🥳 Mondoo 9.7 is out! This release includes a new compliance UI, expanded resources, and even more CVE data!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

New compliance exceptions UI​

We've reworked the compliance exceptions system to make it easier to understand when exceptions have been set and what that means for your compliance data collection.

Each control includes a new Set Exception button so you can quickly create exceptions directly from framework control pages.

For controls with an exception set, the UI now communicates which type of exception has been set: snooze or disable. It gives a quick description of how the exception affects compliance data collection. The details of the exception are also shown directly on the control page, allowing you to accept, reject, or delete the exception without needing to dig through the exceptions tab.

Run local query packs from cnspec​

Want to quickly test a custom query pack you've written? Now it's easier than ever because you can run a local query pack directly from cnspec:

cnspec scan -f example-pack.mql.yaml
→ no provider specified, defaulting to local. Use --help to see all providers.
→ loaded configuration from /Users/tsmith/.config/mondoo/mondoo.yml using source default
→ using service account credentials
→ discover related assets for 1 asset(s)

Asset: Luna-Laptop.local
----------------------

Data queries:
packages.where.list: [
  0: package name="ssh" version=""
]
services.where.list: [
  0: service name="com.openssh.ssh-agent" running=true enabled=true type="launchd"
]
sshd.config.params: {
  AcceptEnv: "LANG LC_*"
  AuthorizedKeysFile: ".ssh/authorized_keys"
  Subsystem: "sftp /usr/libexec/sftp-server"
  UsePAM: "yes"
}

Scanned 1 asset

macOS
    U Luna-Laptop.local

🧹 IMPROVEMENTS​

Atlassian asset grouping​

Atlassian admin, Jira, Confluence, and SCM assets scanned with cnspec are now grouped as Atlassian assets in the console. This helps you quickly find all your Atlassian assets.

Ubuntu 23.10 EOL/CVE detection​

Ubuntu 23.10 is out, and Mondoo is ready with EOL reporting and CVE detection now available for this latest Ubuntu release. See our blog post What's New in Security for Ubuntu 23.10 to learn more about this release's great new security features.

Raspbian 11 and 12 CVE detection​

cnspec scans on Raspbian 11.x and 12.x releases now include important CVE data on both the CLI and in the console, so you can keep your Raspberry Pi hobby and IoT projects secure.

Better application of CIS Distribution Independent Linux Benchmark policy​

The CIS Distribution Independent Linux Benchmark policy is a fantastic alternative Linux security policy to use when your operating system distribution or specific version is not supported by one of the main CIS Linux benchmarks. Thanks to new filters, you can now apply this policy in any space and rest assured it will only apply to systems for which more specific CIS benchmark policies aren't available. This means that now you can always have security and compliance data available, even when you're running distros that are a bit off the beaten path, such as non-LTS Ubuntu releases, Arch Linux, or Raspbian.

New AWS resource fields​

AWS resources include new default values to improve data pack queries and navigation in the cnquery/cnspec shell. The resources also have many new fields to expose valuable asset inventory data:

aws.cloudfront.distribution

• enabled
• httpVersion
• isIPV6Enabled
• priceClass

aws.dynamodb.table

• createdAt
• deletionProtectionEnabled
• globalTableVersion
• id

aws.accessanalyzer.analyzer

• createdAt
• lastResourceAnalyzed
• lastResourceAnalyzedAt

aws.autoscaling.group

• region

aws.backup.vault

• createdAt
• encryptionKeyArn
• locked
• region

🐛 BUG FIXES AND UPDATES​

• Ensure asset groups display correctly as new assets are added or deleted.
• Show the correct status badges on the Managed Clients page.
• Fix incorrect EBS volume scan regions.
• Fix a failure to display asset scores for EBS volume scans.
• Add the ability to list processes on Windows systems in the ports.listening resource.
• Fix EKS node checks not correctly executing in the CIS Amazon Elastic Kubernetes Service (EKS) Benchmark policies.
• Improve reliability of checks within the CIS Amazon Elastic Kubernetes Service (EKS) Benchmark policies.
• Fix failures in CIS macOS Benchmark policies' "Ensure Pop-up Windows Are Blocked" and "Ensure Show Status Bar Is Enabled" checks.
• Fix VMware vSphere CVE detection with cnspec 8.x clients.
• Return a 100 (A) score when no CVEs are detected on a system.
• Fix CIS rsyslog checks to fail instead of erroring when the rsyslog config is not found.
• Improve chrony configuration detection in the Operational Best Practices for Time Synchronization policy.
• Better detect when journald is running in the Ensure journald is not configured to receive logs from a remote client check.
• Improve titles of queries in multiple query packs.
• Fix failures in some JSON data exports due to malformed JSON data.
• Fix failures detecting the platform on some remote scans.
• Improve shell help content for many resources.

🥳 Mondoo 9.6 is out! This release includes Console asset query packs, Subject Alternative Name support for certificates, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Asset inventory at your fingertips​

Query pack data now displays directly in the Mondoo Console for all assets. Explore asset configuration with the two dozen out-of-the-box query packs available in the registry. If you don't find what you're looking for there, write your own query packs to expose additional asset inventory information directly in the console.

Browse the results of asset inventory query packs with a new Data Queries tab on the individual asset view.

🧹 IMPROVEMENTS​

Expanded certificate resource capabilities​

The tls.certificates resource now supports the PKIX Subject Alternative Name (SAN) extension, as well as the Subject Key Identifier (SKID) extension.

cnspec shell host google.com
cnspec> tls.certificates { sanExtension { * }}
tls.certificates: [
  0: {
    sanExtension: {
      uris: []
      extension: pkix.extension id = 5842ac625349147af543f8049f60497ca270c0412667bbeb1042482e805069f9:2.5.29.17
      emailAddresses: []
      dnsNames: [
        0: "*.google.com"
        1: "*.appengine.google.com"
        2: "*.bdn.dev"
        3: "*.origin-test.bdn.dev"
        4: "*.cloud.google.com"
        5: "*.crowdsource.google.com"
        6: "*.datacompute.google.com"
        7: "*.google.ca"
        8: "*.google.cl"
 ..
      ]
    }
  }
  1: {
    sanExtension: null
  }
  2: {
    sanExtension: null
  }
]

Expanded cnspec status information​

Running cnspec status now prints the version number of the latest available release and a list of all installed providers. If the currently installed and latest releases don't match, the status indicates that a newer version is available for download.

