Mondoo 6.5 is out!
๐ฅณ Mondoo 6.5 is out! This release is all about quality-of-life improvements and bug fixes.
Get this release: Installation Docs | Package Downloads | Docker Container
๐งน IMPROVEMENTSโ
Kubernetes Scanning Enhancementsโ
The Kubernetes admission controller scanning in the CI/CD tab could be quite busy, and it was often difficult to find new deployment scans in this UI. We revamped how scanning occurs in the Mondoo Kubernetes Operator 0.5.0, with scans now only occurring on Kubernetes resources. This means you'll no longer see scans for each new pod generated during auto scaling, cron jobs, or otherwise. This makes it much easier to see the security status of new workloads entering the cluster.
We also improved the performance of Docker image scans. This should greatly improve the experience of users running the container image discovery in Kubernetes scans, which we introduced in Mondoo 6.2. If you haven't tried image scanning in your Kubernetes scans, be sure to try mondoo scan k8s --discover all
and keep an eye out for more cluster asset discovery features in future releases.
Improved Integration Statusโ
Life isn't binary, and neither are our integration status fields now. We updated how Mondoo integrations report their status to include a new Pending
status. This better describes the status of integrations that haven't failed but instead just haven't reported to Mondoo Platform yet.
Many small improvementsโ
- The CVE view on the individual asset now shows the total number of packages scanned
- The Continuous Integration view now shows a timestamp for each branch scanned
- The installation and usage instructions for HashiCorp Packer & HashiCorp Terraform in the Integrations page is much more useful
๐ BUG FIXES AND UPDATESโ
- Improved the readability of buttons on the SAML setup page
- Fixed the "Load More" button not working when viewing CVEs tied to an individual asset
- Scanning Microsoft Azure with Mondoo Client no longer requires a URL
- Container scans now properly set platform architecture
- SSHD config file scanning in
Linux Security Baseline by Mondoo
now properly parses all recognized time string formats - Improved the
Ensure filesystem integrity is regularly checked
query in theLinux Security Baseline by Mondoo
policy to also support running Aide as a systemd timer - Improved the
Pod should not run with default service account
query in theKubernetes Application Benchmark by Mondoo
policy to not fail when a manifest doesn't specify the service account