158 posts tagged with "release"

🥳 Mondoo 11.0 is out! This release includes Firewatch, our new risk prioritization system!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Introducing Mondoo Firewatch​

Mondoo version 11 ships with our all-new Firewatch feature, which helps you to surface critical risks and prioritize the most important findings first.

Expose risks that compromise assets​

Not all security findings are created equal. With Firewatch, we combine contextual risks on the asset and downstream system exposure to elevate the most important findings first. Elevating risk allows you to move beyond the fire hose of security findings and instead fix the issues most likely to impact your business.

New views for advisories, CVEs, and assets show risk scores and factors to expose the importance of fixes for your infrastructure.

Dive deeper into individual risks with exposure and downstream impact information throughout the console.

Understand the impact of a fix​

It feels good to kill two birds with one stone. Findings in Mondoo now include a blast radius, so you can understand how many systems are impacted by a finding and resolve a large number of findings at once.

Prioritize findings with a whole new space experience​

Your time isn't limitless, so it's crucial to understand quickly the most important work to be done. In addition to our new risk scoring, we've reworked the UI to focus on the most critical issues first. The all-new space dashboard features a sunburst dial for navigating critical findings in your overall infrastructure, as well as ranked lists of both vulnerabilities and security findings.

Learn More​

For a deeper look at what we do and how it works, read our Firewatch blog post.

🔨 BREAKING CHANGES​

End of life for cnspec/cnquery 9.x​

With the release of cnspec and cnquery 11.0, we are no longer supporting our legacy 9.x releases. This does not mean your clients will immediately stop working. However, we will start updating policies to use new MQL capabilities introduced in version 10.0. These changes will improve the readability of queries as well as the scan output, but they are not compatible with older clients. If you need assistance with upgrading older clients, please reach out via our Support form.

New default JSON CLI output​

cnspec's --json flag now uses our updated json-2 output format by default. If you rely on the original JSON output, you can still set that using the --output json-2 flag.

🧹 IMPROVEMENTS​

Windows 11 compatibility policy​

Enable the new Windows 11 Compatibility policy to see if existing Windows workstations meet the hardware requirements for Windows 11. This policy includes several different checks for CPU, RAM, TPM, and hard drive space requirements. To learn more about these hardware requirements, read Microsoft's Windows 11 Specs & System Requirements page.

CIS Azure Foundations 2.1.0​

Mondoo now includes the latest CIS Azure Foundations 2.1.0 benchmarks. This new release of the policy includes 82 total updates, including 7 all-new checks and the removal of 8 checks that are no longer relevant.

Console performance improvements​

No one wants to wait for web pages to load. That's why we sprinkled some magical optimizations on how the console fetches space and asset data to make sure pages are always snappy to load.

Updated Mondoo Microsoft Azure Security policy​

We rewrote the Mondoo Microsoft Azure Security policy from the ground up with new and expanded queries that match the latest Azure capabilities, including Microsoft Entra ID.

Additional organization owner privileges​

Organization owners are no longer required to be space owners in order to remove users from a space.

🐛 BUG FIXES AND UPDATES​

• Skip CIS Linux checks for at and cron to skip if packages are not installed.
• Improve query output of CIS at and cron checks using variants.
• Update macOS policy to not fail if OS configuration files are missing.
• Improve memory usage when scanning large numbers of assets.
• Improve query output in the Mondoo HTTP policy.
• Improve reliability of VM scanning in Azure.
• Display check counts when a policy has over 100 checks.
• Add bread crumbs to check pages to take you back to the policy or security page.
• Sort scores on the asset pages from worst to best score.
• Improve the performance of the aws.cloudtrails.trail and aws.ec2.instance resources.

🥳 Mondoo 10.11 is out! This release includes Azure Container Registry scanning, expanded OS query packs, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Azure Container Registry scanning​

Mondoo now supports scanning Azure Container Registries (ACR) that require authentication using credentials stored after running the az login command.

To login and scan a complete registry run:

az login
cnspec scan container registry my_registry.azurecr.io

🧹 IMPROVEMENTS​

Collect logged-in users in query packs​

Windows, Linux, and macOS query packs now collect the currently logged-in users so you can understand active users on endpoints or remote connections to servers.

