Skip to main content

ยท 2 min read

๐Ÿฅณ Mondoo 5.39 is out. Lots of significant features in this release! We're all about continuous integration/continuous delivery and Kubernetes. Also, check out Mondoo on the Github Actions marketplace!


Get this release: Installation Docs | Client Download | Installation Service | Docker Container | Kubernetes Operator


๐ŸŽ‰ FEATURES

New CI/CD integrations

To help you better visualize scans of CI/CD pipelines, we've added new specialized views to the Mondoo Console. Of course, Mondoo already lets you scan infrastructure artifacts during the build process, such as Kubernetes Manifests, Terraform code, and Docker images. But now, you can use Mondoo to compare different builds and branches and see how they compare to one another.

Check out the official documentation and get started today!

CI-CD Examples

Mondoo is in the Github Marketplace

To go with our new Github CI/CD views, Mondoo is now available as an action in the Github Marketplace. Use Mondoo with Github Actions to scan Kubernetes Manifests, Terraform configuration files, and Docker images. See examples and full setup instructions on our page in the Github Marketplace.

Github Marketplace - Mondoo Scan Github Marketplace

Kubernetes integrations

With the Mondoo Kubernetes Operator, you can now continuously validate your deployed workloads and assess the configuration and security of the nodes running your kubelets. Couple this with the Mondoo Admission Controller and Mondoo's support for scanning Kubernetes Manifests in the CI/CD pipeline. Mondoo provides a complete, end-to-end solution for securing Kubernetes from commit to production.

Kubernetes in Mondoo

๐Ÿงน IMPROVEMENTS

New asset page

We've given the individual asset view a beautiful new makeover. Graphs and scorecards help you understand how your assets stack up against policy at a glance, and the integrated filters make it easy to find the most relevant policies.

New Asset View

Kubernetes policy improvements

We've added new controls and queries to the Kubernetes policies.

๐Ÿ› BUGFIXES

  • Fix to offline EBS volume scanning for AWS - Resolves an issue where the Mondoo Client would sometimes mount the wrong filesystem during offline EBS volume scans.

ยท 2 min read

๐Ÿฅณ Mondoo 5.38.1 is out. This release includes policy updates and lays the foundation for big things to come

Get this release: Installation Docs | Client Download | Installation Service | Docker Container | Kubernetes Operator


๐ŸŽ‰ FEATURES

Ubuntu 20.04 CIS Benchmark Certification

The Mondoo Ubuntu 20.04 Level 1 and Level 2 CIS Benchmarks are now officially CIS certified. See the Mondoo cissecurity.org page for a complete list of our CIS certified benchmarks and stay tuned for more certified benchmarks in the coming weeks.

๐Ÿงน IMPROVEMENTS

Kubernetes Operator Updates

Our Mondoo Kubernetes Operator has seen yet another round of important improvements as we work towards the general availability of the operator next week. Kubernetes cluster node scanning now occurs using a Kubernetes CronJob instead of running the agent at all times on each node, saving CPU and memory resources. We've also added some behind the scenes capabilities required for registering the operator using a shortlived registration token instead of a full Mondoo service account. This keeps secrets out of the user's shell history when configuring the operator in the cluster. Our upcoming integrations setup workflow in the Mondoo console will use this new capability to securely deploy the operator to your clusters.

๐Ÿ› BUGFIXES

  • Fix incorrect remediation steps for multiple queries in the Linux Security Baseline by Mondoo policy:
    • Ensure the audit configuration is immutable
    • Ensure permissions on /etc/passwd- are configured
    • Ensure permissions on /etc/group- are configured
  • Fix errors in Linux Security Baseline by Mondoo policy when /etc/passwd- or /etc/gshadow- doesn't exist.
  • Fix errors in Kubernetes Application Benchmark by Mondoo's query Pod should not run with default service account.

ยท 3 min read

๐Ÿฅณ Mondoo 5.37.0 is out. This release's big features: Windows Windows Windows! Updated CIS benchmarks, expanded vulnerability scanning, and much more.


