Skip to main content

Mondoo 9.3 is out!

ยท 4 min read
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 9.3 is out! This release includes support for new Azure resources, updated macOS policies, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container

๐ŸŽ‰ NEW FEATURESโ€‹

New Azure resourcesโ€‹

๐Ÿงน IMPROVEMENTSโ€‹

Updated Packer provider for Mondoo cnspecโ€‹

Our HashiCorp Packer cnspec provisioner now uses cnspec 9.x, giving you access to the latest providers and resources directly in your OS image build pipelines.

Updated CIS macOS benchmark policiesโ€‹

Mondoo now ships with the latest macOS CIS benchmark policies, which include expanded remediation steps, improved descriptions, and more resilient queries:

  • Updated macOS 11 benchmark version to 3.1
  • Updated macOS 12 benchmark version to 2.1
  • Updated macOS 13 benchmark version to 1.1
  • New macOS 14 benchmark (preview) 1.0

Expanded compliance evidence gatheringโ€‹

We've revamped several of our bundled Mondoo policies with expanded descriptions, improved queries, and best of all, compliance mappings that help you automatically gather evidence no matter what the asset type:

  • TLS/SSL Security Baseline
  • Platform End-of-Life Policy
  • Platform Vulnerability Policy

cnquery run --info flagโ€‹

A new --info flag in cnquery allows you to see which resources and fields your MQL queries use.

For example, running this query against the sshd config:

cnquery run -c "sshd.config.params[Version] == mondoo.version" --info

Returns this list of resources and fields:

Resources and Fields used:
- sshd.config
  - params
- mondoo
  - version

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Fix failing ARN data queries on aws-ec2-volume assets.
  • Fix asset names from local scans not reporting to the platform.
  • Ensure some empty values in the http resource return null values instead of empty strings.
  • Improve help text in cnspec and cnquery.
  • Fix incorrect compliance check counts in controls.
  • Replace the deprecated CIS Supply Chain Management benchmark policy with the CIS GitHub Level 1 benchmark policy.
  • Add missing Atlassian provider help to cnspec and cnquery.
  • Fix failures querying SCIM data in the Atlassian provider.
  • Fix fetching a list of GitHub users in an organization.
  • Use the GitLab group ID instead of name when fetching data to prevent some failure cases.
  • Fix asset names not capturing properly for some Azure and GCP assets.
  • Report friendly errors when the Atlassian provider does not have the necessary permissions to query data.
  • Add asset.type field to EBS filesystem scans.
  • Prevent query errors when a nonexistent registry key is queried.
  • Ensure cnspec and cnquery use proxies for all traffic when specified.
  • Properly display the asset platform in the status command.
  • Fix failures retrieving secrets from vaults.
  • Fix failures scanning some Kubernetes manifest files.
  • Fix failures setting the AWS platform ID under some circumstances.
  • Group Raspbian assets as operating systems in the console.
  • Improve rendering of user avatars in the console.
  • Use consistent table layouts in the Mondoo Vulnerability Database and the space invitation pages to better match other tables in the console.
  • Save sorting and filtering options in the Mondoo Vulnerability Database when reloaded or bookmarked.
  • Fix failures applying asset annotations passed on the command line.
  • Improve errors from systemd when cnspec fails to start due to missing binaries or configuration files.
  • Don't include the vulnerabilities section on the CLI for unsupported platforms.
  • Update the policy generated by the cnspec bundle init command to be cnspec 9.x compatible.
  • Improve the query results in the Mondoo Kubernetes Cluster and Workload Security policy and remove unnecessary data queries.
  • Improve SOC 2 policy check mappings for CIS policies.
  • Add support for macOS systems in the Platform End of Life policy.