./cnspec status
→ no Mondoo configuration file provided, using defaults
→ Platform:             ubuntu
→ Version:              22.04
→ Hostname:             localhost
→ IP:                   192.168.178.32
→ Time:                 2023-11-01T13:36:01+01:00
→ Version:              9.6.0 (API Version: 9)
→ Latest Version:       9.6.1
! A newer version is available
→ Installed Providers:	terraform | aws | atlassian | gcp
→ Outdated Providers:	  terraform | aws | atlassian
→ API ConnectionConfig: https://us.api.mondoo.com
→ API Status:           SERVING
→ API Time:             2023-11-01T12:36:02Z
→ API Version:          9

🐛 BUG FIXES AND UPDATES​

• Vulnerabilities results no longer show assets that are not impacted.
• Fix colorblind mode being enabled for all users.
• Add data validation for AWS Access Key ID and Secret Access Key values in the S3 export integration.
• Improve asset links in Compliance Hub to go directly to the check or data query on the asset.
• Fix tls.certificates returning null data incorrectly.
• Fix AWS EC2 instance names not properly registering.
• Improve default values in the azure.subscription.monitorService.applicationInsight resource.
• Don't display a policy's main documentation when viewing the variant.
• Improve form validation for integrations to only run after all text has been entered.
• Improve formatting on the policy recommendation pages for integrations.
• Fix text input boxes that could not be read in the Azure integration.
• Improve the error message when an organization or space user cannot be removed.
• Don't fail when running policies from the public registry that use asset filters.
• Don't fail if a query packs has no description.
• Don't fail if a policy group has checks, but not data queries.
• Fix a failure when scanning AWS EBS volumes.
• Fix incorrect runtime information being reported for AWS assets.
• Fix service checks to work on masked systemd services and services that end in .service
• Expand SOC 2 policy coverage
• Improve data returned from the Azure Inventory Query Pack.
• Improve the reliability of queries in the CIS AKS Benchmarks policies.
• Wrap instead of cutting off long property values in the registry.
• Use the custom image defined in the Kubernetes operator's MondooAuditConfig section.
• Fix garbage collection of old Kubernetes assets not running.
• Fix scanning of GKE nodes from the Kubernetes operator.

🥳 Mondoo 9.5 is out! This release includes VMware vSphere security advisory detection, expanded AWS/Azure/Okta resources, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

VMware vSphere CVE detection​

Mondoo now includes support for tracking CVEs and security advisories on VMware vSphere installations, so you can keep your most important on-premises assets secure. You'll automatically see CVE/advisory information on VMware vSphere assets in the Mondoo Console and you can scan assets manually on the command line to view this data as well:

cnquery shell vsphere USER@luna.dmz -p FOO
  ___ _ __   __ _ _   _  ___ _ __ _   _
 / __| '_ \ / _` | | | |/ _ \ '__| | | |
| (__| | | | (_| | |_| |  __/ |  | |_| |
 \___|_| |_|\__, |\__,_|\___|_|   \__, |
  mondoo™      |_|                |___/  interactive shell

cnquery> asset.vulnerabilityReport
asset.vulnerabilityReport: {
  platform: {
    build: "18778458"
    name: "vmware-vsphere"
    release: "7.0.3"
    title: "VMware vSphere 7.0.3"
  }
  published: "2023-10-26T13:18:39Z"
  stats: {
    advisories: {}
    cves: {}
    exploits: {}
    packages: {}
  }
}
asset.vulnerabilityReport: {
  advisories: [
    0: {
      ID: "VMSA-2022-0004"
      Mrn: "//vadvisor.api.mondoo.app/advisories/VMSA-2022-0004"
      cves: [
        0: {
          ID: "CVE-2021-22041"
          Mrn: "//vadvisor.api.mondoo.app/cves/CVE-2021-22041"
          cvss: [
            0: {
              score: 4.600000
              source: "cve://nvd/2021"
              vector: "4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P"
            }
          ]
          worstScore: {
            score: 4.600000
            source: "cve://nvd/2021"
            vector: "4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P"
          }
        }

...

🧹 IMPROVEMENTS​

New AWS resource fields and defaults​

The aws.vpc.subnet resource now includes information on the subnet's availability zone so you can better understand where subnets are located.

cnquery> aws.vpcs.first.subnets{*}
aws.vpcs.first.subnets: [
  0: {
    arn: "arn:aws:ec2:ap-south-1:177043123456:subnet/subnet-b231234"
    id: "subnet-b231234"
    cidrs: "172.31.16.0/20"
    mapPublicIpOnLaunch: true
    defaultForAvailabilityZone: true
    availabilityZone: "ap-south-1c"
  }
...

We've also improved the default values returned by many AWS resources to give you better output in the cnquery shell as well as query packs. These updated defaults expose AWS resource IDs, regions, availability zones, and other metadata that makes understanding your AWS infrastructure easier with Mondoo. Enable the AWS Asset Inventory Pack in your spaces to see this improved asset inventory data today.

Improved resource output for Azure​

New default values in Azure resources make exploring asset configuration in the cnquery shell or the resource explorer better than ever. You'll see new improved output on Azure VMs that show OS and hardware types. We've also expanded NIC and disk resources to show information such as the disk size/type and the NIC MAC address type.

cnquery> azure.subscription.computeService.vms.first
azure.subscription.computeService.vms.first: azure.subscription.computeService.vm name="Windows-VM-5n6o" location="eastus" properties.hardwareProfile.vmSize="Standard_DS2_v2" properties.storageProfile.osDisk.osType="Windows"

cnquery> azure.subscription.computeService.disks.first
azure.subscription.computeService.disks.first: azure.subscription.computeService.disk name="Windows-VM-OsDisk-5n6o" location="eastus" properties.osType="Windows" properties.diskSizeGB=127.000000 properties.diskState="Attached"

cnquery> azure.subscription.networkService.interfaces.first
azure.subscription.networkService.interfaces.first: azure.subscription.networkService.interface name="Windows-VM-NIC-5n6o" location="eastus" properties.macAddress="60-45-BD-D7-7E-53" properties.nicType="Standard"

