Mondoo 6.15 is out!
๐ฅณ Mondoo 6.15 is out! This release includes a whole new fleet UI and new CIS Kubernetes policies!
Get this release: Installation Docs | Package Downloads | Docker Container
๐ NEW FEATURESโ
All New Fleet View Experienceโ
Problem: You have hundreds or thousands of assets in Mondoo. Finding types of systems and understanding the relationships between assets is difficult.
Solution We added a whole new fleet view experience to Mondoo that groups your assets by type. You can quickly assess the security of different elements in your infrastructure and grasp interconnected security relationships.
CIS AKS and GKE Benchmarksโ
Problem: You want secure your AKS and GKE clusters and workloads.
Solution: Mondoo now includes CIS Level 1 and 2 benchmarks for both Azure Kubernetes Service (AKS) and Google Kubernetes Engine (GKE). These policies include critical controls for securing your cluster nodes and cluster workloads.
Scan All Kubernetes Resources in Manifestsโ
Problem: You need to scan each Kubernetes resource in your manifests as an individual asset in Mondoo so you can apply the new Mondoo Kubernetes Security and Best Practices policies.
Solution: Mondoo scans now respect the --discover all command line flag when scanning local manifests. This lets you scan individual Kubernetes resources and even the containers defined in your manifests.
๐งน IMPROVEMENTSโ
Quickly Find Kubernetes Operator Scanned Assetsโ
Problem: You set up your Kubernetes Mondoo integration and now you want to view the discovered assets.
Solution: We added a new See Your Asset Scores link in the Kubernetes Integration pages that takes you right to all the assets discovered by the Mondoo Operator.
Priorities in Kubernetes Policiesโ
Problem: You've scanned your Kubernetes cluster, and there's a mountain of work to do. Where should you start?
Solution: We've added priorities to the controls in CIS and Mondoo Kubernetes policies. You can now sort your scan results by priority and tackle the most important security issues first.
Improved mondoo shell and mondoo exec Experiencesโ
Problem: Mondoo 6.0 introduced new simpler command syntax and it's been so great that now you can't remember the old syntax when you run mondoo shell or mondoo exec.
Solution: We've updated mondoo shell and mondoo exec to use the same simpler syntax as mondoo scan. No more -t flag or :// format. Just run mondoo shell TRANSPORT_NAME.
Expanded and Improved CIS Kubernetes Policyโ
We've made several improvements to the vanilla CIS Kubernetes Level 1 and 2 policies for Master and Worker Nodes. Many controls previously marked as not implemented are now implemented and all file permission controls now pass when permissions are more secure than those required by CIS.
๐ BUG FIXES AND UPDATESโ
- Properly redirects users to the
Welcome to Mondoopage after verifying their email during sign-up. - Improves the error message guidance when an AWS fails to check-in.
- Fixes the See Your Scores link in the AWS integrations pages to properly load the list of account assets.
- Properly detects the path to Grub2 configs in CIS benchmarks on Amazon Linux.