🥳 Mondoo 11.24 is out! This release includes an all-new AWS serverless integration, macOS Sequoia support, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

All-new AWS serverless integration experience​

Over the past few months, our engineers have been hard at work on a complete rewrite of our AWS serverless integration. This new release builds on our previous design and incorporates valuable insights we've gained from securing AWS accounts at scale. What can you expect from this new release?

• Enhanced security - Our new design drastically reduces the number of privileges required to run in your environment so you can gather critical security insights without introducing new risks to your business.
• Expanded scalability - From the smallest dev account to enterprise-sized production accounts, Mondoo has you covered.
• Granular results - Our new approach to scanning provides resource-level granularity in more situations, giving you enhanced visibility into critical risks to your business.

macOS Sequoia support​

Is your team eager to upgrade to the latest macOS Sequoia release? Now you can keep your bleeding edge users happy and secure with Mondoo! With tested packages, EOL detection support, and new CIS benchmarks, you'll be ready to tackle early adopters on day one. For users still running Sonoma (14) or Ventura (13), updated CIS benchmark policies offer new and improved security recommendations.

🧹 IMPROVEMENTS​

Resource updates​

microsoft.policies​

• New consentPolicySettings field

🐛 BUG FIXES AND UPDATES​

• Improve the setting descriptions on the user settings page.
• Fix formatting errors on Linux integration code blocks.
• Fix false positive error messages when scanning GitHub repositories and organizations.
• Improve Windows event log entries from the Mondoo service.
• Improve resiliency of Windows system information gathering.
• Add the Shodan logo to Shodan policies.
• Improve reliability of CVE risk scores.
• Fix missing Red Hat advisories for legacy releases.

🥳 Mondoo 11.23 is out! This release includes automatic drift detection, GitHub and GitLab ticketing support, improved asset tables, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Added features in cases​

This release further expands the capabilities of cases, Mondoo's feature for tracking remediation work. Cases let you turn security findings into tasks that automatically export to your existing project management or ticket system. That way, you can track and resolve Mondoo findings in your regular workflow.

New support for GitHub Issues, GitLab Issues, and email ticketing​

Mondoo now supports creating tickets in GitHub Issues and GitLab Issues, and can also send ticket notifications via email. These options join our existing support for ticketing with Jira and Zendesk.

Create cases automatically on asset drift​

When scans go from passing to failing, you want to know quickly. Now when an asset fails a check or vulnerability scan that it previously passed, Mondoo creates a case and shares it with your ticket system so you can respond rapidly. Mondoo can even group similar drift findings in a single case.

New CIS Ubuntu 24.04 benchmark policy​

Secure your Ubuntu 24.04 servers and containers with the brand new CIS Ubuntu 24.04 level 1 & 2 benchmarks. These policies include 295 total checks to secure your critical Ubuntu systems.

🧹 IMPROVEMENTS​

Updated CIS Azure Foundations 3.0 benchmark policy​

Evaluate your Azure subscriptions against the latest CIS recommendations with the updated CIS Azure Foundations benchmark version 3.0. This updated policy includes 15 all-new checks as well as 69 updated checks.

Improved asset view in policies​

Out with the old and in with the new: Now you can view risk scores, risk factors, and last updated times for assets directly from the policy pages.

Shodan host asset overview​

Shodan host scans are now included in the "Domains and Hosts" inventory group and include helpful configuration summary information on their asset pages.

Resource updates​

github.repository​

• New codeOfConductFile field
• New supportFile field
• New securityFile field

github.file​

• New exists field

microsoft.conditionalAccess​

• New resource with namedLocations field

microsoft.conditionalAccess.ipNamedLocation​

• New resource with name and trusted fields

azure.subscription.networkservice.applicationGateway​

• New wafConfiguration field using the new azure.subscription.networkService.wafConfig resource

azure.subscription.webService.appsite​

• New functions field using the new azure.subscription.webService.function resource

🐛 BUG FIXES AND UPDATES​

• Improve the performance of EC2 instance discovery.
• Fix tag filtering in the AWS provider.
• Avoid errors in the AWS Elasticsearch, SageMaker, and SNS resources when nil values are returned.
• Ensure that the AWS KMS resource returns all keys.
• Improve performance of data exports.
• Improve performance loading vulnerability data.
• Show risk scores for each CVE displayed on advisory pages.
• Improve asset category names in the inventory page.
• Improve performance of checks in the CIS GitHub benchmark policy.
• Improve the overall reliability of multiple checks in CIS Linux benchmarks.
• Fix invalid Kubernetes operator installation code in the Kubernetes integration.
• Improve reliability of inactive asset cleanup in large spaces.
• Fix some Red Hat advisories with CVSS v3 data incorrectly identifying as CVSS v2 format.
• Improve the display of data query results in command line scans.
• Improve cnspec logging when running as a service.
• When searching for spaces, show the name not the ID.

