Mondoo 7.15 is out!
๐ฅณ Mondoo 7.15 is out! This release includes CSV output support, a new GCP CIS policy, and UI improvements!โ
Get this release: Installation Docs | Package Downloads | Docker Container
๐ NEW FEATURESโ
CSV output format for cnqueryโ
Problem: You want to export cnquery results to a spreadsheet for analysis.
Solution: The cnquery CLI can now produce CSV output on the CLI for integration spreadsheet apps or other systems that parse CSV input.
cnquery scan docker debian:11 --output csv > report.csv
Terraform in the Fleet viewโ
Problem: You want to use cnspec to secure your Terraform code, but it's hard to find Terraform code results when they show up as uncategorized assets.
Solution: A new Terraform section in the Fleet view makes it easy to find all your Terraform scans in one place.
๐งน IMPROVEMENTSโ
Only show applicable controls in the consoleโ
Controls that are cnspec automatically skipped are no longer shown as disabled in the Mondoo Console. Depending on the policy and infrastructure scanned, there could be several dozen controls that cnspec skipped automatically. This new behavior simplifies the asset controls view and makes it more clear which controls ran and which you disabled.
Improved CLI scanning UXโ
After launching our updated CLI UX last week, we got loads of great feedback from the community on how we could continue to improve the experience. This week we shipped several improvements to make it easier to read the scan output and to improve the experience when scans fail.
Org names in shared space titlesโ
Differentiating between shared spaces can be difficult if the space names are the same. Shared spaces now include the org and space name, so you can better tell spaces apart.
Updated GCP CIS policyโ
Mondoo now includes the latest CIS Google Cloud Platform Foundation Benchmark policy version 2.0.0. This updated policy uses the latest new resources shipped with the latest versions of cnspec. It includes many new queries as well as audit and remediation steps for all queries.
Install cnspec using Ansibleโ
The Mondoo Ansible role has been updated to make deploying and migrating to cnspec at scale easier. This updated role deploys cnspec and cnquery to new systems and upgrades existing installations to use cnspec and cnquery. Just run this role against systems, and you'll automatically have the latest cnspec release running as a service.
๐ BUG FIXES AND UPDATESโ
- Enable the Mondoo install script to handle GPG key updates to package repositories to prevent update failures
- Improve the error message when an incorrect repository is passed to
scan github repo - Fix a race condition in the cnspec/cnquery scan progress bars
- Print status of assets that can't be scanned in the progress bars
- Expose the actual error from GCP when unable to connect to resources
- Remove an extra warning that was incorrectly printed while scanning Terraform configs
- Ignore Terraform content in the
.terraformdirectory - Properly display policies in Policy Hub that have zero queries
- Fix links to integration pages from the Service Accounts
- Improve reliability in some Azure CIS Foundation policy queries
- Improve the reliability of Kubernetes status in the Kubernetes integration pages
- Operating system integration pages no longer mention the setup of Mondoo Client
- Kubernetes Integration page once again enables workload scanning by default
- Mondoo GitHub action supports scanning GitHub organizations again
- Fix MQL queries hanging with aliased and direct resource in the same policy
- Show the scan trigger button on the AWS integrations when they are in an errored state
- Only call the Google Cloud CLI when scanning GCP if neither project or project-id were provided
- Fix errors using the
gcp.project.gkeServicewhen a GKE cluster hasn't finished provisioning - Fix failures when scanning GCP storage buckets
- Add projectID to many GCP resources so asset relationships can be determined
- Deprecate the
zonevalue for GKE clusters in favor of a newlocationvalue