Mondoo 11.1 is out!

April 23, 2024 · 3 min read

Tim Smith

Mondoo Core Team

🥳 Mondoo 11.1 is out! This release includes Dockerfile scanning, ENV var credentials in inventory files, and more!

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES

Dockerfile scanning

Expose security concerns before they reach production with new Mondoo Dockerfile scanning. Run cnquery shell docker file DIRECTORY_OR_PATH to inspect a single Dockerfile or find nested Dockerfiles within directories. Using the new docker.file resource, you can explore the file itself or dive into Dockerfile stages and instructions.

cnquery shell docker file Dockerfile
→ loaded configuration from /Users/tsmith/.config/mondoo/mondoo.yml using source default
→ connected to Dockerfile
  ___ _ __   __ _ _   _  ___ _ __ _   _
 / __| '_ \ / _` | | | |/ _ \ '__| | | |
| (__| | | | (_| | |_| |  __/ |  | |_| |
 \___|_| |_|\__, |\__,_|\___|_|   \__, |
  mondoo™      |_|                |___/  interactive shell

cnquery> docker.file.stages{*}
docker.file.stages: [
  0: {
    entrypoint: null
    add: []
    run: [
      0: docker.file.run script="mkdir -p /opt/app"
      1: docker.file.run script="npm install"
    ]
    file: docker.file file.path="Dockerfile" instructions.length=8 stages.length=1
    copy: [
      0: docker.file.copy src=[
        0: "src/package.json"
        1: "src/package-lock.json"
      ] dst="."
    ]
    from: docker.file.from name="" image="node" tag="18.16.0-alpine3.17"
    env: {}
    cmd: docker.file.run script="npm
start"
  }
]

Stay tuned for upcoming Dockerfile policies and Dockerfile security monitoring in the Mondoo Console!

Google Container-Optimized OS 113

Mondoo now includes security scanning and EOL detection support for Google's latest COS 113 release.

🧹 IMPROVEMENTS

Resource updates

aws.ec2.instances

Improve the performance of instance scanning

aws.ec2.networkacl

Add associations field

aws.inspector

New resource for Amazon Inspector

aws.s3.bucket

Fix failures fetching ACL grants

gcp.project.bigqueryService

Fix failures querying BigQuery resources

Store credentials in ENV vars with inventory files

Supercharge Mondoo scans in your CI pipelines using ENV var credentials in Mondoo inventory files.

Specify an ENV var within your inventory file:

spec:
  assets:
    - connections:
        - type: slack
          credentials:
            - type: env
              env: CUSTOM_SLACK_TOKEN

Set that ENV var in your CI job and run cnspec as usual:

export CUSTOM_SLACK_TOKEN="token"
cnquery scan --inventory-file inventory.yml

Updated Mondoo AWS policy

We rewrote the Mondoo AWS Security policy from the ground up with new and expanded queries that match the latest AWS capabilities and risks.

Improved vulnerability EPSS graphs

Improved EPSS graphs expose the risk percentile and are redesigned for easy reading.

EPSS Graph

🐛 BUG FIXES AND UPDATES

Return the full package version when analyzing RPMs.
When performing volume/snapshot scanning of XFS volumes, scan all non-boot volumes if multiple XFS volumes exist.
Always close the RPM database after checking packages.
Fix a race condition in provider shutdown.
Renamed Workstation to Development Workstation on the integrations page.

🥳 Mondoo 11.1 is out! This release includes Dockerfile scanning, ENV var credentials in inventory files, and more!​

🎉 NEW FEATURES​

Dockerfile scanning​

Google Container-Optimized OS 113​

🧹 IMPROVEMENTS​

Resource updates​

aws.ec2.instances​

aws.ec2.networkacl​

aws.inspector​

aws.s3.bucket​

gcp.project.bigqueryService​

Store credentials in ENV vars with inventory files​

Updated Mondoo AWS policy​

Improved vulnerability EPSS graphs​

🐛 BUG FIXES AND UPDATES​