Mondoo 10.5 is out!
ยท 2 min read
๐ฅณ Mondoo 10.5 is out! This release includes improvements to the software CVE experience, performance, and more!โ
Get this release: Installation Docs | Package Downloads | Docker Container
๐งน IMPROVEMENTSโ
Improved software vulnerability experienceโ
Find critically outdated software faster with the improved asset software tab. New quick filter buttons let you select between OS packages and applications. Badges help you narrow down risk with EPSS/CVSS3 scores.
Resource improvementsโ
aws.config.recorderโ
- New
resourceTypes
field
aws.vpc.flowlogโ
- New
destinationType
field - New
deliverLogsStatus
field
Control scanning during registrationโ
Control the configuration of the cnspec service during client registration with new timer
and splay
flags in the cnspec login
command.
Configure the cnspec service to scan every 30 minutes with a 5 minute splay:
cnspec login --token MY_TOKEN --timer 30 --splay 5
Performanceโ
The same great scans, just MUCH, MUCH faster. This week we shuffled around the bits to make GitHub organization scans 5x faster and Azure subscription scans 3x faster.
๐ BUG FIXES AND UPDATESโ
- Detect tags on AWS instances scanned with SSM.
- Ensure that AWS instances scanned with SSM are grouped under AWS in inventory.
- Resolve a potential failure scanning GitLab.
- Improve failure output in the CIS AWS Foundations benchmark policy.
- Improve CIS Distribution Linux benchmark policy when running on Photon OS.
- Prevent EC2 instance scans from creating double instances in some situations.
- Fix links to PostgreSQL integration documentation in the integration setup flow.
- Display correct query pack names for asset data queries.
- Improve rendering of policies on the asset page with wide displays.
- Fix usage of the
--discover
flag in the GitHub provider. - Fix failures selecting an asset in
cnquery shell
if there is only a single asset. - Don't fail checking IP addresses if both IPv4 and IPv6 are disabled.
- Fix a failure scanning VMware vSphere assets.
- Improve reliability of OOM reporting in the Kubernetes integration pages.
- Improve field handling in the organization creation modal when using keyboard navigation.
- Fix policy filtering on assets to show all checks for a policy.
- Improve reliability of fetching CVE data for assets.
- Add vendor icons to the advisories view.