🐛 BUG FIXES AND UPDATES​

• Fix a failure running the users.all(sshkeys == empty) query.
• Don't panic when the scan play is set to 0.
• Ignore deactivated users in the Slack policy's multi-factor authentication (MFA) check. Thanks for this fix, @jaybrueder!
• Improve the AWS IAM user "MFA enabled" check to only check users with a set password.
• Fix the discovery of GCP organizations and folders.
• Improve the scan gcp help output.
• Improve failure output when a CLI command can't be parsed in the GCP provider.
• Fix 403 errors when scanning GCP.
• Fix failures scanning container registries.
• Dont print the asset MRN when running cnspec scans.
• Improve snapshot filesystem type detection.
• Fix failures scanning Google BigQuery assets.
• Improve retries during AWS scanning when requests timeout.
• Fix failures scanning Amazon ECR container registries.

🥳 Mondoo 10.10 is out! This release includes XZ Utils vulnerability detection, expanded AWS asset inventory, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

XZ Utils Vulnerability policy​

The recent XZ supply chain attack in XZ 5.6.0 and 5.6.1 (CVE-2024–3094) thankfully didn't make it into any mainstream enterprise Linux distributions. There's still a significant risk if employees are running rolling distributions or pre-releases of upcoming Linux distros. To quickly evaluate your CVE-2024–3094 exposure, we've created a new XZ Vulnerability (CVE-2024–3094) policy that looks for XZ 5.6.0/5.6.1 on impacted Linux releases:

• Alpine
• Arch
• Debian trixie/sid
• Fedora 40
• Kali 2024.1
• openSUSE Tumbleweed

🧹 IMPROVEMENTS​

Improved AWS asset overview information​

Get the context you need to resolve security findings quickly with expanded overview information on AWS assets:

• Volume size on EBS volumes and snapshots
• Database engine version on RDS instances
• Storage size and type on RDS instances
• Table size on DynamoDB tables
• Retention time on CloudWatch log groups

Expanded Endpoint Detection and Response policy support​

Detect the ESET EDR in the Endpoint Detection and Response (EDR) policy.

New Terraform checks in CIS GCP Foundation policy​

Flag critical security misconfigurations before they ever run in your infrastructure with expanded Terraform config checks in the CIS Google Cloud Platform Foundation policy. New checks evaluate Terraform configs for proper GCP uniform bucket level access setup.

Fedora 40 EOL/CVE detection​

The Fedora 40 beta is now available for testing, and Mondoo is ready with CVE and EOL detection for this upcoming Linux release. Keep your test systems safe from critical vulnerabilities such as the compromised XZ release (CVE-2024–3094) that originally shipped in this beta.

Resource improvements​

aws.autoscaling.groups​

• Improve resource default values
• New availabilityZones field
• New capacityRebalance field
• New defaultInstanceWarmup field
• New desiredCapacity field
• New instances field
• New maxInstanceLifetime field

aws.cloudfront.distributions​

• New cnames field

🐛 BUG FIXES AND UPDATES​

• Improve performance of AWS cloud detection.
• Fix Windows policies with multi-language support to rely on the system language instead of the locale.
• Simplify the Linux server installation instructions.
• Support vulnerability scanning of RPMs with a ^ symbol in the name.
• Update additional CIS GCP Foundations checks to work against Terraform configs.
• Fix the CIS VMware ESXi 6.7 Benchmark - Corporate/Enterprise Environment policy to only apply to VMware 6.

🥳 Mondoo 10.9 is out! This release includes CVE remediation automation, detection of remote exploits in your infra, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Automate your CVE remediation​

Let Mondoo do the heavy lifting when it comes to remediating critical software vulnerabilities in your infrastructure with new Ansible and Bash remediation scripts to accelerate the patching of systems.

Expose remote exploits in your infrastructure​

With the new "Remote execution" risk for CVEs and advisories, you can now prioritize and patch the highest risks to your business before attackers find them. Mondoo lets you sort by CVEs and vendor advisories that are known to be susceptible to remote code execution over the network.

🧹 IMPROVEMENTS​

Resource improvements​

asset​

• New field annotations.

aws.iam.policies​

• Fix parsing data in attachedRoles field.

aws.rds.dbcluster​

• New field hostedZoneId.
• New field latestRestorableTime.
• New field masterUsername.

aws.rds.dbinstance​

• New field latestRestorableTime.
• New field masterUsername.