Expanded Okta group and role capabilities​

We've expanded the capabilities of our Okta provider and resources to make it easier to query your Okta configuration. You can now query Okta groups along with their roles and members using the okta.groups resource:

cnspec> okta.groups.where(roles.one(type =="SUPER_ADMIN")) { name roles { * } members members.length < 2 }
okta.groups.where: [
  0: {
    roles: [
      0: {
        created: 2023-04-08 22:11:00 +0200 CEST
        lastUpdated: 2023-04-08 22:11:00 +0200 CEST
        assignmentType: "GROUP"
        id: "ABCD1234"
        type: "SUPER_ADMIN"
        status: "ACTIVE"
        label: "Super Administrator"
      }
    ]
    name: "Super Admins"
    members.length < 2: true
    members: [
      0: okta.user profile.email="ben@example.com"
    ]
  }
]

You can also check which permissions are assigned to custom roles using the new okta.customRoles resource:

cnspec> okta.customRoles { * }
okta.customRoles: [
  0: {
    label: "Custom Role"
    id: "abc12345678910"
    description: "Custom Role"
    permissions: []
  }
]

Improved host scanning​

We've improved host scanning behavior with updates to Mondoo's host provider as well as the http and tls resources used when scanning domains and IPs. These updates make it easier to get started scanning hosts, even when the hosts aren't the best behaving.

• Default to HTTPS when no protocol information was specified on the CLI. For example, with cnquery shell host mondoo.com cnquery now assumes HTTPS.
• Improve handling of timeouts when checking TLS certs.
• Improve error handling and logging when connecting to hosts, parsing TLS certificates, and checking TLS on non-TLS hosts.

Updated macOS CIS Benchmark policies​

It's been just a week since we last updated macOS CIS benchmark policies, but we're back again with new updates including the official release of the CIS macOS 14.0 benchmark. These new benchmarks include improved descriptions/remediation text, more robust queries, and additional checks for Intel Macs. Be sure to check out the improved results in these releases:

• CIS Apple macOS 11.0 Big Sur Benchmark v4.0.0
• CIS Apple macOS 12.0 Monterey Benchmark v3.0.0
• CIS Apple macOS 13.0 Ventura Benchmark v2.0.0
• CIS Apple macOS 14.0 Sonoma Benchmark v1.0.0

Improved Windows EOL dates​

Windows EOL data in Mondoo Platform now tracks Microsoft's enterprise and education support track, which tends to be about one year later than consumer EOL dates. We've also added Windows 10 22H2, Windows 11 22H2, and Windows 11 23H2 releases so you can track upcoming EOL dates for all your Windows workstations.

Improved field copy behavior​

Sometimes a user suggests a fix you just can't pass up. User @xorima told us the copy icon in our text fields was hard to read and made copying important text like client installation commands difficult. We retooled the icon to make it better stand out against the text and have a more clear action when the copy was complete. Thanks @xorima!

🐛 BUG FIXES AND UPDATES​

• Group Photon OS assets as operating systems in the Mondoo Console.
• Fix data queries not always showing the policy or query pack where they were defined.
• Don't error if the same query pack is specified more than once on the command line.
• Don't fail if a query pack has no queries to run after platform filters are applied.
• Properly filter out unsupported queries in a query pack to avoid failures.
• Map checks from the CIS Distribution Independent Linux benchmark to compliance framework controls.
• Fix cleanup of old assets scanned by the Mondoo Kubernetes operator.
• Handle empty report data in the JUnit cnspec reporter.
• Don't fail scanning a container registry if the container's platform cannot be detected.
• Fix a failure running the cnspec vuln command.
• Fix an error fetching the azure.subscription.mySql.server field.
• Fix Microsoft 365 assets grouping under Unclassified Assets in the console inventory page.
• Don't show the Schedule Now button for Jira integrations.
• On the Organization page, sort spaces by name instead of space ID.

🥳 Mondoo 9.4 is out! This release includes a number of new stability improvements, as well as a number of bug fixes.​

Get this release: Installation Docs | Package Downloads | Docker Container

We encourage you to upgrade to this release as soon as possible since it contains a number of stability improvements.

🧹 IMPROVEMENTS​

This release introduces a heartbeat for all providers, which guarantees that terminated providers don't leave behind stale processes in memory. It requires the use of v9.1.x or higher version for all providers. These will update automatically. If you have deactivate automatic updates, please manually update your providers. Please also make sure to update cnquery and cnspec to 9.4.0 since older version of cnquery and cnspec do not use the new heartbeat functionality.

To verify that you are on the latest version:

cnspec version
cnspec 9.4.0 (76a83f8, 2023-10-27T00:24:13Z)

To verify that all provider versions are greater than 9.1.0:

cnspec providers list

→ builtin (found 2 providers)

  core 9.1.0
  mock 9.0.0 with connectors: mock

→ /opt/mondoo/providers (found 6 providers)

  aws 9.1.0 with connectors: aws
  azure 9.1.0 with connectors: azure
  gcp 9.1.0 with connectors: gcp
  os 9.1.0 with connectors: local, ssh, winrm, vagrant, container, docker, filesystem
  terraform 9.1.0 with connectors: terraform
  vsphere 9.1.0 with connectors: vsphere

For Windows and Linux services we improved the reliability of the services for cases where cnspec crashes. This is achieved by making sure that the service does not restart too often. The default restart limit is 3 times.

🐛 BUG FIXES AND UPDATES​

• Fix --asset-name flag not setting asset names properly.
• Fix failures compiling query packs that used variants.
• Improve failures messages when MQL resources or fields cannot be found.
• Fix failures reading "Never" time in raw data JSON data.

🥳 Mondoo 9.3 is out! This release includes support for new Azure resources, updated macOS policies, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

New Azure resources​

• New resource azure.subscription.networkService.applicationGateway
• New resource azure.subscription.networkService.applicationFirewallPolicy
• New resource azure.subscription.advisorService
• New field rbacAuthorizationEnabled in azure.subscription.storageService

🧹 IMPROVEMENTS​

Updated Packer provider for Mondoo cnspec​

Our HashiCorp Packer cnspec provisioner now uses cnspec 9.x, giving you access to the latest providers and resources directly in your OS image build pipelines.

Updated CIS macOS benchmark policies​

Mondoo now ships with the latest macOS CIS benchmark policies, which include expanded remediation steps, improved descriptions, and more resilient queries:

• Updated macOS 11 benchmark version to 3.1
• Updated macOS 12 benchmark version to 2.1
• Updated macOS 13 benchmark version to 1.1
• New macOS 14 benchmark (preview) 1.0

Expanded compliance evidence gathering​

We've revamped several of our bundled Mondoo policies with expanded descriptions, improved queries, and best of all, compliance mappings that help you automatically gather evidence no matter what the asset type:

• TLS/SSL Security Baseline
• Platform End-of-Life Policy
• Platform Vulnerability Policy

cnquery run --info flag​

A new --info flag in cnquery allows you to see which resources and fields your MQL queries use.

