Skip to main content

Mondoo 11.15 is out!

ยท 3 min read
Tim Smith
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 11.15 is out! This release includes GitLab security benchmarks, improved Kubernetes scanning, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


๐ŸŽ‰ NEW FEATURESโ€‹

CIS benchmarks for GitLab securityโ€‹

Secure your critical supply chain infrastructure with our new CIS GitLab benchmark policies. These policies include 27 checks for users, groups, and projects in level 1 and level 2 policies. Each policy is compatible with both self-hosted and SaaS GitLab instances.

๐Ÿงน IMPROVEMENTSโ€‹

Focus Kubernetes scanning on top-level resourcesโ€‹

Focus on the workloads that matter to your business with the latest release of the Mondoo Kubernetes Operator. Mondoo now scans top-level workloads only so that:

  • Results better reflect the actual state of security in your cluster.

  • All results in Mondoo can be traced back to actual Kubernetes manifest code that you can update.

For example, if you define a CronJob in a Kubernetes manifest, we scan only the CronJob workload asset instead of also scanning the Job and Pod assets during each execution of the CronJob. In this case, hundreds of child assets no longer scan. Space statistics don't reflect ephemeral child assets that are no longer present in the cluster.

In addition to a more focused set of assets in the Mondoo Console, you now also experience faster scans and lower scan memory usage. We saw a 3x improvement in our test clusters!

Linux Mint 22 CVE and EOL detectionโ€‹

Secure the latest release of Linux Mint with new support for CVE scanning and EOL detection in Linux Mint 22.

Data export improvementsโ€‹

Mondoo data exports now include more data than ever so you can feed your critical security findings into external SIEM or data warehousing systems. Exports now include vulnerability data as well as detailed asset scoring information.

Resource updatesโ€‹

aws.eks.clusterโ€‹

  • New supportType field
  • New authenticationMode field

aws.rds.dbclusterโ€‹

  • New engineLifecycleSupport field

aws.rds.dbinstanceโ€‹

  • New engineLifecycleSupport field

github.fileโ€‹

  • New downloadUrl field

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Fix incorrect policy scoring when banded scoring is selected.
  • Fix passing the --token failure with the Shodan provider.
  • Fix the display of organizations with zero spaces on the organization's dashboard.
  • Don't apply CIS Windows desktop benchmark policies to Windows Server assets.
  • Fix Ensure password hashing algorithm is SHA-512 check in the CIS Distribution Independent Linux benchmark policy.
  • Improve the application of CIS Linux policies on container assets.
  • Fix failures scanning Atlassian Confluence assets.
  • Fix an error fetching createdAt in the aws.ec2.keypair resource.
  • Fix a failure fetching approvalSettings in the gitlab.project resource.
  • Fix broken links in Jira issues created with cases.
  • Update Debian 11 and Ubuntu 24.04 EOL dates to match the latest vendor published dates.
  • Ensure that the AWS EC2 instance name is always set as the asset name (if the asset name is present).
  • Fix reports retrieval for Google Workspace.
  • Fix fetching project approval settings in GitLab.
  • Add debug level logging for retries in the GitHub provider.
  • Rework CIS Google Workspace policy queries to improve output.
  • Add descriptions to the CIS Google Workspace policies.
  • Fix a failure running data exports.
  • Fix a misdetection of platforms on some large container images.
  • Improve scan times for single GitHub repository scans.