🥳 Mondoo 11.22 is out! This release includes the new case overview, Zendesk ticket support, a Microsoft Entra ID security policy, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Cases and ticket system integrations!​

Mondoo users can now group security findings into cases and assign those cases to external ticket systems for efficient tracking and resolution. Cases ship today with out-of-the-box support for Jira and Zendesk, with more to come.

Key highlights:

• Group findings into cases for better organization and management.
• Delegate cases to external teams using your existing ticketing systems.
• Automatically update issues as your team remediates findings, ensuring real-time progress tracking.
• Auto-close cases and corresponding tickets when all findings within a case are resolved.

This feature enhances collaboration and simplifies the remediation process, helping teams stay focused on securing your environment.

Microsoft Entra ID policy​

Secure your Microsoft Entra ID (previously Active Directory) with our new Mondoo Microsoft Entra ID Security policy. This policy includes essential checks to keep your directory data secure.

🧹 IMPROVEMENTS​

New checks in the CIS Azure Foundations benchmark policy​

Harden your Microsoft Azure subscriptions with expanded checks in the CIS Azure Foundations Benchmark policy. This policy now ensures that Azure Key Vault rotation is configured and AppService HTTP logs are enabled.

🐛 BUG FIXES AND UPDATES​

• Improve rendering of complex remediation text in CIS policies.
• Fix the alignment of the Start Scanning and Browse Integration buttons in new spaces.
• Improve handling of SMBIOS data on Windows to prevent errors displaying in the asset overview.
• Fix failures to scan more than 100 S3 buckets at a time.
• Resolve an AWS serverless integration error shown in the console integration details page.
• Improve the rendering of some CVE descriptions.
• Update AWS policies to use the latest RDS MQL resources.
• Install cnspec from install.mondoo.com instead of mondoo.com during Azure VM scans.
• Fix false negatives when checking bootloader config on Linux distributions based on RHEL 9.
• Skip GDM and firewalld checks when those packages aren't installed on Linux distributions based on RHEL 9.
• Fix policy pages in the registry to display all checks when policies include duplicate check names.
• Don't include asset, policies, or checks counts in ticket system integration pages.
• Improve consistency of letter score calculations.
• Add EOL detection support for FreeBSD 13.4.
• Fix auto-closing of Jira tickets when all Mondoo assets have been deleted.

🥳 Mondoo 11.21 is out! This release includes improved vulnerability views, policy and resource additions, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🧹 IMPROVEMENTS​

Risk summaries for software​

Quickly understand the risk of software versions deployed throughout your infrastructure with new risk summary boxes on software pages. The risk, CVSS score, EPSS score, risk factors, and blast radius help you make informed decisions when it comes to prioritizing software updates in your infrastructure.

Discover advisories for CVEs​

CVE pages now show whether the CVE has a related advisory. Now you can dive deeper into specific vendor recommendations when evaluating the impact of CVEs on your infrastructure.

New checks in the CIS Azure Foundations benchmark policy​

Harden your Microsoft Azure subscriptions with expanded checks in the CIS Azure Foundations Benchmark policy. This policy now ensures that guest users in Entra ID are further restricted and that storage accounts have logging.

