🥳 Mondoo 6.15 is out! This release includes a whole new fleet UI and new CIS Kubernetes policies!
All New Fleet View Experience
Problem: You have hundreds or thousands of assets in Mondoo. Finding types of systems and understanding the relationships between assets is difficult.
Solution We added a whole new fleet view experience to Mondoo that groups your assets by type. You can quickly assess the security of different elements in your infrastructure and grasp interconnected security relationships.
CIS AKS and GKE Benchmarks
Problem: You want secure your AKS and GKE clusters and workloads.
Solution: Mondoo now includes CIS Level 1 and 2 benchmarks for both Azure Kubernetes Service (AKS) and Google Kubernetes Engine (GKE). These policies include critical controls for securing your cluster nodes and cluster workloads.
Scan All Kubernetes Resources in Manifests
Problem: You need to scan each Kubernetes resource in your manifests as an individual asset in Mondoo so you can apply the new Mondoo Kubernetes Security and Best Practices policies.
Solution: Mondoo scans now respect the
--discover all command line flag when scanning local manifests. This lets you scan individual Kubernetes resources and even the containers defined in your manifests.
Quickly Find Kubernetes Operator Scanned Assets
Problem: You set up your Kubernetes Mondoo integration and now you want to view the discovered assets.
Solution: We added a new
See Your Asset Scores link in the Kubernetes Integration pages that takes you right to all the assets discovered by the Mondoo Operator.
Priorities in Kubernetes Policies
Problem: You've scanned your Kubernetes cluster, and there's a mountain of work to do. Where should you start?
Solution: We've added priorities to the controls in CIS and Mondoo Kubernetes policies. You can now sort your scan results by priority and tackle the most important security issues first.
mondoo shell and
mondoo exec Experiences
Problem: Mondoo 6.0 introduced new simpler command syntax and it's been so great that now you can't remember the old syntax when you run
mondoo shell or
Solution: We've updated
mondoo shell and
mondoo exec to use the same simpler syntax as
mondoo scan. No more
-t flag or
:// format. Just run
mondoo shell TRANSPORT_NAME.
Expanded and Improved CIS Kubernetes Policy
We've made several improvements to the vanilla CIS Kubernetes Level 1 and 2 policies for Master and Worker Nodes. Many controls previously marked as
not implemented are now implemented and all file permission controls now pass when permissions are more secure than those required by CIS.