneId
  • latestRestorableTime
  • masterUsername


We added two new fields:

  • latestRestorableTime
  • masterUsername


We added a new source field.


  • We added a new originVersion field on Debian Linux-based assets.
  • We now include version data in the origin field for source packages on Debian Linux-based assets.

Wolfi container package detection

Expose package information in Chainguard's Wolfi "un-distribution" with support for Wolfi's APK packages:

cnquery shell container image
→ connected to Wolfi
 ___ _ __   __ _ _   _  ___ _ __ _   _
/ __| '_ \ / _` | | | |/ _ \ '__| | | |
| (__| | | | (_| | |_| |  __/ |  | |_| |
\___|_| |_|\__, |\__,_|\___|_|   \__, |
 mondoo™      |_|                |___/  interactive shell

cnquery> packages
packages.list: [
 0: package name="ca-certificates-bundle" version="1708982311:20240226-r0"
 1: package name="caddy" version="1710420294:2.7.6-r4"
 2: package name="wolfi-baselayout" version="1701735113:20230201-r7"

Filter AWS scans by region

Filter cnspec command line scans by AWS region with new filter options:

  • cnspec scan aws --filters all:region=us-east-2
  • cnspec scan aws --filters region=us-east-2
  • cnspec scan aws --filters ec2:region=us-east-2

Thanks for this great contribution @montera82!

Secure your infrastructure with improved policies

Expanded CIS GCP Foundations policy

You no longer need multiple tools and security policies to catch security problems before they reach production. New Terraform variants in the CIS GCP Foundations benchmark policy provide a single check for both running GCP assets and the Terraform code that generates those assets. To learn more about securing Terraform code using Mondoo, read the Mondoo docs.

Endpoint detection and response policy

Our new Endpoint Detection and Response (EDR) policy lets you ensure that critical employee endpoints have EDR software installed and running. This policy checks to see if SentinelOne, ESET, or CrowdStrike is installed on macOS, Linux, and Windows systems.

Updated policy check impact scores

Prioritize the most important checks first with newly adjusted check priorities for CIS Linux distribution policies. These improved scores ensure that only the most important checks are listed as failures, so you can more easily prioritize critical work.

Improved AWS policies

We've refactored the CIS AWS Foundations benchmark policy and all our AWS Best Practices policies. Changes include improved queries and result output as well as new descriptions and remediation data. 

Filter policies on assets (enhanced prioritization)

Asset policy pages now include filtering by policy types and scores so you can see exactly what policies are applied and where failures are occurring.

Query stronger with MQL enhancements

Data type conversion MQL helpers

New MQL helpers allow you to quickly convert data to the right format for your custom checks and data queries.

> int(1.23)

> bool(1)

> float(12)

> string(1.89)

> regex("w.r.d") == "world 🌎"

Plus we keep getting faster!

We introduced a new mechanism to reduce the number of calls made during asset discovery. This is especially helpful when scanning larger Kubernetes clusters. It lets cnquery and cnspec incrementally scan every asset one by one without having to scan all of them initially. This performance improvement not only drastically cuts the execution time, it also eliminates the need for reading container images twice from the system, cutting down on I/O load.

This improvement is automatically enabled for new workloads. We currently support it for container images and plan to extend it to other workloads with costly discovery steps in the future.

We work hard to make security and compliance easier

As we leap into springtime, we Mondoonauts are hard at work building new features that facilitate smart, efficient, and effective security decisions. Check back soon to learn what we're up to.

Letha Dunn

Letha has been writing about technology for more than thirty years. During the past decade, she’s focused on educating engineers about identity and access management, security, CI/CD, and project velocity. Letha lives in the Pacific Northwest, where she rescues and rehabilitates abused and neglected horses and dogs.

Tim Smith

Tim Smith is a Product Manager at Mondoo. He’s been working in web operations and software development roles since 2007, port scanning class As since 1994, and downloaded his first Linux distro on a 14.4 modem. He most recently held positions at Limelight Networks, Cozy Co, and Chef Software.

You might also like

Mondoo April 2024 Release Highlights
Exploring the Latest Security Features in Ubuntu 24.04
Mondoo Firewatch