Mondoo 9.13 is out!

🥳 Mondoo 9.13 is out! This release includes check exceptions and scope definition in Compliance Hub, an updated vendor advisories view, and more!

Get this release: Installation Docs | Package Downloads | Docker Container

---

🎉 NEW FEATURES

Scoping in Compliance Hub

New scoping in Compliance Hub gives you fine-grained management of which controls you report to your auditor. Is your auditor not requesting a particular control even though it's part of the compliance framework? Select the control in Compliance Hub and mark it out of scope. With scoping, you decide what to include in your audit without setting exceptions (which would appear in audit report PDFs).

Check exceptions in Compliance Hub

Need more time to remediate findings for your audit? Now you can set exceptions on individual checks. Explanations let you communicate work to be done or identify compensating controls.

🧹 IMPROVEMENTS

Improved vendor security advisory view

Redesigned vendor security advisory pages make it easier to understand the impact of an advisory and what actions you need to take next.

Resource updates

We've added new resources and fields to give you access to even more data.

aws.ecs.cluster

• Default fields now display name, region, status, runningTasksCount, and pendingTasksCount
• New region field

aws.rds.dbcluster

• New securityGroups field

ms365.sharepointonline

• New spoSites field

ms365.sharepointonline.site

• New resource with url and denyAddAndCustomizePages fields

🐛 BUG FIXES AND UPDATES

• Fix failures running cnspec vuln on Windows and Pop!_OS hosts.
• Include the platform IDs and EC2 instance ARNs in SBOM exports.
• Add back ECR and ECS discovery using the --discovery flag that was removed in 9.0.
• Replace incorrect error message when failing to query Amazon GuardDuty.
• Do not show disabled compliance controls in cnspec scans.
• Don't clip the bottom pixels of the Mondoo logo in the console.
• Update the macOS client installation setup instructions in the integrations page to install without Homebrew.
• In exceptions lists, show the most recent exceptions first in each day's view.
• Avoid failures running the Asset Count Query Pack on Microsoft 365 assets.
• Fix remediation steps in the Linux Security policy's "Ensure SSH Idle Timeout Interval is configured" check. Thanks for this fix, @tomtrix!
• Add properties to CIS/Mondoo Windows policies to allow tuning the maximum idle time of the Remote Desktop Services sessions.
• Fix policy filtering on the asset checks page.
• Improve console load times on low bandwidth connections by 70%.
• Don't show the filter search bar on the asset checks page if there are no checks.
• Prevent failures on Azure and Microsoft 365 assets in the SOC 2 Compliance Checks policy.
• Improve the display of summary data on CVE pages.
• Add tooltips to risk factors on CVE pages to make it easier to understand scoring.
• Fix failures registering cnspec/cnquery 8.x clients.
• Fix failures generating compliance PDF reports.
• Improve performance loading CVE/advisory pages, individual asset pages, and the security dashboard.
• Add an Alias directive to the system unit file definition for cnspec.
• Update VMware Photon 4 EOL date.
• Simplify Linux client installation on integration pages by using the install.sh script.
• Fix errors setting an exception in compliance frameworks that are still in preview.
• Improve check titles in the AWS Security and DNS Security policies.
• Improve rendering of codeblocks in the Kubernetes Cluster and Workload Security policy.