🥳 Mondoo 7.9 is out! This release includes a new Kubernetes Ingress resource and automatic discovery of Amazon ECR registries!
Kubernetes Ingress resource
Problem: You want to ensure the security of Kubernetes Ingresses.
Solution: Mondoo now includes new resources for exploring and securing Kubernetes Ingress objects. New resources support exploring the Ingress objects themselves as well as the HTTP rules in each Ingress.
New Ingress resources:
Example cnspec shell query:
You can also automatically discover Ingress objects during your cluster scan with the
--discover ingresses flag. With this flag, each Ingress object is scanned as an asset available in the Mondoo Console.
Stay tuned for new Ingress security policies and auto-discovery of HTTP/HTTPS endpoints so you can automatically discover incorrectly configured or expiring certificates.
Amazon ECR discovery support
Problem: To scan an AWS ECR registry, you have to know its address.
Solution: The cnquery/cnspec AWS scanner now automatically discovers and scans ECR registries.
cnspec scan aws --discover ecs, or
cnspec scan aws --discover all.
Improve EC2 instance discovery
cnspec scan aws --discover instances cnspec now uses EC2 Instance Connect and SSM to connect and remotely scan EC2 instances.
🐛 BUG FIXES
- Improve the reliability of many controls in CIS and Mondoo Linux policies.
- Change SSM-scanned instances to not show up as "Other" scans.
- Avoid rate limiting in the AWS Lambda integration by reducing total API calls.
- Improve help and resource autocomplete text.
- Remove some unhelpful warning log messages in cnspec and cnquery.
- Fix the display of long Kubernetes integration names in the Kubernetes integration page.
- Fix login failures using the latest release of Safari on macOS and iOS.
- Fix incorrect display of long organization IDs in the create organization window.