Skip to content
Untitled design-Aug-24-2022-05-05-37-08-PM
Dominik RichterMarch 9, 20231 min read

Mondoo v8: Enhanced Policies & Query Packs for Simplified Security Posture

Mondoo_graphics_Mondoo V8-01

Get ready to enhance your security posture with Mondoo v8, our latest version featuring improved policies and query packs.

Here are some benefits of using Mondoo v8:

  • Simplified policies and query packs: Mondoo v8 makes customization easier with a new, simple policy and query pack structure and key new features like embedded queries.
  • Increased efficiency: Thanks to variants and properties, Mondoo v8 provides a more intuitive method for using cnspec, cnquery, and the Mondoo Platform in different places. With properties, you can quickly adjust a policy for new use cases. Variants let you consistently check multiple assets like Terraform and AWS.
  • Easy to use: Making changes to individual queries is now simple and intuitive with Mondoo v8. Policy groups now have a type to better specify their function.

Here are some additional details about the new features:

Enhanced policies and query packs

We have overhauled commonly used terms in policies and query packs, replacing them with named fields and removing key-value maps. We have introduced embedded queries to make it easier to write policies that stand on their own, eliminating the need to explicitly reference queries and checks.

Configurable properties

Properties allow pre-defined query modifications. Earlier properties were hidden, but now with v8, properties are configurable in the CLI.


Variants let you create different versions of a query based on the asset it scans. For example, suppose you create queries that check if public IPs are attached to AWS instances. You can implement two variants: one for AWS API tests and one for Terraform plan tests.

Deprecation of old policy format

Mondoo v8 deprecates the old policy format, letting you convert your policies to v8 with a simple command. However for most use cases, you can simply upgrade your installation and won't notice any difference, since v8 is able to execute previous policy versions.

Upgrade to Mondoo v8 today and experience a more intuitive and efficient way to use cnspec, cnquery, and the Mondoo Platform. Check out the release notes for additional details and start enjoying the benefits of simplified policies and query packs.

Stay tuned for more examples that showcase these new features in v8.

Find out more in our release notes for v8.

Want to explore how easy security can be with Mondoo?

Sign up for free!


Dominik Richter

Dom is a founder, coder, and hacker and one of the creators of Mondoo. He helped shape the DevOps and security space with projects like InSpec and Dom worked in security and automation at companies like Google, Chef, and Deutsche Telekom. Beyond his work, he loves to dive deep into hacker and nerd culture, science and the mind, and making colorful pasta from scratch.


view raw