Ansible scan interval / splay settings​

Control the scan interval and splay settings for Mondoo clients set up with the Mondoo Ansible role using new splay and timer variables.

Learn more in our all new Ansible docs!

Signed providers on Windows​

Is it an advanced security product or a virus? It turns out that sometimes your endpoint protection software can't tell the difference. To help, we're signing all Mondoo providers to prevent tools flagging providers as potentially malicious software.

Friendly messages for space viewers in Kubernetes integrations​

Want to take a peak at the configuration of Kubernetes integrations, but you only have the viewer permissions on the space? No worries. Kubernetes integration pages now show friendly messages when service account information is unavailable due to a lack of permissions. Stay curious.

🐛 BUG FIXES AND UPDATES​

• Collect running kernel in SBOMs.
• Don't fail if a Linux process is running under a user that has been deleted.
• Fix AWS instances failing to scan via SSM in the Lambda integration.
• Improve network security group checks in the CIS Azure Foundation benchmark policy to ignore case and better target the security rules.
• Update CIS benchmarks for AlmaLinux, Rocky Linux, and Oracle Linux to skip GDM checks on headless systems.
• Display the Terraform logo for the Terraform Asset Inventory Pack.
• Display the Windows logo instead of the Microsoft 365 logo for all Windows desktop CIS policies.
• Improve Azure Pipeline setup examples in the console.
• Show labels on the asset overview when an asset is unscored.
• Update instructions and documentation links in Azure integration to match the latest Microsoft Entra ID pages.
• Improve AWS integration error messages in the console.
• Prevent multiple AWS scan requests from running at once in the AWS integration.
• Fix incorrect links in Red Hat advisories.
• Fix newer vendor advisories showing as unscored when the attached CVEs have no score.
• Improvements to Okta and Azure SCIM 2.0 support.
• Fix scanning of Docker images that are not on the system.
• Fix fetching of Microsoft 365 groups when there are a large number of groups in Entra ID.
• Fix scanning of private images in Kubernetes clusters.
• Improve performance in the tls.certificate resource.

🥳 Mondoo 10.8 is out! This release includes a NIST CSF 2.0 compliance, Okta and Entra ID SCIM, expanded policies, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Okta and Microsoft Entra ID SCIM 2.0 support​

There's nothing worse than the endless stream of tickets to add, remove, or change user access to SaaS services. Now, with Okta and Microsoft Entra ID SCIM 2.0 support in Mondoo private instances, that's a thing of the past. Sync your users and groups automatically so the right users always have the proper access, keeping your auditors happy without a ticket in sight. Did that big budget increase finally allow you to expand your security team? Automatically provision access for your new team members as they start. Time to promote an engineer into management to wrangle your growing team? Automatically provide that employee with the appropriate administrative access to Mondoo spaces and organizations. Contact your support representative to learn more about enabling SCIM 2.0 support, including automated deployment options with the Mondoo Terraform provider.

NIST Cybersecurity Framework (CSF) 2.0 support​

Automatically track your compliance against the newly released NIST Cybersecurity Framework (CSF) 2.0. With CIS benchmark checks automatically mapped to the 104 new CSF 2.0 controls, you can enable policies and watch the results flow in showing where you stack up against these updated NIST recommendations.

🧹 IMPROVEMENTS​

Resource improvements​

gcp.project.computeService.attachedDisk​

• Add a new source field.

AWS Resources​

• Improve handling of integer values in AWS. Fields representing maximum/minimum values, such as aws.cloudfront.distribution.origin.connectionTimeout, now return 0 when no value has been set. When a field represents a port value, such as aws.rds.dbInstance.port, Mondoo now represents unset values as -1.

Expanded CIS GCP Foundations policy​

Catch security problems before they reach production without the need for multiple tools and security policies. New Terraform variants in the CIS GCP Foundations benchmark policy provide a single check for both running GCP assets and the Terraform code that generates those assets. Learn more about securing Terraform code using Mondoo in the Mondoo docs.

New CLI flags for inventory files​

New simpler command line flags make it clearer how to use inventory files with cnspec and how to specify different inventory formats:

• --inventory-file string: Set the path to the inventory file.
• --inventory-format-ansible: Set the inventory format to Ansible.
• --inventory-format-domainlist: Set the inventory format to domain list.

