Mondoo
Docs
2026

Mondoo Release Highlights February 2026

·By Tim Smith

Back to releases

Introduction

February may be the shortest month on the calendar, but the Mondoo team packed it full of features to make securing your infrastructure easier than ever. From broader vulnerability detection and hundreds of new policy checks to resource-level cloud findings and our largest-ever MQL expansion, there's plenty to explore. Let's dive in!

Expanded Vulnerability Detection

Mondoo now detects vulnerabilities and tracks end-of-life status across a significantly broader set of platforms and software. This release adds vulnerability scanning for Garden Linux, Cumulus Linux, Microsoft .NET 10, Microsoft SQL Server 2025, and TeamViewer Host, along with RPM module support for AlmaLinux scans. Whether you're running network switches on Cumulus, hardened container hosts on Garden Linux, or the latest .NET runtime in production, Mondoo now surfaces the CVEs and EOL risks that matter to your environment without requiring additional configuration or tooling.

Expanded Policy Coverage

Effective security requires policies that cover every technology in your environment. Mondoo now ships comprehensive out-of-the-box policies for the latest technologies, with well-crafted descriptions, multi-technology remediations, and IaC file support.

Key Policy Updates

  • Azure 109 new checks 419% increase in check count
  • AWS 77 new checks 110% increase in check count
  • GCP 99 new checks 354% increase in total checks
  • GitHub: 9 new checks 39% increase in total checks
  • GitLab: 6 new checks 67% increase in total checks

All New Policies

  • Arista EOS Security (37 checks)
  • Cloudflare Security (13 checks)
  • FreeBSD Security (54 checks)
  • OCI Security (12 checks)
  • PAN-OS Security (10 checks)
  • Snowflake Security (12 checks)
  • Tailscale Security (7 checks)

Actionable Cloud Findings

Individual cloud resources are now scanned as first-class assets, giving you fine-grained visibility into the security posture of each service rather than rolling everything up to the account or project level. This means vulnerabilities, misconfigurations, and policy findings are scoped to the exact resource they affect, making it faster to assign ownership, create targeted tickets, and apply precise exceptions. When a finding lands on a specific OpenSearch domain or Secret Manager secret instead of an entire AWS account, your team can act on it immediately without triaging through noise.

New Platforms Added in February

AWS

  • AWS Secrets Manager Secret (aws-secretsmanager-secret)
  • AWS OpenSearch Domain (aws-opensearch-domain)
  • AWS SSM Instance (aws-ssm-instance)
  • AWS ECS Instance (aws-ecs-instance)

GCP

  • GCP Pub/Sub Topic (gcp-pubsub-topic)
  • GCP Pub/Sub Subscription (gcp-pubsub-subscription)
  • GCP Pub/Sub Snapshot (gcp-pubsub-snapshot)
  • GCP Cloud Run Service (gcp-cloudrun-service)
  • GCP Cloud Run Job (gcp-cloudrun-job)
  • GCP Cloud Function (gcp-cloudfunction)
  • GCP Dataproc Cluster (gcp-dataproc-cluster)
  • GCP Logging Bucket (gcp-logging-bucket)
  • GCP API Key (gcp-apikeys-key)
  • GCP Memorystore Redis (gcp-memorystore-redis)
  • GCP Memorystore Redis Cluster (gcp-memorystore-rediscluster)
  • GCP Secret Manager Secret (gcp-secretmanager-secret)
  • GCP IAM Service Account (gcp-iam-service-account)

Thanks @LittleSalkin1806 for these new GCP platforms!

Azure

  • Azure AKS Cluster (azure-aks-cluster)
  • Azure App Service App (azure-app-service-webapp)
  • Azure Batch Account (azure-batch-account)
  • Azure Cache for Redis Instance (azure-cache-redis-instance)
  • Azure Cosmos DB Account (azure-cosmosdb)
  • Azure MySQL Server (azure-mysql-server)
  • Azure MariaDB Server (azure-mariadb-server)

Expanded Querying Capabilities

You can't secure what you can't inspect. Every new MQL resource and field is a security question you can now answer, a misconfiguration you can catch, a compliance gap you can close, an attack surface you can measure. This month we shipped our largest ever expansion: 171 new resources and 578 new fields, bringing Mondoo's total queryable surface to its deepest coverage yet across cloud, infrastructure, and DevOps platforms.

