Mondoo 10.11 is out!

Announcing the 10.11 release of Mondoo, the security and compliance platform that prioritizes risks that matter most in your infrastructure.

🥳 Mondoo 10.11 is out! This release includes Azure Container Registry scanning, expanded OS query packs, and more!

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES

Azure Container Registry scanning

Mondoo now supports scanning Azure Container Registries (ACR) that require authentication using credentials stored after running the az login command.

To login and scan a complete registry run:

az login
cnspec scan container registry my_registry.azurecr.io

🧹 IMPROVEMENTS

Collect logged-in users in query packs

Windows, Linux, and macOS query packs now collect the currently logged-in users so you can understand active users on endpoints or remote connections to servers.

🐛 BUG FIXES AND UPDATES

Fix a failure running the users.all(sshkeys == empty) query.
Don't panic when the scan play is set to 0.
Ignore deactivated users in the Slack policy's multi-factor authentication (MFA) check. Thanks for this fix, @jaybrueder!
Improve the AWS IAM user "MFA enabled" check to only check users with a set password.
Fix the discovery of GCP organizations and folders.
Improve the scan gcp help output.
Improve failure output when a CLI command can't be parsed in the GCP provider.
Fix 403 errors when scanning GCP.
Fix failures scanning container registries.
Don't print the asset MRN when running cnspec scans.
Improve snapshot filesystem type detection.
Fix failures scanning Google BigQuery assets.
Improve retries during AWS scanning when requests timeout.
Fix failures scanning Amazon ECR container registries.