Additional package data in SBOMs​

SBOM files generated with cnquery sbom now include each installed package's origin and architecture data.

Improved AWS instance naming / tagging​

AWS instances scanned with SSM or through the Mondoo Platform AWS integration include new configuration information to make them easier to find and understand:

• Asset names now use the AWS instance name (if the instance has a name)
• New mondoo.com/parent-id, mondoo.com/instance-id, and mondoo.com/ssm-connection labels display on each AWS instance asset.

Wolfi container package detection​

Expose package information in Chainguard's Wolfi "un-distribution" with support for Wolfi's APK packages:

cnquery shell container image cgr.dev/chainguard/caddy
→ connected to Wolfi
  ___ _ __   __ _ _   _  ___ _ __ _   _
 / __| '_ \ / _` | | | |/ _ \ '__| | | |
| (__| | | | (_| | |_| |  __/ |  | |_| |
 \___|_| |_|\__, |\__,_|\___|_|   \__, |
  mondoo™      |_|                |___/  interactive shell

cnquery> packages
packages.list: [
  0: package name="ca-certificates-bundle" version="1708982311:20240226-r0"
  1: package name="caddy" version="1710420294:2.7.6-r4"
  2: package name="wolfi-baselayout" version="1701735113:20230201-r7"
]

🐛 BUG FIXES AND UPDATES​

• Rename the spaces Overview page to Dashboard.
• Rename the Security and Vulnerability Dashboard pages to be Overview.
• Resolve failures scanning Amazon ECR.
• Add missing description and remediation step in NSA PowerShell: Security Measures to Use and Embrace policy.
• Update searches on the space page to be case-insensitive.
• Improve reliability of queries in the CIS Azure Foundations and AWS Operational Best Practices policies.
• Remove any pending space invites if the inviter no longer has the necessary privileges to invite users.
• Fix failures loading software pages on an asset due to duplicate discovered packages.
• When an Ansible inventory file is malformed, display an error message instead of returning 0 assets.
• Support generating Ubuntu CPEs in SBOMs on the upcoming Ubuntu 24.04 release.
• Fix failures scanning AWS instances from the AWS integration.
• Improve checks for LAPS on Windows assets in CIS/BSI policies.
• Improve checks for anonymous pipe access on Windows assets to account for differences between domain controllers and domain member servers.
• Improve the descriptions and remediation text in the AWS Operational Best Practices policies.

🥳 Mondoo 10.7 is out! This release includes vendor advisory links, improved CLI scanning, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🧹 IMPROVEMENTS​

Show numeric asset scores in the CLI​

Understand your precise scores in the cnspec CLI with new numeric score values in addition to A-F scores.

Add specific vendor advisory sources​

Jump right to the source with new direct links to vendor advisories on software advisory pages.

Improved AWS integration troubleshooting​

Failures happen, so let's get to the root cause faster with new troubleshooting options for AWS integrations. The ... menu in the AWS integrations pages now includes new options that:

• Force an update of the Lambda code powering the integration
• Send diagnostics logs directly to Mondoo

Kubernetes scanning performance improvements​

We introduced a new mechanism to reduce the number of calls made during asset discovery. This is especially helpful when scanning larger Kubernetes clusters. It lets cnquery and cnspec incrementally scan every asset one by one without having to scan all of them initially. This performance improvement not only drastically cuts the execution time, it also eliminates the need for reading container images twice from the system, cutting down on I/O load.

This improvement is automatically enabled for new workloads. We currently support it for container images and plan to extend it to other workloads with costly discovery steps in the future.

