Releases

ICYMI: Mondoo Release Highlights for May 2022

Welcome to the May 2022 recap of Mondoo releases.

mondoo-may-2022

We hit a major milestone in May: Mondoo version 6! For important information about changes in the release, see the Mondoo 6 Release Notes.

We have a lot of exciting changes to share from our work in May:

New asset views

Policies tab

Platform Vulnerabilities tab

Kubernetes integrations​

Kubernetes custom resources support in MQL

New CI/CD views and improved CI/CD integration

New CI/CD views

Automatic client detection

Streamlined exit codes

Command line interface improvements

Providers in the Mondoo CLI scan

CLI report overhaul

EU region support

AWS integration improvements

Mondoo in the GitHub Marketplace​

Policy updates

MQL improvement

New asset views

We’ve enhanced the way we visually present the individual assets in your fleet. To explore the new user experience, select any asset.

Mondoo v6 - Asset View

Mondoo now provides a comprehensive overview of the asset’s status at a glance. You see the overall score on the left and, beside that, the score distribution across policies. On the right is a distribution of controls (rules in a policy), arranged by priority. This provides a quick assessment of the critical controls that either fail or have errors.

Below the asset summary are tabs to explore the asset in detail. We’ve made exciting changes to two tabs in the past month: Policies and Platform Vulnerabilities.

Policies tab

The first tab (shown above) shows an overview of all policies that Mondoo applies to this asset and the current summary scores it gives the asset. You can drill down into any of these policies to see a detailed breakdown of controls and their statuses.

Platform Vulnerabilities tab

For most assets, Mondoo provides a detailed and interactive vulnerability analysis.

Mondoo v6 - Platform Vulnerabilities

Select the packages, advisories, and CVEs views, which provide different perspectives on current vulnerabilities:

  • Vulnerable Packages lists the most impactful components you need to update in order to fix these vulnerabilities.
  • CVEs gives security specialists a breakdown of all the detected vulnerabilities.
  • Advisories shows the vendor announcements that connect the packages and vulnerabilities.

Right now, the Mondoo team is developing more asset view changes that will help you prioritize issues and take action. Stay tuned!

Kubernetes integrations​

With the Mondoo Kubernetes Operator, you can now continuously validate your deployed workloads and assess the configuration and security of the nodes running your kubelets. When you couple this with the Mondoo Admission Controller and Mondoo's support for scanning Kubernetes manifests in the CI/CD pipeline, you have a complete solution for securing Kubernetes from commit to production.

Mondoo k8s integration

Kubernetes custom resources support in MQL

We’ve made Kubernetes custom resources available in MQL. These make it easier to inspect Kubernetes installations in MQL. Find them under the k8s.customresource keyword.

Mondoo k8s.customresource

New CI/CD views and improved CI/CD integration

Many of our May enhancements focus on integrating Mondoo with your CI/CD flow.

Find and fix the security risks that pose the biggest threat to your business.

New CI/CD views

To help you better visualize scans of CI/CD pipelines, we've added new, specialized views to the Mondoo Console. Of course, Mondoo already lets you scan infrastructure artifacts during the build process, such as Kubernetes manifests, Terraform code, and Docker images. But now you can use Mondoo to compare different builds and branches as well.

Mondoo CICD Integrations

Automatic client detection

We now automatically detect the Mondoo client running in CI/CD environments. Once we detect it, we collect more contextual information about the run, such as the repository, PR/MR number, and Git reference. This allows CI/CD runs to automatically show up in the CI/CD tab, where you can explore more details.

Today, we support this feature for GitHub, GitLab, and Kubernetes out of the box. We are expanding to other systems soon, so stay tuned!

Streamlined exit codes

We’ve improved how Mondoo scan results affect CI/CD pipelines. Previously, unless they achieved perfect scores (A+ with a score of 100), Mondoo scans finished with a non-zero exit code. This caused the pipeline to fail, even with only minor issues. Now, by default, every Mondoo returns an exit code of 0 when a scan is successful. Both As and Fs show a successful run.

With the previously introduced --score-threshold you can customize this behavior to fail the execution (exit code 1) whenever the score falls below your chosen threshold. For example, this command fails all scans that result in an F (score below 10):

mondoo scan --score-threshold 10

Command line interface improvements

We’ve made big changes to our CLI in response to customer feedback: We built a new default report output, and we’ve made the mondoo scan command easier to use.