For example, running this query against the sshd config:

cnquery run -c "sshd.config.params[Version] == mondoo.version" --info

Returns this list of resources and fields:

Resources and Fields used:
- sshd.config
  - params
- mondoo
  - version

🐛 BUG FIXES AND UPDATES​

• Fix failing ARN data queries on aws-ec2-volume assets.
• Fix asset names from local scans not reporting to the platform.
• Ensure some empty values in the http resource return null values instead of empty strings.
• Improve help text in cnspec and cnquery.
• Fix incorrect compliance check counts in controls.
• Replace the deprecated CIS Supply Chain Management benchmark policy with the CIS GitHub Level 1 benchmark policy.
• Add missing Atlassian provider help to cnspec and cnquery.
• Fix failures querying SCIM data in the Atlassian provider.
• Fix fetching a list of GitHub users in an organization.
• Use the GitLab group ID instead of name when fetching data to prevent some failure cases.
• Fix asset names not capturing properly for some Azure and GCP assets.
• Report friendly errors when the Atlassian provider does not have the necessary permissions to query data.
• Add asset.type field to EBS filesystem scans.
• Prevent query errors when a nonexistent registry key is queried.
• Ensure cnspec and cnquery use proxies for all traffic when specified.
• Properly display the asset platform in the status command.
• Fix failures retrieving secrets from vaults.
• Fix failures scanning some Kubernetes manifest files.
• Fix failures setting the AWS platform ID under some circumstances.
• Group Raspbian assets as operating systems in the console.
• Improve rendering of user avatars in the console.
• Use consistent table layouts in the Mondoo Vulnerability Database and the space invitation pages to better match other tables in the console.
• Save sorting and filtering options in the Mondoo Vulnerability Database when reloaded or bookmarked.
• Fix failures applying asset annotations passed on the command line.
• Improve errors from systemd when cnspec fails to start due to missing binaries or configuration files.
• Don't include the vulnerabilities section on the CLI for unsupported platforms.
• Update the policy generated by the cnspec bundle init command to be cnspec 9.x compatible.
• Improve the query results in the Mondoo Kubernetes Cluster and Workload Security policy and remove unnecessary data queries.
• Improve SOC 2 policy check mappings for CIS policies.
• Add support for macOS systems in the Platform End of Life policy.

🥳 Mondoo 9.2 is out! This release includes support for securing Atlassian services, a new HTTP resource, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Secure Atlassian services​

Our new Atlassian cnquery/cnspec provider allows you to query the configuration of Atlassian's suite of products, including Jira and Confluence.

Use the Atlassian provider with cnquery shell to connect to your Atlassian URL using a user or admin token:

cnquery shell atlassian --host https://luna.atlassian.net --admin-token FOO

Some example data you can query using this provider and resources:

atlassian.admin.organizations: [
  0: atlassian.admin.organization id="4j1ack42-6c9d-1552-k55a-c2j536j31066"
]

cnquery> atlassian.jira.users
atlassian.jira.users: [
  0: atlassian.jira.user id="5dd64082af96bc0efbe55103"
  1: atlassian.jira.user id="630db2cd9796033b256bc349"
  2: atlassian.jira.user id="5cb4ae0e4b97ab11a18e00c7"
  3: atlassian.jira.user id="557058:f58131cb-b67d-43c7-b30d-6b58d40bd077"
  4: atlassian.jira.user id="712020:1bdc8553-00fa-4e1c-8d14-317bbafece92"
  5: atlassian.jira.user id="6183312e3e3753006f8c7baf"
  6: atlassian.jira.user id="626b14efc72f140069fc636c"
  7: atlassian.jira.user id="5b70c8b80fd0ac05d389f5e9"
  8: atlassian.jira.user id="5e6a646f5df5fb0cfee33989"
  9: atlassian.jira.user id="557058:cbc04d7b-be84-46eb-90e4-e567aa5332c6"
  10: atlassian.jira.user id="712020:45d1ce6f-7b4b-4190-8d93-1d709d7203f9"
  11: atlassian.jira.user id="5d53f3cbc6b9320d9ea5bdc2"
  12: atlassian.jira.user id="557058:950f9f5b-3d6d-4e1d-954a-21367ae9ac75"
  13: atlassian.jira.user id="5cf112d31552030f1e3a5905"
  14: atlassian.jira.user id="712020:f4b1ca94-1967-48c6-9c22-b04a9e999fae"
  15: atlassian.jira.user id="6035864ce2020c0070b5285b"
  16: atlassian.jira.user id="60e5a86a471e61006a4c51fd"
  17: atlassian.jira.user id="5d9b2860cd50b80dcea8a5b7"
  18: atlassian.jira.user id="5d9afe0010f4800c341a2bba"
  19: atlassian.jira.user id="626b1500b31e6f006863c12d"
]
cnquery> atlassian.jira.users.first.name
atlassian.jira.users.first.name: "Lunalectric Integration User"

Learn more about the capabilities of this new provider and its resources in the Atlassian resource pack documentation.

Stay tuned for an Atlassian policy bundle that lets you continuously secure your business' Atlassian usage.

New http resource​

Use our new http resource to continuously secure and assure compliance for HTTP endpoints used by your business.

http.get('https://console.mondoo.com') { statusCode version header{ xFrameOptions xContentTypeOptions referrerPolicy sts csp['base-uri'] } }

Returns:

http.get: {
  header: {
    csp[base-uri]: "'self'"
    xContentTypeOptions: "nosniff"
    referrerPolicy: "same-origin"
    xFrameOptions: "SAMEORIGIN"
    sts: http.header.sts maxAge=365 days  includeSubDomains=true preload=false
  }
  version: "2.0"
  statusCode: 200
}

Learn more about these new fields at our http.get and http.header documentation.

