Skip to main content

Mondoo 6.15 is out!

ยท 3 min read

๐Ÿฅณ Mondoo 6.15 is out! This release includes a whole new fleet UI and new CIS Kubernetes policies!


Get this release: Installation Docs | Client Download | Installation Service | Docker Container


๐ŸŽ‰ FEATURESโ€‹

All New Fleet View Experienceโ€‹

Problem: You have hundreds or thousands of assets in Mondoo. Finding types of systems and understanding the relationships between assets is difficult.

Solution We added a whole new fleet view experience to Mondoo that groups your assets by type. You can quickly assess the security of different elements in your infrastructure and grasp interconnected security relationships.

Updated Fleet UI

CIS AKS and GKE Benchmarksโ€‹

Problem: You want secure your AKS and GKE clusters and workloads.

Solution: Mondoo now includes CIS Level 1 and 2 benchmarks for both Azure Kubernetes Service (AKS) and Google Kubernetes Engine (GKE). These policies include critical controls for securing your cluster nodes and cluster workloads.

Kubernetes Policies

Scan All Kubernetes Resources in Manifestsโ€‹

Problem: You need to scan each Kubernetes resource in your manifests as an individual asset in Mondoo so you can apply the new Mondoo Kubernetes Security and Best Practices policies.

Solution: Mondoo scans now respect the --discover all command line flag when scanning local manifests. This lets you scan individual Kubernetes resources and even the containers defined in your manifests.

Kubernetes Policies

๐Ÿงน IMPROVEMENTSโ€‹

Quickly Find Kubernetes Operator Scanned Assetsโ€‹

Problem: You set up your Kubernetes Mondoo integration and now you want to view the discovered assets.

Solution: We added a new See Your Asset Scores link in the Kubernetes Integration pages that takes you right to all the assets discovered by the Mondoo Operator.

Asset Score Link

Priorities in Kubernetes Policiesโ€‹

Problem: You've scanned your Kubernetes cluster, and there's a mountain of work to do. Where should you start?

Solution: We've added priorities to the controls in CIS and Mondoo Kubernetes policies. You can now sort your scan results by priority and tackle the most important security issues first.

Policy with priorities

Improved mondoo shell and mondoo exec Experiencesโ€‹

Problem: Mondoo 6.0 introduced new simpler command syntax and it's been so great that now you can't remember the old syntax when you run mondoo shell or mondoo exec.

Solution: We've updated mondoo shell and mondoo exec to use the same simpler syntax as mondoo scan. No more -t flag or :// format. Just run mondoo shell TRANSPORT_NAME.

Policy with priorities

Expanded and Improved CIS Kubernetes Policyโ€‹

We've made several improvements to the vanilla CIS Kubernetes Level 1 and 2 policies for Master and Worker Nodes. Many controls previously marked as not implemented are now implemented and all file permission controls now pass when permissions are more secure than those required by CIS.

๐Ÿ› BUG FIXESโ€‹

  • Properly redirects users to the Welcome to Mondoo page after verifying their e-mail during signup.
  • Improves the error message guidance when an AWS fails to check-in.
  • Fixes the See Your Scores link in the AWS integrations pages to properly load the list of account assets.
  • Properly detects the path to Grub2 configs in CIS benchmarks on Amazon Linux.