Get this release: Installation Docs | Client Download | Installation Service | Docker Container | Kubernetes Operator


๐ŸŽ‰ FEATURES

Expanded Windows Platform Support

New and Updated CIS Benchmarks

New CIS Windows 11 and Windows 2022 benchmarks version 1.0 are available in the Mondoo Policy Hub. We've also updated our existing CIS benchmarks for Windows to the latest CIS releases:

  • Windows 2016 updated to 1.3.0
  • Windows 2019 updated to 1.3.0
  • Windows 10 updated to 1.12.0

Windows 10 and 11 Security Advisories

The Mondoo Platform Vulnerability Policy now includes security advisory and CVE reporting for Windows 10 and 11. We've also made improvements to ensure that systems with many security advisories correctly report the complete set.

Unpatched Windows 10 Scan

Windows 10 and 11 Platform EOL Dates

The Mondoo Platform End-of-Life Policy includes EOL data for Windows 10 and 11.

Non-EOL Windows 10 Scan

Kubernetes Deployment Scans

The Mondoo Kubernetes operator's admission controller now includes full scanning of each Kubernetes deployment and pod. With the admission controller enabled, these scans will show up in the fleet view. See the mondoo-operator repo for more details. Stay tuned for a guided operator setup and improved UI experience coming soon.

๐Ÿงน IMPROVEMENTS

New ssh-host-key id-detector

You can now identify the system you're scanning through the ssh-host-key with the --id-detector CLI flag.

mondoo scan --id-detector ssh-host-key

New Ubuntu Security Advisory Data

The Mondoo Platform Vulnerability Policy now includes security advisory data for Ubuntu 22.04 and the upcoming Ubuntu 22.10 release.

New UI Color Theme

The Mondoo CLI output has a new color theme to better match the output you see in the Mondoo console.

Improved Output in Kubernetes Application Benchmark

The output in the Kubernetes Application Benchmark by Mondoo now displays the pod name and namespace in the query output. With this information, you can trace vulnerable pods back to their manifests.

Pop!_OS Support

Mondoo now detects and scans the Pop!_OS Linux distribution by System76.

๐Ÿ› BUGFIXES

  • Fix loading of id-detector config option for mondoo scan
  • Fix handling of non-existing registry keys on Windows
  • Fix several detection errors in Mondoo Security Baseline policies:
    • Improve reliability of Auditd state to prevent errors checking state
    • Don't fail when /etc/group- doesn't exist on a system
    • Add a new query on Windows hosts to make sure users don't have the privilege to attach debuggers

ยท 2 min read

๐Ÿฅณ Mondoo 5.36.1 is out. This release's big features: EBS Volume based instance Scanning, Colorblind mode, and policy updates!

๐ŸŽ‰ FEATURES

Colorblind Mode

A new user setting allows you to change to a colorblind-friendly color palette throughout the UI.

User Settings

Colorblind Space

AWS EBS Volume based Instance Scanning

The Mondoo AWS Integration now includes the ability to scan instances using instance EBS volume data. This method does not require credentials or a client installation for scanning and can even scan stopped instances. Users can enable this feature and change how scanning occurs in this AWS integration configuration page.

EBS Settings

๐Ÿงน IMPROVEMENTS

Linux Security Baseline Updates

We've made a number of improvements to our out of the box security policy this week. Our Linux Security Baseline by Mondoo is now more reliable. Many queries have been improved to work better on different Linux distributions and to better handle running in containers. We've also improved the query output and remediation instructions to make it easier to resolve discovered issues.

Rocky Linux CIS Benchmarks

Mondoo now includes the Rocky Linux CIS Level 1 and 2 Server benchmarks. See the CIS Rocky Linux Benchmarks page for more information on these benchmarks.

Mondoo Kubernetes Operator Improvements

The Mondoo Kubernetes Operator 0.2.5 has been released with Kubernetes Workload scanning and the ability to scan Rancher provisioned controlplane and etcd nodes.

๐Ÿ› BUGFIXES

  • Fixed a crash when scanning with invalid credentials
  • Fixed a crash when retrieving anti-spyware security product details on Windows

ยท 2 min read

๐Ÿฅณ Mondoo 5.35.0 is out. This release's big features: Search assets by tags, new UI elements, and new Windows resources.