🧹 IMPROVEMENTS​

Expanded Azure resources​

Azure networking resources continue to receive updates to expose critical information for security and compliance within your Azure infrastructure:

azure.subscription.networkService.virtualNetworkGateway.ipConfig​

• New publicIpAddress property: The public IP address associated with this IP configuration

azure.subscription.networkService.natGateway​

• New publicIpAddresses property: List of public IP addresses the NAT gateway is associated with

azure.subscription.networkService.virtualNetwork​

• New dhcpOptions property: Virtual network DHCP options
• New enableDdosProtection property: Indicates if DDoS protection is enabled for all the protected resources in the virtual network.
• New enableVmProtection property: Indicates if VM protection is enabled for all the subnets in the virtual network

More AWS console links​

AWS console links let you jump directly from Mondoo scan results to the scanned assets in the AWS console. Use these handy shortcuts to make updates quickly based on Mondoo findings. We've expanded this support with direct console links from Mondoo DynamoDB, KMS, CloudTrail, and EBS volumes assets.

🐛 BUG FIXES AND UPDATES​

• Add form value validation to the Organization Settings -> Authentication page.
• Improve rendering of the form in the Organization Settings -> Authentication page.
• Improve the performance of AWS account scans.
• Fix failures scanning AWS DynamoDB tables.
• Fix failures fetching metadata and connection settings in the Azure Web App Service.
• Fix a failure that could occur when querying terraform.files.
• Don't use Microsoft's UPX binary compression for cnquery and cnspec, as some antivirus software incorrectly flags this as malware.
• Improve handling of null values in resources.
• Use asset.fqdn as the asset name for the network and arista providers.
• Use proxy servers to fetch provider updates when available.
• Fix the copy to table button on CVE pages failing to copy.
• Fix a failure creating Jira integrations.
• Improve compliance framework mappings to show additional data.
• Fix incorrect titles on some Microsoft KBs.
• Adjust the EOL dates for Amazon Linux 2018 and Debian 9/12.
• Don't show checks in policies that are not enabled in Compliance Hub control pages.
• Rework queries in CIS Windows 10/11/2016/2019/2022 policies to improve reliability

🥳 Mondoo 9.1 is out! This release includes support for private GitLab instance scanning, new Azure networking resources, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Continuous scanning of hosted GitLab instances​

Running your own private GitLab instance? No problem. Now Mondoo can continuously scan your private GitLab instances, automatically discovering sub-groups, projects, and even IaC code in projects.

New and expanded Azure/MS365 resources​

New resources and fields expand the ability to secure and inventory your Microsoft cloud assets with Mondoo. We've exposed critical networking information in Azure as well as service principal and enterprise application data in Azure AD (now Microsoft Entra ID), giving you the data you need for custom security policies or compliance audits.

New Resources​

• azure.subscription.networkService.appSecurityGroup: Azure Network Application Security Group
• azure.subscription.networkService.backendAddressPool: Azure Network Backend Address Pool
• azure.subscription.networkService.bgpSettings: Azure Network BGP Settings
• azure.subscription.networkService.bgpSettings.ipConfigurationBgpPeeringAddress: Azure BGP Settings IP Configuration
• azure.subscription.networkService.firewall: Azure Network Firewall
• azure.subscription.networkService.firewall.applicationRule: Azure Network Firewall Application Rule
• azure.subscription.networkService.firewall.ipConfig: Azure Network Firewall IP Configuration
• azure.subscription.networkService.firewall.natRule: Azure Network Firewall NAT Rule
• azure.subscription.networkService.firewall.networkRule: Azure Network Firewall Network Rule
• azure.subscription.networkService.firewallPolicy: Azure Network Firewall Policy
• azure.subscription.networkService.frontendIpConfig: Azure Network Frontend IP Configuration
• azure.subscription.networkService.inboundNatPool: Azure Network Inbound NAT Pool
• azure.subscription.networkService.inboundNatRule: Azure Network Inbound NAT Rule
• azure.subscription.networkService.loadBalancer: Azure Network Load Balancer
• azure.subscription.networkService.loadBalancerRule: Azure Network Load Balancer Rule
• azure.subscription.networkService.natGateway: Azure Network NAT gateway
• azure.subscription.networkService.outboundRule: Azure Network Outbound Rule
• azure.subscription.networkService.probe: Azure Network Probe
• azure.subscription.networkService.subnet Azure Network Subnet
• azure.subscription.networkService.virtualNetwork: Azure Network Virtual Network
• azure.subscription.networkService.virtualNetworkGateway.connection: Azure Network Virtual Network Gateway Connection
• azure.subscription.networkService.virtualNetworkGateway.ipConfig: Azure Network Virtual Network Gateway IP Configuration
• azure.subscription.networkService.virtualNetworkGateway: Azure Network Virtual Network Gateway
• microsoft.serviceprincipal.assignment: Microsoft Service Principal Assignment

New microsoft.serviceprincipal fields​

• type: Service principal type
• name: Service principal name
• tags: Service principal tags
• enabled: Whether users can sign into the service principal (application)
• homepageUrl: Service principal homepage URL
• termsOfServiceUrl: Service principal terms of service URL
• replyUrls: Service principal reply URLs
• assignmentRequired: Whether users or other apps must be assigned to this service principal before using it
• visibleToUsers: Whether the service principal is visible to users
• notes: Service principal notes
• assignments: The list of assignments (users and groups) this service principal has

🧹 IMPROVEMENTS​

Expanded AWS resource fields​

We're back again this week with 25 new AWS resource fields, giving you the information you need to inventory and secure your assets:

aws.ec2.instance​

• vpcArn: The ARN of the VPC associated with the instance

aws.efs.filesystem​

• availabilityZone: Availability zone where the file system exists if a specific AZ is defined
• createdAt: Creation timestamp

aws.es.domains​

• elasticsearchVersion: The version of Elasticsearch running
• domainId: The Elasticsearch domain ID
• domainName: The Elasticsearch domain name

aws.secretsmanager.secrets​

• createdAt: Creation date of the secret
• description: Description of the secret
• lastChangedDate: The last date the secret was changed
• lastRotatedDate: The last date the secret was automatically rotated
• nextRotationDate: The date of the next secret rotation
• primaryRegion: The primary region of the secret
• rotationEnabled: Whether rotation is enabled for the secret

aws.redshift.clusters​

• availabilityZone: Availability zone where the cluster exists
• clusterRevisionNumber: Specific revision number of the database in the cluster
• clusterStatus: Current state of this cluster. Values: available, creating, deleting, rebooting, renaming, and resizing
• clusterSubnetGroupName: Name of the subnet group that is associated with the cluster
• clusterVersion: Version of the Redshift engine running on the cluster
• createdAt: Cluster creation timestamp
• dbName: Name of the initial database that was created when the cluster was created
• enhancedVpcRouting: Whether enhanced VPC routing is enabled for the cluster traffic
• masterUsername: Master user name for the cluster
• nextMaintenanceWindowStartTime: The next scheduled maintenance window
• numberOfNodes: The number of nodes in the cluster
• vpcId: The ID of the VPC where the cluster is running

New related property in terraform.block resource​

Discover all resources related to a given Terraform resource.

