Mondoo 10.7 is out!
๐ฅณ Mondoo 10.7 is out! This release includes vendor advisory links, improved CLI scanning, and more!โ
Get this release: Installation Docs | Package Downloads | Docker Container
๐งน IMPROVEMENTSโ
Show numeric asset scores in the CLIโ
Understand your precise scores in the cnspec CLI with new numeric score values in addition to A-F scores.
Add specific vendor advisory sourcesโ
Jump right to the source with new direct links to vendor advisories on software advisory pages.
Improved AWS integration troubleshootingโ
Failures happen, so let's get to the root cause faster with new troubleshooting options for AWS integrations. The ... menu in the AWS integrations pages now includes new options that:
- Force an update of the Lambda code powering the integration
- Send diagnostics logs directly to Mondoo
Kubernetes scanning performance improvementsโ
We introduced a new mechanism to reduce the number of calls made during asset discovery. This is especially helpful when scanning larger Kubernetes clusters. It lets cnquery and cnspec incrementally scan every asset one by one without having to scan all of them initially. This performance improvement not only drastically cuts the execution time, it also eliminates the need for reading container images twice from the system, cutting down on I/O load.
This improvement is automatically enabled for new workloads. We currently support it for container images and plan to extend it to other workloads with costly discovery steps in the future.
๐ BUG FIXES AND UPDATESโ
- Fix failures to detect vulnerable versions of system-wide Visual Studio Code installations on Windows.
- Fix incorrect pluralization on the assets page.
- Fix incorrect source links for Debian, Chrome, and Firefox vulnerabilities and advisories.
- Fix detection of some newer VMware advisories.
- Fix macOS systems displaying a low vulnerability score but no CVEs or advisories.
- Add missing available package data when scanning for vulnerabilities on the command line.
- Fix failures scanning systems with the command line
--incognito
flag. - Add missing first-found data to the asset software tab.
- Respect the
--output
flag when runningcnspec vuln
. - Improve the disk/memory usage of container image scans on large Kubernetes clusters.
- Fix duplicate AWS instance scans.
- Add support for VMware vSphere/ESXi 8.0U2b vulnerability scanning.
- Don't show the service accounts button when a Kubernetes integration is still pending.
- Show "unknown" instead of "0.0" when a CVSS score has not been published.
- Don't show an empty CVSS score section on vulnerability pages if they have not been published.
- Improve the display of vendor icons in the asset software tab.
- Add tooltips to check status icons in Compliance Hub.
- Fix failures scanning GCP if resources can't be discovered.
- Improve the display of installed memory on Windows assets.
- Add macOS model detection for new M3 MacBook Air laptops.
- Improve check reliability in the AWS Operation Best Practices policies.