🐛 BUG FIXES AND UPDATES​

• Fix failures to detect vulnerable versions of system-wide Visual Studio Code installations on Windows.
• Fix incorrect pluralization on the assets page.
• Fix incorrect source links for Debian, Chrome, and Firefox vulnerabilities and advisories.
• Fix detection of some newer VMware advisories.
• Fix macOS systems displaying a low vulnerability score but no CVEs or advisories.
• Add missing available package data when scanning for vulnerabilities on the command line.
• Fix failures scanning systems with the command line --incognito flag.
• Add missing first-found data to the asset software tab.
• Respect the --output flag when running cnspec vuln.
• Improve the disk/memory usage of container image scans on large Kubernetes clusters.
• Fix duplicate AWS instance scans.
• Add support for VMware vSphere/ESXi 8.0U2b vulnerability scanning.
• Don't show the service accounts button when a Kubernetes integration is still pending.
• Show "unknown" instead of "0.0" when a CVSS score has not been published.
• Don't show an empty CVSS score section on vulnerability pages if they have not been published.
• Improve the display of vendor icons in the asset software tab.
• Add tooltips to check status icons in Compliance Hub.
• Fix failures scanning GCP if resources can't be discovered.
• Improve the display of installed memory on Windows assets.
• Add macOS model detection for new M3 MacBook Air laptops.
• Improve check reliability in the AWS Operation Best Practices policies.

🥳 Mondoo 10.6 is out! This release includes a new EDR policy, policy filtering, additional MQL capabilities, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Filter policies on assets​

Asset policy pages now include filtering by policy types and scores so you can see exactly what policies are applied and where failures are occurring.

Data type conversion MQL helpers​

New MQL helpers allow you to quickly convert data to the right format for your custom checks and data queries.

> int(1.23)
1

> bool(1)
true

> float(12)
12

> string(1.89)
"1.89"

> regex("w.r.d") == "world 🌎"
/w.r.d/

Endpoint detection and response (EDR) policy​

Ensure critical employee endpoints have endpoint detection and response (EDR) software installed and running with our new Endpoint Detection and Response (EDR) policy. This policy checks to see if SentinelOne or CrowdStrike are installed on macOS, Linux, and Windows systems.

Open source Mondoo documentation​

Do typos in documentation keep you up at night like they do for me? We open sourced our documentation so you can fix that problem and get some sleep.

Check out our new public repo at github.com/mondoohq/docs for instructions on how to contribute fixes and improvements.

🧹 IMPROVEMENTS​

Resource improvements​

aws.cloudtrail.trails​

• Add support for advanced selectors in the eventSelectors field.

aws.config​

• Add new deliveryChannels field.

aws.config.deliverychannel​

• Add a new resource with fields representing an individual AWS Config delivery channel configured within an account.

aws.iam.role​

• Add new assumeRolePolicyDocument field.

package​

• Add new originVersion field on Debian Linux-based assets.
• Include version data in the origin field for source packages on Debian Linux-based assets.

Filter AWS scans by region​

Filter cnspec command line scans by AWS region with new filter options:

cnspec scan aws --filters all:region=us-east-2
cnspec scan aws --filters region=us-east-2
cnspec scan aws --filters ec2:region=us-east-2

Thanks for this great contribution @montera82!

Updated policy check impact scores​

Prioritize the most important checks first with newly adjusted check priorities for CIS Linux distribution policies. These improved scores ensure that only the most important checks are listed as failures, so you can more easily prioritize critical work.

Improved AWS policies​

Both the CIS AWS Foundations benchmark policy and the various AWS Best Practices policies have seen major refactoring. These changes include improved queries and result output as well as new descriptions and remediation data. Stay tuned for more updates as we refactor all queries in these policies to use the latest MQL resources and helpers.

🐛 BUG FIXES AND UPDATES​

• Improve reliability of fetching CVE data for assets.
• Only show unresolved CVEs in the asset CVE list.
• Fix package CVE false positives for some Debian packages.
• Fix CVEs not showing after the first asset scan.
• Fix failures scanning a GitHub organization if the supplied token cannot access all repositories.
• Only show the options to add new integrations when the user has the appropriate permissions for the space.
• Change documentation links in the console to go directly to Mondoo Platform documentation.
• Improve how space owners are listed in the Organization dashboard's CVE list.
• Fix policy recommendations during the Kubernetes integration setup.
• Show EPSS scores with a single decimal point in all locations.
• Don't fail scanning if the location of an S3 bucket cannot be determined.
• Return more than 100 Microsoft 365 users in queries.
• Improve output of the "Ensure macOS is up to date" check in the macOS Security policy.
• Distinguish between domain controllers and member servers in Windows Security policy checks.
• Improve empty states for software, CVE, and advisory asset page tabs.
• Improve rendering of columns in the asset page's Advisories tab.
• Enforce a max session time of 1 day in the console for added security.
• Don't include the legacy Platform Vulnerability Policy in asset policy counts.
• Improve wrapping of long asset names on narrow screens.
• Don't include "unknown" integrations in the organization dashboard integrations list.
• Add missing impact scores to the CIS AIX benchmark policies.