  • GCP: Redis (expanded + clusters), Spanner, Bigtable, Firestore, AlloyDB, Secrets Manager, Cloud Armor (WAF/DDoS), SSL policies & certificates, Cloud NAT, Certificate Authority Service (private PKI), audit logging configuration, organization policies, and Pub/Sub IAM policies
  • AWS: OpenSearch, S3 bucket website configs / encryption rules / replication rules, app autoscaling policies, ECS task sets, KMS grants, VPN gateways, transit gateways, FSx volumes, ELB listeners / load balancer attributes, AWS Backup (plans, rules, lifecycle), Redshift snapshots, Neptune snapshots, Lambda layers / logging / code signing / aliases / event source mappings / URL configs / provisioned concurrency, ECR lifecycle policies, IAM instance profiles, and VPC expansion (internet gateways, security groups, network ACLs, route entries)
  • Azure: 130+ new fields across 30+ resources including VM security (secure boot, vTPM, encryption at host), AKS security (Defender, workload identity, AAD profiles, auto-upgrade), private endpoints, route tables, SQL server advanced threat protection & backup retention policies, Key Vault access policies & network ACLs, App Service plans / certificates / hostname bindings, Redis firewall rules / patch schedules / private endpoints, and Cosmos DB / PostgreSQL / MySQL security settings
  • Cloudflare: Zone owner, plan, security settings (SSL, TLS, WAF, HTTPS), and custom / managed certificate resources
  • GitLab: Pipelines, runners, users, issues, merge requests, releases, milestones, CI/CD variables, labels, and group subgroups with pagination support
  • GitHub: Milestones, environments, deployments with statuses, self-hosted runners, and organization audit log (Enterprise)
  • Arista: VLANs, routes, and switchports
  • OCI (Oracle Cloud): ~41 new fields across compute, networking, identity, and storage resources including tags, shapes, availability domains, and typed resource references
  • OS: limits, sudoers, launchd, auditd field comparisons, plus Cumulus Linux / GardenLinux / Wind River Linux / OpenBSD package detection

Improved Compliance out of the Box

Mondoo's SaaS, Network, and Cloud security policies now include built-in compliance mappings to major industry frameworks like CIS, SOC 2, NIST, and ISO 27001. Instead of maintaining separate security and compliance configurations, every policy check automatically maps to the relevant framework controls, so your team can adopt Mondoo's continuously updated policies and immediately see how each finding impacts your compliance posture with no manual cross-referencing or duplicate effort.

New and Updated CIS Benchmarks

Secure your systems with the latest CIS benchmarks, including new benchmarks to expand your security reach and updates to keep your existing configurations current.

  • New CIS AKS Optimized Azure Linux 3 Benchmark v1.0.0
  • New CIS AWS Compute Services Benchmark v1.1.0
  • New CIS FreeBSD 14 Benchmark v1.0.1
  • New CIS Red Hat OpenShift Container Platform Benchmark v1.9.0
  • Update CIS Microsoft 365 Foundations Benchmark v6.0.0 -> v6.0.1
  • Update CIS Microsoft Windows 10 Enterprise Benchmark to v3.0.0 -> v4.0.0
  • Update CIS Microsoft Windows 11 Enterprise Benchmark v4.0.0 -> v5.0.0
  • Update CIS Oracle Cloud Infrastructure Foundations Benchmark v1.2.0 -> v3.1.0
  • Update CIS SUSE Linux Enterprise 12 Benchmark to v3.1.0 -> v3.2.1

Expose Preview Check Status

Policy authors can mark individual checks as "preview" to signal that a check is still being validated before it affects scores. Mondoo now surfaces this preview status directly in the console: the space findings page shows a Preview indicator in the status column, and individual finding pages display the preview badge as well. This makes it easy to distinguish production-ready checks from those still under evaluation, so your team can review new checks in context without confusing them with fully enforced findings.

Findings page status column

Release Highlights

Previous Page

January Highlights

Next Page

On this page

IntroductionExpanded Vulnerability DetectionExpanded Policy CoverageKey Policy UpdatesAll New PoliciesActionable Cloud FindingsNew Platforms Added in FebruaryExpanded Querying CapabilitiesImproved Compliance out of the BoxNew and Updated CIS BenchmarksExpose Preview Check Status