Skip to main content

Mondoo 9.3 is out!

· 4 min read
Tim Smith
Tim Smith
Mondoo Core Team

🥳 Mondoo 9.3 is out! This release includes support for new Azure resources, updated macOS policies, and more!

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES

New Azure resources

🧹 IMPROVEMENTS

Updated Packer provider for Mondoo cnspec

Our HashiCorp Packer cnspec provisioner now uses cnspec 9.x, giving you access to the latest providers and resources directly in your OS image build pipelines.

Updated CIS macOS benchmark policies

Mondoo now ships with the latest macOS CIS benchmark policies, which include expanded remediation steps, improved descriptions, and more resilient queries:

  • Updated macOS 11 benchmark version to 3.1
  • Updated macOS 12 benchmark version to 2.1
  • Updated macOS 13 benchmark version to 1.1
  • New macOS 14 benchmark (preview) 1.0

Expanded compliance evidence gathering

We've revamped several of our bundled Mondoo policies with expanded descriptions, improved queries, and best of all, compliance mappings that help you automatically gather evidence no matter what the asset type:

  • TLS/SSL Security Baseline
  • Platform End-of-Life Policy
  • Platform Vulnerability Policy

cnquery run --info flag

A new --info flag in cnquery allows you to see which resources and fields your MQL queries use.

For example, running this query against the sshd config:

cnquery run -c "sshd.config.params[Version] == mondoo.version" --info

Returns this list of resources and fields:

Resources and Fields used:
- sshd.config
  - params
- mondoo
  - version

🐛 BUG FIXES AND UPDATES

  • Fix failing ARN data queries on aws-ec2-volume assets.
  • Fix asset names from local scans not reporting to the platform.
  • Ensure some empty values in the http resource return null values instead of empty strings.
  • Improve help text in cnspec and cnquery.
  • Fix incorrect compliance check counts in controls.
  • Replace the deprecated CIS Supply Chain Management benchmark policy with the CIS GitHub Level 1 benchmark policy.
  • Add missing Atlassian provider help to cnspec and cnquery.
  • Fix failures querying SCIM data in the Atlassian provider.
  • Fix fetching a list of GitHub users in an organization.
  • Use the GitLab group ID instead of name when fetching data to prevent some failure cases.
  • Fix asset names not capturing properly for some Azure and GCP assets.
  • Report friendly errors when the Atlassian provider does not have the necessary permissions to query data.
  • Add asset.type field to EBS filesystem scans.
  • Prevent query errors when a nonexistent registry key is queried.
  • Ensure cnspec and cnquery use proxies for all traffic when specified.
  • Properly display the asset platform in the status command.
  • Fix failures retrieving secrets from vaults.
  • Fix failures scanning some Kubernetes manifest files.
  • Fix failures setting the AWS platform ID under some circumstances.
  • Group Raspbian assets as operating systems in the console.
  • Improve rendering of user avatars in the console.
  • Use consistent table layouts in the Mondoo Vulnerability Database and the space invitation pages to better match other tables in the console.
  • Save sorting and filtering options in the Mondoo Vulnerability Database when reloaded or bookmarked.
  • Fix failures applying asset annotations passed on the command line.
  • Improve errors from systemd when cnspec fails to start due to missing binaries or configuration files.
  • Don't include the vulnerabilities section on the CLI for unsupported platforms.
  • Update the policy generated by the cnspec bundle init command to be cnspec 9.x compatible.
  • Improve the query results in the Mondoo Kubernetes Cluster and Workload Security policy and remove unnecessary data queries.
  • Improve SOC 2 policy check mappings for CIS policies.
  • Add support for macOS systems in the Platform End of Life policy.