For example, given the following Terraform snippet:

resource "aws_iam_role" "dev-resources-iam-role" {
  name        = "SSM-role-${local.name}-${random_string.suffix.result}"
  # ...
}

resource "aws_iam_instance_profile" "dev-resources-iam-profile" {
  name = "ec2_ssm_profile-${local.name}-${random_string.suffix.result}"
  role = aws_iam_role.dev-resources-iam-role.name
  # ...
}

Using this MQL:

terraform.resources {
  nameLabel
  related {
    nameLabel
  }
}

We get:

terraform.resources: [
  0: {
    nameLabel: "aws_iam_instance_profile"
    related: [
      0: {
        nameLabel: "aws_iam_role"
      }
    ]
  }
  1: {
    nameLabel: "aws_iam_role"
    related: [
      0: {
        nameLabel: "aws_iam_instance_profile"
      }
    ]
  }
]

Improved results pagination​

The larger your infrastructure, the larger the results of your security scans. Now it's easier to navigate those large results no matter where you are in the Mondoo Console. We've reworked our results pagination to make it more consistent and to allow you show more results per page when you need to view those extra large data sets.

Expanded openSUSE Linux CVE data​

Mondoo now includes data on CVEs in openSUSE Linux 15.2 through the latest 15.6 pre-releases.

🐛 BUG FIXES AND UPDATES​

• Fix links from "Top Recommended Actions" on asset pages to go directly to check pages.
• Update multi-selection in CI/CD pages to match the updated design throughout the console.
• Fix inconsistent table header cell padding in the Compliance Hub pages.
• Improve rendering of the organization dashboards to prevent lines covering text.
• Fix asset name detection in cloud instances.
• Fix provider auto update CLI flag failures.
• Fix CIS Kubernetes policies to properly apply to kubelets.
• Fix CIS iptables checks to work with iptables >= 1.8.9 format.
• Fix failures running Kubernetes Cluster and Workload Security's "Pods should not run Kubernetes dashboard" query.
• Improve wording in the cnspec scan --help command and don't print duplicate providers.
• Fix failures running the aws.es.domains resource.
• Fix dns.fqdn not returning an FQDN when scanning the system via SSH or Vagrant.
• Avoid adding nil Terraform blocks when fetching related blocks.
• Fix errors fetching processes that would be printed on the command line.
• Fix cnspec scan to run a local scan like cnspec < 9.0.
• Provide a friendly error message when scanning unsupported Kubernetes API releases.
• Fix asset overview only showing the first available AWS tag.
• Add back missing Scan Overview section in the asset overview.
• Make sure AWS-specific information displays on the asset overview page for scanned instances.
• Improve the reliability of CIS sudo-related checks.
• Fix failures running the CIS Ensure default user umask is configured and Ensure default user umask is 027 or more restrictive checks on some distributions.
• Don't show the button to upload new policies or query packs if the user only has viewer privileges in the space.
• Add back the Audit section in asset check pages.

🥳 Mondoo 9.0 is out!​

This is a major new release with exciting improvements to cnquery and cnspec's extensibility.

This release includes a whole new cnquery and cnspec client, enhanced GitLab scanning, piles of new resource updates, and more!

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

All new cnspec and cnquery clients!​

Up to this point, both cnquery and cnspec had all connectors and providers built into one binary file each. This was great when we only had a few connectors and things were small. Recently, however, the binaries have exploded in size with every new technology that we added. Since both projects are designed to also run on small devices and embedded controllers, we wanted to change this approach for some time now.

This release includes entirely new binaries for cnquery and cnspec. Both are 90% smaller, re-usable, and extensible now!

1. Provider plugins

   When you connect to any technology (like AWS, Azure, K8s, etc) we now install a dedicated provider for that technology. This happens automatically for all core technologies we support:

   > cnquery run aws -c asset.name
   → installing provider 'aws' version=9.0.8
   → successfully installed aws provider path=/home/zero/.config/mondoo/providers/aws version=9.0.8
   → loaded configuration from /home/zero/.config/mondoo/mondoo.yml using source default
   asset.name: "AWS Account lunalectric-management (177043759486)"
   

   These provider plugins are shared between cnquery and cnspec. If you install any provider for cnquery, it is available to cnspec and vice versa.

2. Automatic updates

   Providers are automatically updated to the latest version of the current major release:

   ~ $> cnspec shell aws
   → found a new version for 'aws' provider installed=9.0.5 latest=9.0.8
   → successfully installed aws provider path=/home/zero/.config/mondoo/providers/aws version=9.0.8
   ...
   

   We avoid breaking changes during all major versions and will notify users of deprecations with a full major version of grace period, during which you can use deprecated features.

   For containers and restricted environments, you can turn off updates via --auto-update=false or auto_update: false in the config file. This will prevent existing providers from getting updated and prevent new providers from being installed.

   For example: If you install cnquery or cnspec on a container, you can pre-install all providers you aim to use with it. At the end of the build process you then deactivate the auto-update in the config file.

3. Custom providers

   You can view all providers via the providers subcommand:

   > cnquery providers
   
   → builtin (found 2 providers)
   
     core 9.0.1
     mock 9.0.0 with connectors: mock
   
   → /home/zero/.config/mondoo/providers (found 4 providers)
   
     aws 9.0.8 with connectors: aws
     azure 9.0.4 with connectors: azure
     gitlab 9.0.4 with connectors: gitlab
     os 9.0.8 with connectors: local, ssh, winrm, vagrant, container, docker, filesystem
   
   → /opt/mondoo/providers has no providers
   

   This command not only prints the current providers and versions, but it also shows the locations in which providers are installed.

   In the coming days we will share written and video guides on how to create your very own provider. In the meantime, feel free to check out cnquery's "providers" folder with lots of examples! All providers are distributed as binaries with a proto interface, so you can write them in Go or any other language with GRPC support.