Resource updates​

azure.subscription.keyVaultService.vault​

• New autorotation field using the new azure.subscription.keyVaultService.key.autorotation resource

🐛 BUG FIXES AND UPDATES​

• Truncate long control names in compliance report filenames.
• Rename the TLS/SSL Security policy to Mondoo TLS/SSL Security to match other Mondoo policies.
• Fix asset search at the organization level not returning results.
• Improve colorblind mode display.
• Show space names instead of space IDs in organization-level search results.
• Add EOL detection for FreeBSD 13.2 and 14.1.
• Update EOL dates for AlmaLinux 8 and Ubuntu 24.04 to match the latest vendor dates.
• Fix false positive CVEs in packages on Red Hat Enterprise Linux and UBI container images.
• Fix MRNs displaying in top security findings list instead of names.
• Provide a helpful error message if the cnquery/cnspec GCP provider fails to authenticate with Google Cloud.
• Fix mapping of checks to compliance frameworks when a policy includes variants.
• Update integration setup flow to mention both recommended query packs and policies.
• Show an unknown risk score when no risk is known for a CVE or advisory.
• Don't show findings with a blast radius of 0 in the top security findings list.
• Ensure the vulnerabilities page lists only CVEs that impact the space.
• Improve rendering of risk rank numbers above 999.

🥳 Mondoo 11.20 is out! This release includes improved display of compliance evidence, expanded resources, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🧹 IMPROVEMENTS​

Quickly review compliance evidence​

View compliance evidence gathered by Mondoo without leaving Compliance Hub. Now Compliance Hub query pages show evidence for each scanned asset right on the page, so you can quickly review evidence without individually opening each asset.

Resource updates​

atlassian.jira.issue​

• New projectKey field
• New creator field
• New typeName field

azure.subscription​

• New iot field using new azure.subscription.iotService resource

azure.subscription.webService.appsite​

• New diagnosticSettings field

🐛 BUG FIXES AND UPDATES​

• Improve detection of Terraform files within GitHub repositories.
• Improve grouping of IaC assets in the inventory view.
• Fix mismatching checks scores been the asset page and the individual check pages.
• Improve error reporting if export integrations fail.
• Simplify workstation setup options on the integrations page.
• Ensure all CIS policies include a description in the registry.
• Fix failures uploading custom compliance frameworks.
• Fix a failure to load check scores on CVE pages.
• Update the background color of the CVE and advisory page score depending on the risk score.
• Improve query reliability in the CIS Azure Foundations benchmark policies.
• Fix a failure in Snowflake exports.

🥳 Mondoo 11.19 is out! This release includes a new Shodan security policy, updates to existing security policies, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

New Mondoo Shodan Security policy​

Secure critical, public-facing domains and IP addresses with the new Mondoo Shodan Security policy. It includes checks to identify open ports and vulnerabilities as reported by the Shodan network scanning service.

🧹 IMPROVEMENTS​

Risk summaries for vendor advisories​

Better understand the criticality of vendor advisories with new score summaries. Advisories now include an overall risk score, taking into account blast radius and Mondoo-identified risk factors.

Vulnerability detection on Windows Enterprise multi-session​

Mondoo now includes vulnerability detection on Windows 10/11 Enterprise multi-session editions.

Compliance data in exports​

Data exports now include compliance control references, so you can feed compliance evidence collected by Mondoo into external data analytics systems.

Expanded security policies​

Secure your ever growing fleet of assets with new and expanded policies:

• Mondoo HTTP Security policy now includes checks to ensure Server, X-AspNetMvc-Version, X-AspNet-Version, X-Powered-By, and Public-Key-Pins HTTP headers are not set.
• CIS Azure Foundations benchmark policy includes 8 new checks as well as filter and query improvements.
• Mondoo Endpoint Detection and Response (EDR) policy now includes support for Cortex XDR.
• AWS Operational Best Practices policy includes improved S3 bucket permission checks.

New console audit events​

Keep tabs on changes made to your Mondoo organization and spaces with improved audit logging. New events recorded in the Mondoo Console audit log include:

• Policies or frameworks enabled
• Policies or frameworks disabled
• Policies or frameworks put in preview
• Risk factor configuration changes
• Integrations created
• Integrations deleted
• Space settings modified
• Registration tokens created
• API tokens created
• Compliance reports generated
• Custom policy or framework uploads

Expanded query packs​

Collect important asset inventory data with new and expanded query packs:

• macOS Inventory Pack now collects system extensions information.
• Shodan inventory pack now collects DNS NS records, subdomains, and domain tag information.
• There's a new Event Log Collector for NTLMv1 query pack.
• We added the Event Log Collector for SMBv1 query pack.

