Skip to main content

Mondoo 9.2 is out!

ยท 4 min read
Mondoo Core Team

๐Ÿฅณ Mondoo 9.2 is out! This release includes support for securing Atlassian services, a new HTTP resource, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


Secure Atlassian servicesโ€‹

Our new Atlassian cnquery/cnspec provider allows you to query the configuration of Atlassian's suite of products, including Jira and Confluence.

Use the Atlassian provider with cnquery shell to connect to your Atlassian URL using a user or admin token:

cnquery shell atlassian --host --admin-token FOO

Some example data you can query using this provider and resources:

atlassian.admin.organizations: [
0: atlassian.admin.organization id="4j1ack42-6c9d-1552-k55a-c2j536j31066"

cnquery> atlassian.jira.users
atlassian.jira.users: [
0: atlassian.jira.user id="5dd64082af96bc0efbe55103"
1: atlassian.jira.user id="630db2cd9796033b256bc349"
2: atlassian.jira.user id="5cb4ae0e4b97ab11a18e00c7"
3: atlassian.jira.user id="557058:f58131cb-b67d-43c7-b30d-6b58d40bd077"
4: atlassian.jira.user id="712020:1bdc8553-00fa-4e1c-8d14-317bbafece92"
5: atlassian.jira.user id="6183312e3e3753006f8c7baf"
6: atlassian.jira.user id="626b14efc72f140069fc636c"
7: atlassian.jira.user id="5b70c8b80fd0ac05d389f5e9"
8: atlassian.jira.user id="5e6a646f5df5fb0cfee33989"
9: atlassian.jira.user id="557058:cbc04d7b-be84-46eb-90e4-e567aa5332c6"
10: atlassian.jira.user id="712020:45d1ce6f-7b4b-4190-8d93-1d709d7203f9"
11: atlassian.jira.user id="5d53f3cbc6b9320d9ea5bdc2"
12: atlassian.jira.user id="557058:950f9f5b-3d6d-4e1d-954a-21367ae9ac75"
13: atlassian.jira.user id="5cf112d31552030f1e3a5905"
14: atlassian.jira.user id="712020:f4b1ca94-1967-48c6-9c22-b04a9e999fae"
15: atlassian.jira.user id="6035864ce2020c0070b5285b"
16: atlassian.jira.user id="60e5a86a471e61006a4c51fd"
17: atlassian.jira.user id="5d9b2860cd50b80dcea8a5b7"
18: atlassian.jira.user id="5d9afe0010f4800c341a2bba"
19: atlassian.jira.user id="626b1500b31e6f006863c12d"
cnquery> "Lunalectric Integration User"

Learn more about the capabilities of this new provider and its resources in the Atlassian resource pack documentation.

Stay tuned for an Atlassian policy bundle that lets you continuously secure your business' Atlassian usage.

New http resourceโ€‹

Use our new http resource to continuously secure and assure compliance for HTTP endpoints used by your business.

http.get('') { statusCode version header{ xFrameOptions xContentTypeOptions referrerPolicy sts csp['base-uri'] } }


http.get: {
header: {
csp[base-uri]: "'self'"
xContentTypeOptions: "nosniff"
referrerPolicy: "same-origin"
xFrameOptions: "SAMEORIGIN"
sts: http.header.sts maxAge=365 days includeSubDomains=true preload=false
version: "2.0"
statusCode: 200

Learn more about these new fields at our http.get and http.header documentation.


Expanded Azure resourcesโ€‹

Azure networking resources continue to receive updates to expose critical information for security and compliance within your Azure infrastructure:


  • New publicIpAddress property: The public IP address associated with this IP configuration


  • New publicIpAddresses property: List of public IP addresses the NAT gateway is associated with


  • New dhcpOptions property: Virtual network DHCP options
  • New enableDdosProtection property: Indicates if DDoS protection is enabled for all the protected resources in the virtual network.
  • New enableVmProtection property: Indicates if VM protection is enabled for all the subnets in the virtual network

AWS console links let you jump directly from Mondoo scan results to the scanned assets in the AWS console. Use these handy shortcuts to make updates quickly based on Mondoo findings. We've expanded this support with direct console links from Mondoo DynamoDB, KMS, CloudTrail, and EBS volumes assets.


  • Add form value validation to the Organization Settings -> Authentication page.
  • Improve rendering of the form in the Organization Settings -> Authentication page.
  • Improve the performance of AWS account scans.
  • Fix failures scanning AWS DynamoDB tables.
  • Fix failures fetching metadata and connection settings in the Azure Web App Service.
  • Fix a failure that could occur when querying terraform.files.
  • Don't use Microsoft's UPX binary compression for cnquery and cnspec, as some antivirus software incorrectly flags this as malware.
  • Improve handling of null values in resources.
  • Use asset.fqdn as the asset name for the network and arista providers.
  • Use proxy servers to fetch provider updates when available.
  • Fix the copy to table button on CVE pages failing to copy.
  • Fix a failure creating Jira integrations.
  • Improve compliance framework mappings to show additional data.
  • Fix incorrect titles on some Microsoft KBs.
  • Adjust the EOL dates for Amazon Linux 2018 and Debian 9/12.
  • Don't show checks in policies that are not enabled in Compliance Hub control pages.
  • Rework queries in CIS Windows 10/11/2016/2019/2022 policies to improve reliability