Providers in the Mondoo CLI scan

Mondoo can scan many different types of targets, from your local machine, to remote machines via SSH or WinRM, to cloud systems like AWS or Azure, and even arbitrary APIs. We’ve updated the scan command to make it easier to specify the scan target: mondoo scan

You no longer need the -t or --connection options. These are some examples using different providers:

mondoo scan local
mondoo scan ssh user@host
mondoo scan container b62b
mondoo scan container image ubuntu:20.04
mondoo scan aws

For a list of all available providers and detailed help on the scan command, type:

mondoo scan -h

CLI report overhaul

We redesigned our CLI reports with developers and operations experts in mind. We first print a list of controls and data queries, then list vulnerabilities, and finish with a short summary. We removed pagination based on feedback from customers like you. The default report is also much more compact:

mondoo scan local
v6 - Mondoo scan compact

For more information about individual controls, use the full formatter:

mondoo scan local -o full
Mondoo v6 - scan full

The legacy default report, which we designed for auditors and security experts, is still available:

mondoo scan local -o full

Output formats include JUnit, JSON, CSV, and YAML. You can list them all:

mondoo scan -o help

EU region support

Many of our customers in the EU are subject to local regulatory requirements. They need the data storage and processing that Mondoo performs on their behalf to occur in Europe. To meet this need, Mondoo has added new cloud infrastructure in the EU.

When you create a new organization, you can choose whether to locate it in the US region or EU region. All data created and processed in the EU region happens on servers located in data centers within the EU.

To create or access an organization in a different region, use the US / EU region menu:

Mondoo eu-region

Mondoo keeps all of the data stored and processed in the two regions completely separate. You can't move assets between the two regions, nor can you share data between the two in any way.

AWS integration improvements

We’re excited to release the Mondoo AWS Organization integration, which allows you to set up AWS integrations across your entire AWS Organization or organizational unit.

Mondoo v6 - AWS orgs

We previously only supported single account installations. With this change, you can use AWS CloudFormation StackSets to install the integration across all accounts in your AWS Organization. This automatically installs the integration to all new accounts added to that AWS Organization.

Furthermore, we now display the number of EC2 Snapshots, CloudWatch LogGroups, Lambda Functions, Config Recorders, and EKS clusters on your AWS integration page:

Mondoo aws-detection

This discovery is only the beginning; we have exciting plans for the exploration of your fleet!

Mondoo in the GitHub Marketplace ​

To go with our new GitHub CI/CD views, Mondoo is now available as an Action in the GitHub Marketplace. Use Mondoo with Github Actions to scan Kubernetes manifests, Terraform configuration files, and Docker images. See examples and full setup instructions on our page in the Github Marketplace.

Mondoo GitHub Marketplace

MQL improvement

MQL now supports variables across blocks. This enhancement makes many queries easier to write.

Here is a simple example:

aws.dynamodb.tables {
   x = regionaws.dynamodb.limits.where(region == x) {*}
}

In this example, we define a new variable x and set its value to the region of the table. We can then use the variable to access the limits entry that matches this region. Previously this was not possible, since both fields had the same name (region) and variables weren’t accessible across blocks.

Policy updates

The Center for Internet Security (CIS) officially certified the Mondoo Ubuntu 20.04 Level 1 and Level 2 CIS Benchmarks. See the Mondoo page at cissecurity.org for a complete list of our CIS-certified benchmarks, and stay tuned for more certifications in the coming weeks.

In addition, we updated these policies:

  • Linux Security Baseline by Mondoo
  • Kubernetes Application Benchmark by Mondoo

We also updated the detection of EOL dates and package vulnerabilities for Red Hat Linux 9 and AlmaLinux 9.

You can find all of these policies in your Policy Hub: select Add Policies.

Dominik Richter

Dom is a founder, coder, and hacker and one of the creators of Mondoo. He helped shape the DevOps and security space with projects like InSpec and Dev-Sec.io. Dom worked in security and automation at companies like Google, Chef, and Deutsche Telekom. Beyond his work, he loves to dive deep into hacker and nerd culture, science and the mind, and making colorful pasta from scratch.

You might also like

Releases
Mondoo September 2024 Release Highlights
Releases
Mondoo August 2024 Release Highlights
Releases
Mondoo July 2024 Release Highlights