Resource updates​

github.commit​

• New authoredDate field
• New committedDate field

🐛 BUG FIXES AND UPDATES​

• Add custom icons in the registry for AlmaLinux, BSI, Oracle Linux, Rocky Linux, and Arista.
• Improve the consistency of table score headings throughout the console.
• Improve descriptions in multiple CIS benchmark policies.
• Improve handling of expired registration tokens in cnquery and cnspec.

🥳 Mondoo 11.18 is out! This release includes expanded security policies, Compliance Hub improvements, piles of new resources, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

New policies for detecting NTLMv1 and SMBv1​

Secure your Windows infrastructure against vulnerable legacy Microsoft file sharing and authentications protocols with the new Mondoo NTLMv1 Audit policy and Mondoo SMBv1 Audit policy. These policies, co-developed with the wonderful engineers at SVA, ensure you're using only modern and secure file sharing and authentication methods.

🧹 IMPROVEMENTS​

Space sunburst chart improvements​

Quickly understand where security problems lie with improvements to the sunburst charts on the space overview page. The sunburst now groups IaC, network, and SaaS assets to quickly expose hot spots in your security posture. Dive deeper into each category with improved asset placement, so you can track down problematic services.

Deeper AWS serverless integration scans​

When a default VPC is in place, the Mondoo AWS serverless integration now produces deeper security scans that include:

• Individual assets for common AWS resources

• Improved query outputs

Use these improved scan results to navigate security issues in organization and space dashboards and to set granular exceptions on individual resources.

Improved Compliance Hub look and feel​

A refreshed Compliance Hub UI makes it easier to track your audit progress. Simplified progress bars show completion status. We also replaced the check distribution graph with intuitable icons for each exception state.

Cover letters in compliance reports​

Inform your auditor about Mondoo with a new Mondoo introduction PDF included in each compliance report. The letter explains who we are and how we collect evidence, and lets them know how to contact us if they have questions.

Expanded CIS Azure Foundations policy​

Expand your Azure security insights with our newly expanded CIS Azure Foundations benchmark. The policy includes dozens of new checks for securing IAM, database, storage, secrets, and directory services.

Resource updates​

azure.subscription​

• New policy field using the new azure.subscription.policy resource
• New iam field that deprecates the authorization field

azure.subscription.authorizationService​

• New roleAssignments field using the new azure.subscription.authorizationService.roleAssignment resource
• New managedIdentities field using the new azure.subscription.managedIdentity resource

azure.subscription.authorizationservice.roledefinition​

• New type field that deprecates the isCustom field

azure.subscription.cloudDefenderService​

• New defenderForAppServices field
• New defenderForSqlServersOnMachines field
• New defenderForSqlDatabases field
• New defenderForOpenSourceDatabases field
• New defenderForCosmosDb field
• New defenderForStorageAccounts field
• New defenderForKeyVaults field
• New defenderForResourceManager field

azure.subscription.postgreSql.FlexibleServers​

• Return all servers in the subscription

microsoft​

• The organizations field is now deprecated. Use microsoft.tenant instead.

microsoft.application​

• New api field
• New applicationTemplateId field
• New certification field
• New defaultRedirectUri field
• New disabledByMicrosoftStatus field
• New groupMembershipClaims field
• New isDeviceOnlyAuthSupported field
• New isFallbackPublicClient field
• New nativeAuthenticationApisEnabled field
• New optionalClaims field
• New parentalControlSettings field
• New publicClient field
• New requestSignatureVerification field
• New samlMetadataUrl field
• New serviceManagementReference field
• New servicePrincipal field
• New servicePrincipalLockConfiguration field
• New spa field
• New tokenEncryptionKeyId field
• New web field
• New appRoles field using the new microsoft.application.role field

microsoft.roles​

• New resource that replaces microsoft.rolemanagement

microsoft.serviceprincipal​

• New appId field
• New applicationTemplateId field
• New appOwnerOrganizationId field
• New appRoleAssignmentRequired field
• New description field
• New isFirstParty field
• New loginUrl field
• New logoutUrl field
• New notificationEmailAddresses field
• New permissions field using the new microsoft.application.permission field
• New preferredSingleSignOnMode field
• New servicePrincipalNames field
• New signInAudiencesignInAudience field
• New verifiedPublisher field

microsoft.user​

• New authMethods field using the new microsoft.user.authenticationMethods resource
• Deprecated companyName, department, employeeId, jobTitle, mail, mobilePhone, otherMails, officeLocation, postalCode, and state in favor of data in the job and contact fields

