Skip to main content

Mondoo 11.1 is out!

Β· 3 min read
Tim Smith
Mondoo Core Team

πŸ₯³ Mondoo 11.1 is out! This release includes Dockerfile scanning, ENV var credentials in inventory files, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

πŸŽ‰ NEW FEATURES​

Dockerfile scanning​

Expose security concerns before they reach production with new Mondoo Dockerfile scanning. Run cnquery shell docker file DIRECTORY_OR_PATH to inspect a single Dockerfile or find nested Dockerfiles within directories. Using the new docker.file resource, you can explore the file itself or dive into Dockerfile stages and instructions.

cnquery shell docker file Dockerfile
β†’ loaded configuration from /Users/tsmith/.config/mondoo/mondoo.yml using source default
β†’ connected to Dockerfile
  ___ _ __   __ _ _   _  ___ _ __ _   _
 / __| '_ \ / _` | | | |/ _ \ '__| | | |
| (__| | | | (_| | |_| |  __/ |  | |_| |
 \___|_| |_|\__, |\__,_|\___|_|   \__, |
  mondooβ„’      |_|                |___/  interactive shell

cnquery> docker.file.stages{*}
docker.file.stages: [
  0: {
    entrypoint: null
    add: []
    run: [
      0: docker.file.run script="mkdir -p /opt/app"
      1: docker.file.run script="npm install"
    ]
    file: docker.file file.path="Dockerfile" instructions.length=8 stages.length=1
    copy: [
      0: docker.file.copy src=[
        0: "src/package.json"
        1: "src/package-lock.json"
      ] dst="."
    ]
    from: docker.file.from name="" image="node" tag="18.16.0-alpine3.17"
    env: {}
    cmd: docker.file.run script="npm
start"
  }
]

Stay tuned for upcoming Dockerfile policies and Dockerfile security monitoring in the Mondoo Console!

Google Container-Optimized OS 113​

Mondoo now includes security scanning and EOL detection support for Google's latest COS 113 release.

🧹 IMPROVEMENTS​

Resource updates​

aws.ec2.instances​

  • Improve the performance of instance scanning

aws.ec2.networkacl​

  • Add associations field

aws.inspector​

aws.s3.bucket​

  • Fix failures fetching ACL grants

gcp.project.bigqueryService​

  • Fix failures querying BigQuery resources

Store credentials in ENV vars with inventory files​

Supercharge Mondoo scans in your CI pipelines using ENV var credentials in Mondoo inventory files.

Specify an ENV var within your inventory file:

spec:
  assets:
    - connections:
        - type: slack
          credentials:
            - type: env
              env: CUSTOM_SLACK_TOKEN

Set that ENV var in your CI job and run cnspec as usual:

export CUSTOM_SLACK_TOKEN="token"
cnquery scan --inventory-file inventory.yml

Updated Mondoo AWS policy​

We rewrote the Mondoo AWS Security policy from the ground up with new and expanded queries that match the latest AWS capabilities and risks.

Improved vulnerability EPSS graphs​

Improved EPSS graphs expose the risk percentile and are redesigned for easy reading.

EPSS Graph

πŸ› BUG FIXES AND UPDATES​

  • Return the full package version when analyzing RPMs.
  • When performing volume/snapshot scanning of XFS volumes, scan all non-boot volumes if multiple XFS volumes exist.
  • Always close the RPM database after checking packages.
  • Fix a race condition in provider shutdown.
  • Renamed Workstation to Development Workstation on the integrations page.