๐ŸŽ‰ FEATURES

Search assets by tag and annotation key/value

The search box in the fleet view now filters assets by tags and annotations. This simple feature adds a lot of power! For example, you can now search across multiple AWS accounts for assets with the same tag. But as cool as that is, we'll do you one better: You can also search across multiple cloud providers. Or GitHub accounts. Or... you get the idea.

New graphs on the web console

The Mondoo Web Console has two new sets of graphs to help you see the state of your assets at a glance! First, the new radial graphs now show the breakdown of your assets by score. Mouse hovers provide more detailed information from the dashboard.

New radial graphs

If you click into the fleet view, you'll see a new bar graph showing the same distribution of assets by letter grade.

New bar graphs

And of course, it all looks great!

Add annotations to assets via the config

To create specific annotations for all assets when scanning via the mondoo agent, set the following config string:

---
annotations:
mdm: newannotation

New Windows Resources

Mondoo now includes new resources for better examining the security of Windows systems out of the box:

๐Ÿงน IMPROVEMENTS

Additional CI System Data

Mondoo now gathers more CI environment labels on GitLab, GitHub Actions, and Travis-CI.

Mondoo Kubernetes Operator Improvements

The Mondoo Kubernetes operator now scans Kubernetes Deployments in addition to Pods. See the full Operator release notes on the GitHub project.

๐Ÿ› BUGFIXES

  • Fixed harbor integration scanning
  • Updated the CLI output colors on macOS systems to improve the readability of error messages
  • Fixed the display of Spaces on mobile devices

ยท 2 min read

๐Ÿฅณ Mondoo 5.34.1 is out. The big features this release: User defined asset tags and new Mondoo.com API endpoints

๐Ÿšš Mondoo Domain Change

Mondoo has moved to .com! As of April 12th weโ€™ve officially migrated our web console to https://console.mondoo.com and API to https://us.api.mondoo.com. The previous URLโ€™s will redirect to the new locations until they are EOLโ€™ed later this year. We encourage you to update your bookmarks and Mondoo client configurations. All new configurations generated by Mondoo will use the new API location.

Mondoo 5.34.1 includes a migrate sub-command that can automatically update your Mondoo configuration to the new API endpoint:

## Check which API Endpoint we're using:
$ cat .config/mondoo/mondoo.yml | yq .api_endpoint
https://api.mondoo.app

## Upgrade the config:
$ mondoo migrate
โ†’ Migrate Mondoo CLI configuration:
โ†’ loaded configuration from /home/benr/.config/mondoo/mondoo.yml
โ†’ saving mondoo config path=/home/benr/.config/mondoo/mondoo.yml
โ†’ migrated configuration successfully

## Check the new API endpoint:
$ cat .config/mondoo/mondoo.yml | yq .api_endpoint
https://us.api.mondoo.com # <-- Good!

๐ŸŽ‰ FEATURES

User Defined, Editable Tags for Assets

Organization is the name of the game, and we're ready to help you spring clean. No more wondering what belongs where. Create custom tags right from the UI to help better manage your growing list of Assets. Get started today by clicking the 'plus' button next to Annotations in your Asset Configuration tab - your future self will thank you.

console-annotations

๐Ÿงน IMPROVEMENTS:

Improved EOL OS Detection

Mondoo now includes improved end-of-life operating systems detection with new VMware Photon / Oracle Linux support and updated EOL information for Ubuntu, Scientific Linux, Fedora, and macOS.

Kubernetes Operator Improvements

Our preview Kubernetes Operator release 0.2.3 shipped with several improvements for added reliability in scanning:

  • Operator pods now include readiness probes.
  • Operator status information reports in the MondooAuditConfig CR
  • Users can now skip the resolution of the Mondoo client container image if necessary.
  • Operator resource limits have been lowered to limit cluster impact.

Updated Output in mondoo policy commands

The mondoo policy describe and mondoo policy list commands have been updated with a fresh new output format to improve readability. mondoo policy list now also includes policy version information, and a new --list-all flag lets you list all private, public, and enabled policies at once.

ยท One min read

๐Ÿฅณ Mondoo 5.33.0 is out. The Big features this release: New CIS certified policies!

