Skip to main content

Mondoo 6.5 is out!

ยท 3 min read

๐Ÿฅณ Mondoo 6.5 is out! This release is all about quality-of-life improvements and bug fixes.


Get this release: Installation Docs | Package Downloads | Docker Container


๐Ÿงน IMPROVEMENTSโ€‹

Kubernetes Scanning Enhancementsโ€‹

The Kubernetes admission controller scanning in the CI/CD tab could be quite busy, and it was often difficult to find new deployment scans in this UI. We revamped how scanning occurs in the Mondoo Kubernetes Operator 0.5.0, with scans now only occurring on Kubernetes resources. This means you'll no longer see scans for each new pod generated during auto scaling, cron jobs, or otherwise. This makes it much easier to see the security status of new workloads entering the cluster.

We also improved the performance of Docker image scans. This should greatly improve the experience of users running the container image discovery in Kubernetes scans, which we introduced in Mondoo 6.2. If you haven't tried image scanning in your Kubernetes scans, be sure to try mondoo scan k8s --discover all and keep an eye out for more cluster asset discovery features in future releases.

Improved Integration Statusโ€‹

Life isn't binary, and neither are our integration status fields now. We updated how Mondoo integrations report their status to include a new Pending status. This better describes the status of integrations that haven't failed but instead just haven't reported to Mondoo Platform yet.

Pending Integration

Many small improvementsโ€‹

  • The CVE view on the individual asset now shows the total number of packages scanned
  • The Continuous Integration view now shows a timestamp for each branch scanned
  • The installation and usage instructions for HashiCorp Packer & HashiCorp Terraform in the Integrations page is much more useful

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Improved the readability of buttons on the SAML setup page
  • Fixed the "Load More" button not working when viewing CVEs tied to an individual asset
  • Scanning Microsoft Azure with Mondoo Client no longer requires a URL
  • Container scans now properly set platform architecture
  • SSHD config file scanning in Linux Security Baseline by Mondoo now properly parses all recognized time string formats
  • Improved the Ensure filesystem integrity is regularly checked query in the Linux Security Baseline by Mondoo policy to also support running Aide as a systemd timer
  • Improved the Pod should not run with default service account query in the Kubernetes Application Benchmark by Mondoo policy to not fail when a manifest doesn't specify the service account