🥳 Mondoo 6.5 is out! This release is all about quality-of-life improvements and bug fixes.
Kubernetes Scanning Enhancements
The Kubernetes admission controller scanning in the CI/CD tab could be quite busy, and it was often difficult to find new deployment scans in this UI. We revamped how scanning occurs in the Mondoo Kubernetes Operator 0.5.0, with scans now only occurring on Kubernetes resources. This means you'll no longer see scans for each new pod generated during auto scaling, cron jobs, or otherwise. This makes it much easier to see the security status of new workloads entering the cluster.
We also improved the performance of Docker image scans. This should greatly improve the experience of users running the container image discovery in Kubernetes scans, which we introduced in Mondoo 6.2. If you haven't tried image scanning in your Kubernetes scans, be sure to try
mondoo scan k8s --dicover all and keep an eye out for more cluster asset discovery features in future releases.
Improved Integration Status
Life isn't binary, and neither are our integration status fields now. We updated how Mondoo integrations report their status to include a new
Pending status. This better describes the status of integrations that haven't failed but instead just haven't reported to Mondoo Platform yet.
Many small improvements
- The CVE view on the individual asset now shows the total number of packages scanned
- The Continuous Integration view now shows a timestamp for each branch scanned
- The installation and usage instructions for HashiCorp Packer & HashiCorp Terraform in the Integrations page is much more useful
🐛 BUG FIXES
- Improved the readability of buttons on the SAML setup page
- Fixed the "Load More" button not working when viewing CVEs tied to an individual asset
- Scanning Microsoft Azure with Mondoo Client no longer requires a URL
- Container scans now properly set platform architecture
- SSHD config file scanning in
Linux Security Baseline by Mondoonow properly parses all recognized time string formats
- Improved the
Ensure filesystem integrity is regularly checkedquery in the
Linux Security Baseline by Mondoopolicy to also support running Aide as a systemd timer
- Improved the
Pod should not run with default service accountquery in the
Kubernetes Application Benchmark by Mondoopolicy to not fail when a manifest doesn't specify the service account