microsoft.tenant​

• Renamed from microsoft.organization
• New createdAt replaces the now deprecated createdDateTime
• New name field
• New provisionedPlans field
• New subscriptions field
• New type field

microsoft.security​

• New riskyUsers field using the new microsoft.security.riskyUser resource

🐛 BUG FIXES AND UPDATES​

• Fix incorrect AWS account identification in some resources.
• Don't error when checking services on containers.
• Fix a failure fetching AWS KMS information.
• Update the title of the CIS Controls framework to include the version number.
• Generate complete report archives with the correct file date stamps.
• Fix a failure exporting data to S3.
• Improve rendering of very long policy names on the asset page.
• Fix missing search results.
• Improve application of Azure and Amazon EKS policies.

🥳 Mondoo 11.17 is out! This release includes Dockerfile security, all-new AWS security policies, and piles of new resources!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

New Dockerfile Security policy​

Secure your container workloads before they run in production with our new Dockerfile Security policy. With automatic Dockerfile discovery in GitHub and GitLab and this new policy, you can evaluate the security of Dockerfiles no matter where they're hiding. Once you've secured your existing files, keep them secure with Dockerfile scanning in CI pipelines.

New CIS AWS Database Services Benchmark policy​

Keep your most valuable business data secure with the new CIS AWS Database Services benchmark policy. This policy includes security recommendations for Amazon's most popular database services:

• Amazon Aurora
• Amazon DynamoDB
• Amazon ElastiCache
• Amazon Neptune
• Amazon RDS
• Amazon Timestream

New Mondoo Amazon Web Services (AWS) GuardDuty policy​

Make the most of AWS GuardDuty with our new Mondoo Amazon Web Services (AWS) GuardDuty policy. This policy includes checks to ensure that GuardDuty is properly enabled and configured for EC2, EKS, IAM, Lambda, and S3 security.

Mondoo Amazon Web Services (AWS) IAM Access Analyzer policy​

Cloud security starts with securing access to critical resources. With the new Mondoo Amazon Web Services (AWS) IAM Access Analyzer policy you can now ensure that IAM Access Analyzer is enabled and properly configured.

🧹 IMPROVEMENTS​

Newly certified CIS benchmark policies​

Our CIS Red Hat Enterprise Linux, Oracle Linux, AlmaLinux, and Rocky Linux 9 policies are better than ever with updates to improve reliability and query output. Even better, these policies are now certified to pass the rigorous CIS benchmark validation process, so you can be confident they'll secure even the most complex enterprise Linux installations.

Jump right to the point​

Now you find what you're looking for with fewer clicks thanks to improved linking behavior on affected assets pages. Links to assets now go directly to the asset result instead of the main asset page, so you can spend your time remediating findings instead of searching for them.

Resource updates​

aws.dynamodb.table​

• New items field
• New latestStreamArn field

aws.elasticache​

• New serverlessCaches field using the new aws.elasticache.serverlessCache resource

aws.guardduty.detector​

• New features field
• New findings field using the new aws.guardduty.finding resource
• New tags field
• Improve performance fetching detector details

aws.iam.accessAnalyzer​

• Renamed from aws.accessAnalyzer with backward compatibility for existing policies
• New findings field using the new aws.iam.accessanalyzer.finding resource

aws.iam.accessanalyzer.analyzer​

• New region field
• Include organization-level analyzers as well as activated but unused analyzers

aws.neptune​

• New resource for the AWS Neptune graph database
• clusters field using the new aws.neptune.cluster resource
• instances field using the new aws.neptune.instance resource

aws.rds​

• New allPendingMaintenanceActions field using the new aws.rds.pendingMaintenanceAction resource
• Deprecate the dbInstances field in favor of a new instances field
• Deprecate the dbClusters field in favor of a new clusters field

aws.rds.dbcluster and aws.rds.dbinstance​

• New activityStreamMode field
• New activityStreamStatus field
• New certificateAuthority field
• New certificateExpiresAt field
• New enabledCloudwatchLogsExports field
• New iamDatabaseAuthentication field
• New monitoringInterval field
• New networkType field
• New preferredBackupWindow field
• New preferredMaintenanceWindow field
• Improve performance fetching security groups details
• Don't include non-RDS engine results

