Skip to main content

Mondoo 8.21 is out!

Β· 3 min read
Mondoo Core Team

πŸ₯³ Mondoo 8.21 is out! This release includes loads of new CIS policies, performance improvements, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container


New CIS policies for OCI, OpenShift, and Amazon 2023​

We've been busy pulling in the latest CIS policies for your growing infrastructure, with five new policies this week to help you secure the latest platforms:

  • CIS Red Hat OpenShift Container Platform v4 Benchmark - Level 1
  • CIS Red Hat OpenShift Container Platform v4 Benchmark - Level 2
  • CIS Amazon 2023 Benchmark - Level 1
  • CIS Amazon 2023 Benchmark - Level 2
  • CIS Oracle Cloud Infrastructure Foundation Benchmark - Level 1


Improved policy formatting​

The cnspec bundle lint command has seen improvements to better handle multi-line queries. These queries will now automatically format on individual lines so you can more easily read your policies.


mql: "users.where(\n  shell.contains(\"nologin\") == false && shell.contains(\"false\") == false\n  && name != \"sync\" && name != \"shutdown\" && name != \"halt\" \n).list {\n  file(home) {exists}\n}\n"


mql: |
shell.contains("nologin") == false && shell.contains("false") == false
&& name != "sync" && name != "shutdown" && name != "halt"
).list {
file(home) {exists}

Improved performance​

Who doesn't like getting the same thing, only faster? We optimized how we deliver policy data from Mondoo Platform to our clients to make your scans even quicker. Expect to save around 1.5 seconds on each scan. We hope you make the best of this time windfall.


  • Accept Jira project IDs in any case.
  • Suggest CIS GitHub Benchmark policy after setting up a GitHub integration.
  • Show Debian 11/12 security update repository packages in CVE scan results.
  • Fix assets failing to load in the console under some circumstances.
  • Fix CIS Amazon Linux 2 benchmark policies incorrectly applying to Amazon Linux 2023 hosts.
  • Fix failures when EBS volume scanning Amazon 2023 instances.
  • Fix Oracle Linux 8/9 vulnerability scans showing already installed updates for some packages.
  • Fix typos in the Okta Organization Security policy’s query UIDs. Thanks @moeterich.
  • Improve reliability of data exports when data is malformed.
  • Improve reliability of queries in CIS Windows Benchmark policies.
  • Improve reliability of the chrony and timesyncd checks in the Operational Best Practices for Time Synchronization policy.
  • Improve Jira host validation during the integration setup.
  • Improve policy search results in the registry.
  • Improve consistency of CIS benchmark names and query UIDs.
  • Improve queries in CIS Kubernetes Benchmark policies.
  • Rework CIS policies to include groups for better display in the registry.
  • Show an error if a policy cannot be removed from the registry.