🥳 Mondoo 9.3 is out! This release includes support for new Azure resources, updated macOS policies, and more!
🎉 NEW FEATURES
New Azure resources
- New resource
- New resource
- New resource
- New field
Updated Packer provider for Mondoo cnspec
Our Hashicorp Packer cnspec provisioner now uses cnspec 9.x, giving you access to the latest providers and resources directly in your OS image build pipelines.
Updated CIS macOS benchmark policies
Mondoo now ships with the latest macOS CIS benchmark policies, which include expanded remediation steps, improved descriptions, and more resilient queries:
- Updated macOS 11 benchmark version to 3.1
- Updated macOS 12 benchmark version to 2.1
- Updated macOS 13 benchmark version to 1.1
- New macOS 14 benchmark (preview) 1.0
Expanded compliance evidence gathering
We've revamped several of our bundled Mondoo policies with expanded descriptions, improved queries, and best of all, compliance mappings that help you automatically gather evidence no matter what the asset type:
- TLS/SSL Security Baseline
- Platform End-of-Life Policy
- Platform Vulnerability Policy
cnquery run --info flag
--info flag in cnquery allows you to see which resources and fields your MQL queries use.
For example, running this query against the sshd config:
cnquery run -c "sshd.config.params[Version] == mondoo.version" --info
Returns this list of resources and fields:
Resources and Fields used:
🐛 BUG FIXES AND UPDATES
- Fix failing ARN data queries on
- Fix asset names from local scans not reporting to the platform.
- Ensure some empty values in the
nullvalues instead of empty strings.
- Improve help text in cnspec and cnquery.
- Fix incorrect compliance check counts in controls.
- Replace the deprecated CIS Supply Chain Management benchmark policy with the CIS GitHub Level 1 benchmark policy.
- Add missing Atlassian provider help to cnspec and cnquery.
- Fix failures querying SCIM data in the Atlassian provider.
- Fix fetching a list of GitHub users in an organization.
- Use the GitLab group ID instead of name when fetching data to prevent some failure cases.
- Fix asset names not capturing properly for some Azure and GCP assets.
- Report friendly errors when the Atlassian provider does not have the necessary permissions to query data.
asset.typefield to EBS filesystem scans.
- Prevent query errors when a nonexistent registry key is queried.
- Ensure cnspec and cnquery use proxies for all traffic when specified.
- Properly display the asset platform in the status command.
- Fix failures retrieving secrets from vaults.
- Fix failures scanning some Kubernetes manifest files.
- Fix failures setting the AWS platform ID under some circumstances.
- Group Raspbian assets as operating systems in the console.
- Improve rendering of user avatars in the console.
- Use consistent table layouts in the Mondoo Vulnerability Database and the space invitation pages to better match other tables in the console.
- Save sorting and filtering options in the Mondoo Vulnerability Database when reloaded or bookmarked.
- Fix failures applying asset annotations passed on the command line.
- Improve errors from systemd when cnspec fails to start due to missing binaries or configuration files.
- Don't include the vulnerabilities section on the CLI for unsupported platforms.
- Update the policy generated by the
cnspec bundle initcommand to be cnspec 9.x compatible.
- Improve the query results in the Mondoo Kubernetes Cluster and Workload Security policy and remove unnecessary data queries.
- Improve SOC2 policy check mappings for CIS policies.
- Add support for macOS systems in the Platform End of Life policy.