Blog home
Vulnerabilities

Patching Made Easy: Introducing Guided Remediation in Mondoo

Chip Johnson
April 10, 2024
2 min read

We’re thrilled to announce the launch of guided remediation in the Mondoo Platform, which makes patching fast and efficient for your DevOps teams.

Mondoo is great for helping you find and prioritize vulnerabilities in your infrastructure. But until now, mitigating those findings required researching fixes, navigating vendor documentation, and manually applying patches across your systems.

Guided remediation streamlines this process by providing patching scripts directly within Mondoo. Here’s how we empower your team:

  • Targeted remediation advice: Update only the packages needed to mitigate each vulnerability.
  • Easy, automated scripts: Copy and paste scripts in bash or Ansible directly from the Mondoo console.
  • Reduced risk: By expediting the patching process, you minimize the window of vulnerability.

Find and fix the security risks that pose the biggest threat to your business.

Get started

See an example of guided remediation in action:

The automatic remediation scripts are focused on stability and always scope to minimize the increase in version number. They will automatically select the version needed to mitigate the advisory rather than attempting to float on latest.

- name: Install specific versions of packages on Debian systems
  hosts: debian_hosts
  become: yes
  vars:
    latest_packages:
    versioned_packages:
      - name: "libgssapi-krb5-2"
        version: "1.12+dfsg-2ubuntu5.4+esm3"
      - name: "krb5-admin-server"
        version: "1.12+dfsg-2ubuntu5.4+esm3"
      - name: "krb5-user"
        version: "1.12+dfsg-2ubuntu5.4+esm3"
      - name: "libkdb5-7"
        version: "1.12+dfsg-2ubuntu5.4+esm3"
      - name: "krb5-kdc"
        version: "1.12+dfsg-2ubuntu5.4+esm3"

  tasks:
    - name: Update apt cache
      ansible.builtin.apt:
        update_cache: yes
        cache_valid_time: 3600 # Cache valid for 1 hour

    - name: Install specific package versions
      ansible.builtin.apt:
        name: "{{ item.name }}={{ item.version }}"
        state: present
      loop: "{{ versioned_packages }}"

    - name: Install latest versions of packages
      ansible.builtin.apt:
        name: "{{ item.name }}
        state: latest
      loop: "{{ latest_packages }}"

Empower your security team

Guided remediation is a powerful addition to your vulnerability management toolkit. It simplifies patching, reduces risk, and frees up your DevSecOps team to focus on what matters most – securing your organization. Take control and secure your systems with guided remediation in Mondoo Platform!

Chip Johnson

Chip Johnson ist Produktmanager bei Mondoo und konzentriert sich auf die Herstellung von Werkzeugen, die Sie lieben werden. Er ist seit 2010 Teil der DevOps-Community. Zuletzt hatte er Positionen bei Auth0, Sonatype und Chef Software inne. Seit 1993 macht und macht er Dinge im Internet kaputt

You might also like

Microsoft
Microsoft Patch Tuesday August 2025: How to Prioritize Vulnerabilities for Patching
Deborah Galea
Christian Zunker
August 15, 2025
Vulnerabilities
Introducing Agentic Vulnerability Patching Using Ansible
Chip Johnson
Deborah Galea
August 14, 2025
Insights from DEF CON 33: From LLM Hacking to Supply Chain Remediation
Dominik Richter
August 13, 2025

Stay informed with our news and new articles

Danke! Deine Einreichung ist eingegangen!
Hoppla! Beim Absenden des Formulars ist etwas schief gelaufen.