๐ŸŽ‰ FEATURES

CIS Certified Red Hat Linux Policies

This week we welcome more new additions to Mondoo's suite of CIS-certified policies. Mondoo now offers CIS-certified policies for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.

The full list of CIS certified Mondoo Policies is always visible on the Center for Internet Security's website.

๐Ÿงน IMPROVEMENTS:

Better, stronger, faster

  • Several minor bug fixes and improvements for forthcoming features.

ยท 2 min read

Mondoo 5.32.0 is out. The Big features this release: A re-designed and improved Policy Hub, full support for AlmaLinux, and a new color scheme for the UI!

๐ŸŽ‰ FEATURES

Re-designed Policy Hub

We've re-designed the Policy Hub with many new features. The Policy Hub now helps you quickly understand much greater nuance about your policies. Policy scores let you see at a glance which policies have the broadest adherence or divergence in your organization. The assets count shows which policies have the widest impact across your fleet of assets. And un-used policies are now hidden by default.

policy_hub

Asset View

The individual policy view now has an asset tab. This tab displays the policy score for each asset to which the policy applies.

policy_hub

Hide un-used policies

The Policy Hub now only shows policies that have been enabled in the Space.

Previously, the Policy Hub would display all available policies, even if those policies had not been enabled for the Space. To show new policies, use the "Add Policy" button.

AlmaLinux Support

Mondoo now includes support for the latest Red Hat Linux derivative, AlmaLinux. This includes updates to the client install scripts, Chef Infra cookbook support, and new AlmaLinux OS 8 CIS Level 1 and 2 benchmarks.

New Colors

The Mondoo console has been refreshed with a new color scheme. As a result, text pops and graphs are much easier to differentiate.

๐Ÿงน IMPROVEMENTS

New and Improved Policies

We've been busy this week expanding and improving our out of the box policies with a number of new early access policies now available:

  • New Amazon Elastic Kubernetes Service (EKS) Level 1 / 2 CIS benchmarks
  • New early access Terraform Static Analysis Policy for AWS EKS policy
  • New early access GitLab Baseline by Mondoo
  • Updated SLES 12 and 15 CIS benchmarks to version 1.1.1
  • Expanded the queries in our RHEL 8 CIS benchmarks
  • Improved the Kubernetes Application Benchmark by Mondoo

Updated Client Install Script

Our Mondooo Client install.sh script now supports AlmaLinux, Rocky Linux, and macOS systems without Homebrew.

ยท 2 min read

๐Ÿฅณ mondoo 5.31.0 is out!

๐ŸŽ‰ FEATURES

New Getting Started Guide for AWS

We've launched a new getting started path for people who want to Try out Mondoo with AWS. Learn how to set up Mondoo in AWS CloudShell or your local laptop, and policy scan your AWS account in just a few minutes.

We've also revamped the Getting Started section of the Mondoo documentation site. We've released new tutorials for getting started not just with AWS, but also Azure, Google Cloud, Kubernetes, VMWare, Docker, and more.

CIS Amazon Linux 2 Policy Certification

This week, the "CIS Amazon Linux 2" policy becomes the eleventh addition to Mondoo's suite of CIS-certified policies. For more information about our growing collection of CIS-certified policies, see the Mondoo 5.29.1 Release Notes from earlier this month.

Expanded Platform Support with Chef

The Mondoo Chef Infra Cookbook 0.3.0 is out with expanded platform support for openSUSE, SLES, Fedora, Rocky Linux, and Scientific Linux distros. Use this cookbook to install Mondoo Client and register new nodes automatically with the Mondoo Platform.

๐Ÿงน IMPROVEMENTS

Terraform Improvements

  • ๐Ÿ› Bugfixes to the Terraform AWS policy.
  • โญ๏ธ Terraform support has been updated to better support breaking changes in Terraform providers.

Kubernetes Operator Improvements

  • โญ๏ธ Prometheus metrics are now exposed by the operator.

MQL Improvements

  • containerImage and containerRepository are now supported MQL resources.

ยท One min read

๐Ÿฅณ mondoo 5.30.0 is out!

๐Ÿงน IMPROVEMENTS:

Better, stronger, faster

  • This version is all under-the-hood improvements. If we were an iOS app, this message would read, "Bug fixes and performance improvements."