🥳 Mondoo 10.5 is out! This release includes improvements to the software CVE experience, performance, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🧹 IMPROVEMENTS​

Improved software vulnerability experience​

Find critically outdated software faster with the improved asset software tab. New quick filter buttons let you select between OS packages and applications. Badges help you narrow down risk with EPSS/CVSS3 scores.

Resource improvements​

aws.config.recorder​

• New resourceTypes field

aws.vpc.flowlog​

• New destinationType field
• New deliverLogsStatus field

Control scanning during registration​

Control the configuration of the cnspec service during client registration with new timer and splay flags in the cnspec login command.

Configure the cnspec service to scan every 30 minutes with a 5 minute splay:

cnspec login --token MY_TOKEN --timer 30 --splay 5

Performance​

The same great scans, just MUCH, MUCH faster. This week we shuffled around the bits to make GitHub organization scans 5x faster and Azure subscription scans 3x faster.

🐛 BUG FIXES AND UPDATES​

• Detect tags on AWS instances scanned with SSM.
• Ensure that AWS instances scanned with SSM are grouped under AWS in inventory.
• Resolve a potential failure scanning GitLab.
• Improve failure output in the CIS AWS Foundations benchmark policy.
• Improve CIS Distribution Linux benchmark policy when running on Photon OS.
• Prevent EC2 instance scans from creating double instances in some situations.
• Fix links to PostgreSQL integration documentation in the integration setup flow.
• Display correct query pack names for asset data queries.
• Improve rendering of policies on the asset page with wide displays.
• Fix usage of the --discover flag in the GitHub provider.
• Fix failures selecting an asset in cnquery shell if there is only a single asset.
• Don't fail checking IP addresses if both IPv4 and IPv6 are disabled.
• Fix a failure scanning VMware vSphere assets.
• Improve reliability of OOM reporting in the Kubernetes integration pages.
• Improve field handling in the organization creation modal when using keyboard navigation.
• Fix policy filtering on assets to show all checks for a policy.
• Improve reliability of fetching CVE data for assets.
• Add vendor icons to the advisories view.

🥳 Mondoo 10.4 is out! This release includes improved VMware CVE detection, NPM package detection, performance improvements, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🧹 IMPROVEMENTS​

VMware vSphere advisory & CVE detection​

Improved VMware vSphere advisory and CVE detection ensures you always have the latest advisories and CVEs flagged on both ESXi and vSphere assets.

Resource Updates​

aws.cloudtrail​

• New cloudWatchLogsLogGroupArn field

gcp.project.pubsubService.snapshot​

• Fix fetching the expiration field

npm.packages​

• New resource for fetching NPM packages installed on an asset

packages​

• New files field
• New cpe field on Windows assets

Performance improvements​

Who doesn't like getting something for free? With Mondoo 10.4, you get your scan results not only faster, but using significantly less memory at the same time. In testing with large asset scans, memory usage has dropped from ~950MB to just ~200MB, while scan times were cut in half.

Save SBOMs to disk​

Export SBOMs to a file with a new --output-target flag:

$ cnquery sbom docker debian:12 -o cyclonedx-json --output-target debian-12.json
→ discover related assets for 1 asset(s)

 debian:12 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%

$ head debian-12.json
{
  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.5",
  "serialNumber": "urn:uuid:1685df36-e3f4-4174-b469-6bd9974a8c41",
  "version": 1,
  "metadata": {
    "timestamp": "2024-02-20T10:49:41-08:00",
    "tools": {
      "components": [

New Azure snapshot scanning options​

New options for Azure snapshot scanning give you additional control over how Mondoo performs the scan:

• Skip the cleanup and instead rely on Azure to perform the cleanup with a new --skip-snapshot-cleanup flag.
• Scan snapshots that have already been attached to the VM with new --skip-snapshot-setup and --lun flags.