   You can now create custom providers and install them everywhere you want to run them! This also includes restricted code that may use your company's internal APIs and which you don't want to publish. Mondoo will support the schema-upload shortly so you can see results in our UI without exposing any code.

Hassle-free asset discovery in GitLab scans​

We've removed the pain of manually discovering assets throughout your GitLab environment with new hassle-free asset discovery. The GitLab Mondoo Platform integration and the cnspec CLI now include options to automatically discover all GitLab projects, groups, and even Terraform files within your GitLab projects. Set it once and continuously scan your entire environment to secure your software supply chain and the Terraform files that define your infrastructure.

New cnspec GitLab discovery options:

cnspec scan gitlab --token TOKEN <- returns all groups the user has access to
cnspec scan gitlab --token TOKEN --discover groups <- returns the defined group and all subgroups of that group
cnspec scan gitlab --token TOKEN --discover projects <- returns all the projects discovered in all the groups the user has access to
cnspec scan gitlab --token TOKEN --discover terraform  <- returns all the Terraform files in all the projects discovered in all the groups the user has access to

Set asset annotations during client login​

Asset annotations let you add additional information on assets that can't necessarily be detected using Mondoo resources. Traditionally, these annotations have been set in the console on each asset page, but now you can automate setting annotations during the client registration process. This allows you to pass in data like employee workstation asset tags from an MDM solution.

Setting annotations during the client login:

cnspec login --token <token> --annotation assetid=MONDOO1234 --annotation location=PDX

🧹 IMPROVEMENTS​

New resources and resource fields​

What fun is a Mondoo release without new resources and fields to secure your infrastructure? For version 9.0, we went big with 46 new fields and resources. Stay tuned for updated policies and new asset inventory capabilities using some of these new additions.

aws.ec2.instance​

• New httpEndpoint property: Status of the IMDS endpoint enabled on the instance
• New stateTransitionTime property: Time when the last state transition occurred

aws.elb​

• New createdTime property: Date the load balancer was created
• New vpcID property: The ID of the VPC where the load balancer is located

aws.rds.dbInstances​

• Improve default values for use in cnquery shell
• New storageAllocated property: The amount of storage, in GiB, provisioned on the instance
• New storageIops property: The storage IOPS provisioned on the instance
• New storageType property: The type of storage provisioned on the instance
• New availabilityZone property: Availability zone where the instance exists
• New engineVersion property: The version of the database engine for this DB instance
• New createdTime property: The creation date of the RDS instance

aws.s3.bucket​

• New createdTime property: Date the bucket was created

aws.vpc​

• Fix routeTables to return the correct values for the VPC
• New cidrBlock property: IPv4 CIDR block of the VPC
• New instanceTenancy property: How instance hardware tenancy settings are enforced on instances launched in this VPC
• New endpoints subresource with additional fields:
  • id: Unique ID of the endpoint
  • type: Type of the endpoint
  • vpc: VPC the endpoint exists in
  • region: Region the VPC exists in
  • serviceName: The name of the endpoint service
  • policyDocument: The policy document associated with the endpoint, if applicable
  • subnets: The subnets for the (interface) endpoint
• New subnets subresource with additional fields:
  • arn: ARN of the subnet
  • id: Unique ID of the subnet
  • cidrs: A list of CIDR descriptions
  • mapPublicIpOnLaunch: Whether instances launched in this subnet receive a public IPv4 address

azure.subscription.monitorService.activityLog​

• New subscriptionId property: The subscription identifier

azure.subscription.monitorService.diagnosticsetting​

• New storageAccountId property: ID of the diagnostic setting storage account

azure.subscription.monitorService.logprofile​

• New storageAccountId property: ID of the log profile storage account

github.organization​

• New membersCanForkPrivateRepos property: Whether members can fork private repositories to their own GitHub account

github.repository​

• New hasDiscussions property: Whether the repository has discussions
• New isTemplate property: Whether the repository is an organization repository template

gitlab.project​

• New allowMergeOnSkippedPipeline property: Allow merging merge requests when a pipeline is skipped
• New archived property: Is the project archived?
• New autoDevopsEnabled property: Is the Auto DevOps feature enabled?
• New containerRegistryEnabled property: Is the container registry feature enabled?
• New createdAt property: Create date of the project
• New defaultBranch property: Default git branch
• New emailsDisabled property: Disable project email notifications
• New fullName property: The full name of the project, including the namespace
• New issuesEnabled property: Is the issues feature enabled?
• New mergeRequestsEnabled property: Is the merge request feature enabled?
• New mirror property: Is the project a mirror?
• New onlyAllowMergeIfAllDiscussionsAreResolved property: Only allow merging merge requests if all discussions are resolved
• New onlyAllowMergeIfPipelineSucceeds property: Only allow merging merge requests if the pipelines succeed
• New packagesEnabled property: Is the packages feature enabled?
• New requirementsEnabled property: Is the requirements feature enabled?
• New serviceDeskEnabled property: Is the Service Desk feature enabled?
• New snippetsEnabled property: Is the snippets feature enabled?
• New webURL property: URL of the project
• New wikiEnabled property: Is the wiki feature enabled?

gitlab.group​

• New emailsDisabled property: Disable group email notifications
• New preventForkingOutsideGroup property: Don't allow forking projects outside this group
• New mentionsDisabled property: Disable group mentions within issues and merge requests
• New webURL property: URL of the group

k8s.namespace​

• New kind property: Kubernetes object type

rsyslog.conf​

• New path property: Path for the main rsyslog file and search

terraform.settings​

• New backend property: Backend configuration information

Improved query packs​

• The Azure Asset Inventory Pack now includes a list of all public IP addresses in Azure subscriptions.
• The Mondoo Asset Count query pack now includes asset counts for all GCP and GitLab assets, including all new GCP assets discovered when scanning with the --discover all flag.

MQL improvements​

Mondoo 9.0 further improves MQL so you can more easily query assets in your environment and write custom security policies.

