Mondoo 11.14 is out!

July 23, 2024 · 3 min read

Tim Smith

Mondoo Core Team

🥳 Mondoo 11.14 is out! This release includes improved EOL OS warnings, new resources, and more!

Get this release: Installation Docs | Package Downloads | Docker Container

🧹 IMPROVEMENTS

End of life status is now a risk factor

Better understand when assets are approaching end of life with a new, configurable end-of-life risk factor. This risk factor replaces the existing end-of-life policy and instead uses a configurable warning period and risk factors to expose high-risk EOL assets.

Set your desired warning period or turn off warnings entirely space wide:

Tuning EOL warnings

Filter on EOL assets within affected asset pages:

EOL assets

New Shodan and VMware inventory packs

Gather detailed information on more aspects of your infrastructure with new VMware and Shodan asset inventory packs. The VMware asset inventory pack gathers information on vCenter servers as well as individual ESXi hosts, so you can better understand the state of your clusters. The Shodan asset inventory pack gathers information on hosts assets using the Shodan service.

Control cnspec output using an ENV variable

Control the command line output of cnspec using a new MONDOO_OUTPUT environmental variable that can be set in shell config files or in CI/CD jobs.

export MONDOO_OUTPUT=nodata,nocontrols
cnspec scan local

Resource updates

gitlab.project

New approvalSettings field using the new gitlab.project.approvalRule resource
New mergeMethod field
New projectFiles field using the new gitlab.project.file resource
New projectMembers field using the new gitlab.project.member resource
New protectedBranches field using the new gitlab.project.protectedBranch resource
New webhooks field using the new gitlab.project.webhook resource

macos

New systemExtensions field using the new macos.systemExtension resource

package

New vendor field

🐛 BUG FIXES AND UPDATES

Improve application of cloud-specific CIS Kubernetes policies.
Fix empty packages data on RPM-based systems.
Improve rendering of the software version distribution chart.
Improve descriptions of workload scanning options in the Kubernetes integration setup page.
Improve generation of CPE data in the package resource.
Scan all supported asset types available in the --discover flag when using the Mondoo Hosted AWS integration.
Improve retry behavior in the GitHub provider.
Add BOMRef data to CycloneDX SBOMs.
Fix integration credentials not updating if they are changed.
Fix an RPC error during scanning with certain query packs enabled.
Fix a potential error if checks and data queries use the same UID.
Improve the CIS EKS policy's Ensure clusters are created with Private Nodes check.
Improve the reliability of multiple queries in CIS Linux policies.
Simplify the output of CIS Linux sysctl IP setting checks.
Add missing check titles in the Mondoo Endpoint Detection and Response (EDR) policy.
Improve the reliability of the Mondoo Linux Security policy's Ensure discretionary access control permission modification events are collected check. Thanks @ceso!
Improve rendering of data queries that do not return a result.
Improve rendering of descriptions and auditing steps in CIS policies.
Improve reliability of iptables checks in Linux CIS policies.
Fix missing assets in the affected assets lists.

🥳 Mondoo 11.14 is out! This release includes improved EOL OS warnings, new resources, and more!​

🧹 IMPROVEMENTS​

End of life status is now a risk factor​

New Shodan and VMware inventory packs​

Control cnspec output using an ENV variable​

Resource updates​

gitlab.project​

macos​

package​

🐛 BUG FIXES AND UPDATES​