Expanded NIST 800 compliance evidence​

AWS NIST Best Practices policies now feed directly into Compliance Hub, so NIST security findings can be part of your automatic evidence gathering for audits.

🐛 BUG FIXES AND UPDATES​

• Fix failures scanning container images.
• Fix fetching CPEs on VMware platforms.
• Display the correct SSH keys when remotely scanning hosts.
• Fix failures in the EOL policy and improve output when a system approaches EOL.
• Show just the severity icon for vulnerabilities instead of severity and scan result.
• Fix failures running the shell and run commands.
• Improve reliability of console results pagination.
• Fix failures scanning Microsoft 365 and GitHub assets.
• Improve display of scan results in Azure and Microsoft 365 when the result is nil.
• Improve scan results output in the CIS AWS Foundations and Microsoft 365 Foundations benchmarks.
• Don't error if a Kubernetes container cannot be discovered.
• Add a property to the CIS AWS Foundations benchmark to allow controlling which ports are blocked on instances.
• Improve rendering of the asset page on wide displays.
• Fix incorrect CVE detection in .NET Runtime.
• Prevent empty titles in CVEs when the published CVE is incomplete.

🥳 Mondoo 10.3 is out! This release includes Microsoft application vulnerability detection, expanded EOL/CVE detection, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Microsoft application CVE detection​

Expose additional critical vulnerabilities on your workstations and servers with new application vulnerability detection for Microsoft Edge, .NET Framework, and Visual Studio Code. Mondoo automatically flags vulnerable releases on the asset's Software tab. Links to relevant CVEs and Microsoft KB advisories help you understand the risk of outdated software releases in your environment.

🧹 IMPROVEMENTS​

Paginate affected assets​

Have thousands of systems impacted by a security check? No problem with new asset pagination on the security check pages.

Performance improvements​

We refactored how Mondoo initiates scans, compiles CVE data, and executes the shell to make sure you get the best security results without waiting.

Reverse IP Lookup PTR record check in the Email Security policy​

Gmail now requires a reverse IP Lookup PTR record for your domain to accept emails. The Mondoo Email Security policy now includes a new "Ensure Reverse IP Lookup PTR record is set (DNS Forward confirmed)" check so you can validate your domain is ready for these new stringent Gmail requirements.

Vulnerability data on Pop!_OS​

Mondoo now supports CVE detection for Pop!_OS, the Ubuntu-derived distribution for System76 laptops.

Ubuntu 24.04 EOL and CVE support​

Mondoo now detects the EOL date for the upcoming Ubuntu 24.04 release as well as package CVE data. The Ubuntu release doesn't come out until April, but this way you'll be secure from day one.

🐛 BUG FIXES AND UPDATES​

• Simplify the description of EPSS data in CVE/Advisory console pages.
• Fix fields not displaying correctly in the vulnmgmt.cves resource.
• Fix querying CloudWatch metrics alarms where the SNS topic does not exist in the aws.cloudtrail.trails resource.
• Add a friendly error message when the aws.cloudtrail resource is called without an ARN.
• Don't report the core provider as needing to be updated.
• Fix failures parsing time values in some AWS resources.
• Fix dict value parsing in the gcp.buckets resource.
• Remove duplicate Jira resource autocompletion in the shell.
• Improve light mode in the registry and asset filters.
• Add an empty state to the asset insights when no policies or vulnerability data are available.
• Show an empty state for data queries when the scan result is an empty string, nil value, or 0.
• Prevent empty titles in Microsoft KBs.
• Fix scanning of AWS instances using SSM when the instance lacks tar.
• Improve remediation instructions in the Google Cloud (GCP) Security policy.
• Fix missing severities in some Scientific Linux security advisories.
• Support RHEL-based distributions in the CIS Distribution Independent Linux Ensure updates, patches, and additional security software are installed check.
• Improve query output and reliability in the CIS Amazon Web Services (AWS) Foundations Benchmark and AWS Best Practices policies.
• Update Amazon 2023 and Fedora 38/39 EOL dates to reflect updated dates.
• Fix CVE detection for some packages on Ubuntu 23.10.
• Improve example cnspec/cnquery commands in the console.
• Fix fetching policies from the public registry.
• Fix failures in the CIS "Ensure journald service is enabled" check.
• Improve the check reliability and output in the CIS AWS Foundations policy.