aws.timestream.liveanalytics​

• New resource with databases and tables fields

aws.vpc​

• New name field

azure.subscription.cloudDefender​

• Check the pricing tier for the Servers plan when verifying that Azure's Defender for Servers is enabled

microsoft.application​

• New certificates field using the new microsoft.keyCredential resource
• New createdAt field
• New description field
• New hasExpiredCredentials field
• New info field
• New name field
• New notes field
• New secrets field using the new microsoft.passwordCredential resource
• New tags field

microsoft.group​

• New members field

microsoft.user​

• New owners field

product.eol​

Use this new resource to look up end-of-life status for common products. Example:

cnquery> product(name: "php", version: "8.1").releaseCycle { * }
product.releaseCycle: {
  endOfLife: 2025-12-31 01:00:00 +0100 CET
  endOfExtendedSupport: 719528 days
  cycle: "8.1"
  lastReleaseDate: 2024-06-06 02:00:00 +0200 CEST
  name: ""
  link: "https://www.php.net/supported-versions.php"
  latestVersion: "8.1.29"
  endOfActiveSupport: 2023-11-25 01:00:00 +0100 CET
  firstReleaseDate: 2021-11-25 01:00:00 +0100 CET
}

🐛 BUG FIXES AND UPDATES​

• Fix a false negative result in the CIS Microsoft 365 policy's "Ensure a dynamic group for guest users is created" check.
• Add VPC name to asset overview information.
• Don't execute CIS Windows workstation benchmarks on server releases.
• Improve the default data returned by the k8s.node resource.
• On the Available Frameworks page, make compliance framework descriptions more concise.
• Add an AWS CloudFormation policy variant icon on policy pages.
• Fix missing risk factors in the affected assets views.
• Show the risk score instead of CVSS scores in asset CVE tables.
• Allow sorting by risk score in tables.
• Fix Windows asset information not returning on some Windows releases if WinRM is disabled.

🥳 Mondoo 11.16 is out! This release includes a new compliance framework experience, updated policies, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

New compliance framework experience​

We've reworked the Compliance Hub to make it easier to start and manage audits with Mondoo. A new welcome page helps you pick your very first framework.

Choose from our ever-growing list of out-of-the-box compliance frameworks, now with helpful descriptions.

To make it easier to manage in-progress audits, we've introduced preview and active states for audits. Only frameworks in those states display in Compliance Hub, which helps you get right to what you need.

Reworked framework pages include helpful descriptions, a simpler progress indicator, and a quick selector so you can control the state of an audit.

Sample compliance evidence with MQL​

Provide sample data to auditors with a new sample helper in MQL. Use this helper to randomly sample a set number of items from any list or map data:

> [1,2,3,4,5,6,7,8,9,10].sample(3)
sample: [
  0: 2
  1: 10
  2: 9
]

🧹 IMPROVEMENTS​

CIS enterprise Linux 9 benchmarks 2.0​

Bring the latest security recommendations to your enterprise Linux infrastructure with the new 2.0 release of CIS benchmarks for AlmaLinux, Oracle Linux, Rocky Linux, and Red Hat Enterprise Linux 9. This major new policy update includes 630 total changes, including dozens of all-new recommendations to keep your systems secure.

Newly certified CIS benchmark policies​

Our RHEL 7, Amazon Linux 2, Oracle Linux 7, CentOS Linux 7, and GitLab CIS benchmarks have all passed the rigorous CIS benchmark validation process and received full certification for their quality and completeness. These policies add to the 130+ Mondoo CIS benchmarks already certified, making Mondoo a top vendor for CIS certified content.

Improved Kubernetes integration setup​

More easily manage workload scanning with updates to the Kubernetes integration page. These include a pre-populated namespace filter to skip scanning the operator itself and a simpler flow for enabling or disabling workload image scanning.

Manage large numbers of Jira projects with cases​

Even customers with the largest of Jira installations can use Mondoo cases. We've improved support for fetching large project lists and added a new project selection page that includes quick, text-based filtering.

Expanded EDR policy support​

The Mondoo Endpoint Detection and Response (EDR) policy now includes support for detecting the Sophos Endpoint Defense Agent as well as improved support for the SentinelOne agent.

