Skip to main content

Mondoo 10.7 is out!

ยท 3 min read
Mondoo Core Team

Get this release: Installation Docs | Package Downloads | Docker Container


Show numeric asset scores in the CLIโ€‹

Understand your precise scores in the cnspec CLI with new numeric score values in addition to A-F scores.

Numeric scores

Add specific vendor advisory sourcesโ€‹

Jump right to the source with new direct links to vendor advisories on software advisory pages.

Advisory links

Improved AWS integration troubleshootingโ€‹

Failures happen, so let's get to the root cause faster with new troubleshooting options for AWS integrations. The ... menu in the AWS integrations pages now includes new options that:

  • Force an update of the Lambda code powering the integration
  • Send diagnostics logs directly to Mondoo

Diagnostics information

Kubernetes scanning performance improvementsโ€‹

We introduced a new mechanism to reduce the number of calls made during asset discovery. This is especially helpful when scanning larger Kubernetes clusters. It lets cnquery and cnspec incrementally scan every asset one by one without having to scan all of them initially. This performance improvement not only drastically cuts the execution time, it also eliminates the need for reading container images twice from the system, cutting down on I/O load.

This improvement is automatically enabled for new workloads. We currently support it for container images and plan to extend it to other workloads with costly discovery steps in the future.


  • Fix failures to detect vulnerable versions of system-wide Visual Studio Code installations on Windows.
  • Fix incorrect pluralization on the assets page.
  • Fix incorrect source links for Debian, Chrome, and Firefox vulnerabilities and advisories.
  • Fix detection of some newer VMware advisories.
  • Fix macOS systems displaying a low vulnerability score but no CVEs or advisories.
  • Add missing available package data when scanning for vulnerabilities on the command line.
  • Fix failures scanning systems with the command line --incognito flag.
  • Add missing first-found data to the asset software tab.
  • Respect the --output flag when running cnspec vuln.
  • Improve the disk/memory usage of container image scans on large Kubernetes clusters.
  • Fix duplicate AWS instance scans.
  • Add support for VMware vSphere/ESXi 8.0U2b vulnerability scanning.
  • Don't show the service accounts button when a Kubernetes integration is still pending.
  • Show "unknown" instead of "0.0" when a CVSS score has not been published.
  • Don't show an empty CVSS score section on vulnerability pages if they have not been published.
  • Improve the display of vendor icons in the asset software tab.
  • Add tooltips to check status icons in Compliance Hub.
  • Fix failures scanning GCP if resources can't be discovered.
  • Improve the display of installed memory on Windows assets.
  • Add macOS model detection for new M3 MacBook Air laptops.
  • Improve check reliability in the AWS Operation Best Practices policies.