Simple accessors for unstructured data​

Accessing structures in JSON, Terraform, and Kubernetes has often been painful:

dict["one"]["more"]["field"]

To make it easier to access these nested fields, we've introduced a new optional syntax. This is well-known from other scripting languages (like JS and TS):

dict.one.more.field

This mode continues to support our GraphQL foundation:

dict {
  one { more.field }
  two
  ...
}

It has helped simplify many use-cases for Terraform and Kubernetes:

# OLD:
tfblock {
  _["attributes"]["account_id"]["value"]
}

# NEW:
tfblock {
  attributes.account_id.value
}

Empty type​

With the new empty type, there's no need for complex logic to check for different kinds of empty values. Each of these common situations evaluate as empty:

[] == empty
null == empty
'' == empty
{} == empty

A single query can now check for an empty value in any type of data:

users.list == empty

Expanded platform EOL data​

• Add Fedora 39: November 12, 2024
• Add Google COS 109: September 1, 2025

🐛 BUG FIXES AND UPDATES​

• Significantly improve querying time of ports on Linux systems. If you query ports without accessing its related process, it will now return in a fraction of the time. We are working to further speed this up for use-cases with related processes.
• Remove errors for files.find when no results were returned. Do not return an empty file object.
• Improve output of GCP resources in the cnquery shell.
• Resolve errors running the CIS Ensure default user shell timeout is 900 seconds or less check.
• Resolve errors running the CIS Ensure lockout for failed password attempts is configured check.
• Resolve errors running the CIS Ensure password hashing algorithm is SHA-512 or yescrypt check.
• Resolve errors running the CIS Ensure password reuse is limited check.
• Fix false positive in the CIS Ensure lockout for failed password attempts is configured check.
• Don't show buttons to accept a compliance exception if the user only has viewer privileges in the space.
• Don't show null at the end of compliance framework and control descriptions.
• Show the asset completion percentage on compliance control pages.
• Fix invalid CloudFormation links on the AWS integration page.
• Avoid repeatedly generating registration tokens in the organization/space page.
• Fix incorrect integrations listed on the Google Workspace integration page.
• Add missing label examples in the search page.
• Change all unknown and unrated check statuses to unscored.
• Improve the rendering of Compliance Hub control distribution graphs with large numbers of controls.
• In the registry, fix platform icons not displaying correctly for policies that use variants.
• Allow updating the GCP service account configuration file in GCP integrations.
• Fix scanning of untagged Amazon ECR images.
• Fix some check links in Compliance Hub not loading.
• Fix EC2 instance detection when IMDSv1 is disabled.

🥳 Mondoo 8.29 is out! This release includes improved table views, a new Inventory navbar item, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🧹 IMPROVEMENTS​

Improved UI tables​

At Mondoo we take pride in not just collecting security information, but also displaying it in a meaningful way. If you've been using the product long enough you may have noticed we've gone through many iterations of our table view. It never felt quite right, until we introduced the new table in Compliance Hub that lets you easily view, sort, and multi-select data without pull down menus or multiple clicks. This week the team revamped all of our existing views to update them with this improved UX. Give it a try and keep an eye out for pagination improvements coming soon!

Fleet is now Inventory​

When we first built Mondoo, the Fleet view was where you found all of your servers or workstations. As we expanded Mondoo to include Kubernetes workloads, cloud accounts, and even SaaS servers, this name made less sense. This week we renamed Fleet to Inventory to better represent Mondoo's cross-platform asset inventory capabilities. It's just a rename, but we think this will make it easier to jump right in and begin exploring all your inventory.

Fedora 39 vulnerability scanning​

Fedora 39 is right around the corner, with the first beta released this week. Not to be left behind we've added Fedora 39 vulnerability scanning to Mondoo, so fire up cnspec and keep that beta install secure.

Improved compliance control descriptions​

We've expanded the data that can be displayed in Compliance Control pages, so you'll always have all the details to keep your infrastructure secure. This new view includes improved description rendering and the ability to expand extra long descriptions.

🐛 BUG FIXES AND UPDATES​

• Reduce API usage for GitLab scans to avoid API rate-limiting.
• Avoid some authentication failures when scanning GitLab projects.
• Fix incorrect GitLab asset runtime values.
• Improve the usage instructions in the GitLab policy with project scanning instructions.
• Fix errors in the CIS Ensure GDM login banner is configured check when GDM files don't exist.
• Improve output of the CIS Ensure journald is not configured to receive logs from a remote client check.
• Add GitLab Group ID and Project ID to the asset configuration overview data.
• Fix failures loading certain assets in the console.
• Change the "Rational" sections in policies to "Rationale."
• Only run the Linux Workstation Security policy when xorg-xserver is installed to prevent it from evaluating servers.
• Update the registry to consistently refer to "query packs" as two words.
• Improve query descriptions in the Azure Asset Inventory Pack query pack.
• Remove a duplicate query from the Azure Asset Inventory Pack query pack.
• Fix some query pack and policy bundle categories/authors to make filtering in the registry more consistent.
• Support Rsyslog 7+ syntax in the CIS Ensure rsyslog is configured to send logs to a remote log host check.
• Don't display the Assets button in Kubernetes integration pages when no assets have been scanned.
• Allow updating the token in GitLab integrations.
• Don't display compliance control checkboxes when a user only has view permissions in a space.

🥳 Mondoo 8.28 is out! This release includes fine-grained GitLab scanning and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Fine grained scanning of GitLab assets​

Mondoo now offers more detailed scanning capabilities for GitLab assets. Instead of the previous single gitlab asset, Mondoo now provides separate gitlab-group and gitlab-project assets. When scanning your GitLab group, both cnspec and cnquery now automatically detect each project within your group. This enhanced granularity in asset scans improves the accuracy of scan results and allows for setting exceptions for specific projects.

 cnspec scan gitlab --group lunalectric
→ loaded configuration from /Users/luna/.config/mondoo/mondoo.yml using source default
→ using service account credentials
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=37
→ synchronize assets
 lunalectric / rockets_101         ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%
 lunalectric / oxygen_generator    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%
 lunalectric / space_cats          ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%
 lunalectric / rover_design        ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%
 lunalectric / human_habitats      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%
 ...

🧹 IMPROVEMENTS​

Runtime data in AWS Lambda function resource​

The aws.lambda.function MQL resource now includes a new runtime field that displays the runtime environment of the function. Thanks for this addition @mbainter!

🐛 BUG FIXES AND UPDATES​

• Fix a panic viewing some asset data in the asset resources tab.
• Add more user-friendly control titles to the SOC 2 compliance framework.
• Show 0% check completion instead of “Unknown” when appropriate in compliance controls.
• Automatically close the search box when results display.
• Fix hardware systems incorrectly identifying as Azure VMs in asset configuration data.
• Improve reliability of the CIS Ensure GDM login banner is configured check on RHEL based systems.
• Prevent errors in the CIS Ensure filesystem integrity is regularly checked check when the aide package is not installed.