Resource updates​

atlassian.jira.issue​

• New createdAt field
• New pagination support for fetching large issue counts

azure.subscription.cosmosDbService​

• New support for Cosmos DB, MongoDB, and PostgreSQL databases

github.repository​

• New defaultBranch field

🐛 BUG FIXES AND UPDATES​

• Improve help links in cases to go directly to cases documentation.
• Improve how CVSS and EPSS scores display on asset page lists.
• Don't display vulnerabilities with a CVSS score of 0 as critical.
• Allow assets to re-register to a different region when using the --token flag.
• Don't show expected errors when scanning GitHub repositories.
• Improve rate limiting when scanning GitHub.
• Improve navigation bar rendering on macOS systems when scroll bars are set to always show.
• Fix a failure listing data on containers in k8s.deployments.
• Improve rate limiting in the GitHub provider.
• Add a property for configuring the desired MFA enrollment time periods in CIS Google Workspace Foundations Benchmark policy.
• Improve text and links added to Jira issues when a case is resolved.
• Open all links to Jira issues in a new tab or window.
• Expand the "Use Entra ID Client Authentication and Azure RBAC where possible" check in the CIS Azure Foundations Benchmark policy to include additional services.
• Don't run kernel parameter checks on containers or container images.
• Improve integration setup steps for all integrations.

🥳 Mondoo 11.15 is out! This release includes GitLab security benchmarks, improved Kubernetes scanning, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

CIS benchmarks for GitLab security​

Secure your critical supply chain infrastructure with our new CIS GitLab benchmark policies. These policies include 27 checks for users, groups, and projects in level 1 and level 2 policies. Each policy is compatible with both self-hosted and SaaS GitLab instances.

🧹 IMPROVEMENTS​

Focus Kubernetes scanning on top-level resources​

Focus on the workloads that matter to your business with the latest release of the Mondoo Kubernetes Operator. Mondoo now scans top-level workloads only so that:

• Results better reflect the actual state of security in your cluster.

• All results in Mondoo can be traced back to actual Kubernetes manifest code that you can update.

For example, if you define a CronJob in a Kubernetes manifest, we scan only the CronJob workload asset instead of also scanning the Job and Pod assets during each execution of the CronJob. In this case, hundreds of child assets no longer scan. Space statistics don't reflect ephemeral child assets that are no longer present in the cluster.

In addition to a more focused set of assets in the Mondoo Console, you now also experience faster scans and lower scan memory usage. We saw a 3x improvement in our test clusters!

Linux Mint 22 CVE and EOL detection​

Secure the latest release of Linux Mint with new support for CVE scanning and EOL detection in Linux Mint 22.

Data export improvements​

Mondoo data exports now include more data than ever so you can feed your critical security findings into external SIEM or data warehousing systems. Exports now include vulnerability data as well as detailed asset scoring information.

Resource updates​

aws.eks.cluster​

• New supportType field
• New authenticationMode field

aws.rds.dbcluster​

• New engineLifecycleSupport field

aws.rds.dbinstance​

• New engineLifecycleSupport field

github.file​

• New downloadUrl field

🐛 BUG FIXES AND UPDATES​

• Fix incorrect policy scoring when banded scoring is selected.
• Fix passing the --token failure with the Shodan provider.
• Fix the display of organizations with zero spaces on the organization's dashboard.
• Don't apply CIS Windows desktop benchmark policies to Windows Server assets.
• Fix Ensure password hashing algorithm is SHA-512 check in the CIS Distribution Independent Linux benchmark policy.
• Improve the application of CIS Linux policies on container assets.
• Fix failures scanning Atlassian Confluence assets.
• Fix an error fetching createdAt in the aws.ec2.keypair resource.
• Fix a failure fetching approvalSettings in the gitlab.project resource.
• Fix broken links in Jira issues created with cases.
• Update Debian 11 and Ubuntu 24.04 EOL dates to match the latest vendor published dates.
• Ensure that the AWS EC2 instance name is always set as the asset name (if the asset name is present).
• Fix reports retrieval for Google Workspace.
• Fix fetching project approval settings in GitLab.
• Add debug level logging for retries in the GitHub provider.
• Rework CIS Google Workspace policy queries to improve output.
• Add descriptions to the CIS Google Workspace policies.
• Fix a failure running data exports.
• Fix a misdetection of platforms on some large container images.
• Improve scan times for single GitHub repository scans.