Skip to content

Commit

Permalink
Add 10.10 release notes
Browse files Browse the repository at this point in the history 
Signed-off-by: Tim Smith <[email protected]>
  • Loading branch information
@tas50
tas50 committed Apr 3, 2024
1 parent 0a18ff0 commit 5ffa590
Show file tree
Hide file tree
Showing 5 changed files with 215 additions and 120 deletions.
1 change: 1 addition & 0 deletions .github/workflows/cla.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
name: "CLA Assistant"
on:
issue_comment:
Expand Down
36 changes: 20 additions & 16 deletions docs/mql/resources/aws-pack/aws.autoscaling.group.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,19 +20,23 @@ The `aws.autoscaling.group` resource provides fields representing an individual

**Fields**

| ID | TYPE | DESCRIPTION |
| ----------------------- | ----------------- | ------------------------------------------------------------------------------------------- |
| arn | string | ARN for the autoscaling group |
| name | string | Name of the group |
| loadBalancerNames | &#91;&#93;string | List of load balancer names associated with the group |
| healthCheckType | string | Health check type used by the group: ELB or EC2 |
| tags | map[string]string | Tags for the asg |
| region | string | The region of the Auto Scaling group |
| minSize | int | The minimum number of instances to scale down to |
| maxSize | int | The maximum number of instances to scale up to |
| defaultCooldown | int | The time to wait after scaling up / down before the next scaling event is started |
| launchConfigurationName | string | The name of the launch configuration |
| healthCheckGracePeriod | int | The grace period in seconds before an instance with a failing health check will be replaced |
| createdAt | time | Time when the autoscaling group was created |
| maxInstanceLifetime | int | The maximum amount of time, in seconds, that an instance can be in service |
| desiredCapacity | int | The desired size of the group |
| ID | TYPE | DESCRIPTION |
| ----------------------- | ------------------------------------------------- | ------------------------------------------------------------------------------------------- |
| arn | string | ARN for the autoscaling group |
| name | string | Name of the group |
| loadBalancerNames | &#91;&#93;string | List of load balancer names associated with the group |
| healthCheckType | string | Health check type used by the group: ELB or EC2 |
| tags | map[string]string | Tags for the asg |
| region | string | The region of the Auto Scaling group |
| minSize | int | The minimum number of instances to scale down to |
| maxSize | int | The maximum number of instances to scale up to |
| defaultCooldown | int | The time to wait after scaling up / down before the next scaling event is started |
| launchConfigurationName | string | The name of the launch configuration |
| healthCheckGracePeriod | int | The grace period in seconds before an instance with a failing health check will be replaced |
| createdAt | time | Time when the autoscaling group was created |
| maxInstanceLifetime | int | The maximum amount of time, in seconds, that an instance can be in service |
| desiredCapacity | int | The desired size of the group |
| availabilityZones | &#91;&#93;string | List of availability zones associated with the group |
| capacityRebalance | bool | Indicates whether Capacity Rebalancing is enabled |
| defaultInstanceWarmup | int | The duration of the default instance warmup, in seconds |
| instances | &#91;&#93;[aws.ec2.instance](aws.ec2.instance.md) | The EC2 instances associated with the group |
68 changes: 68 additions & 0 deletions releases/2024-04-02-mondoo-10.10-is-out.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
---
slug: mondoo-10.10-is-out/
title: Mondoo 10.10 is out!
author: Tim Smith
author_title: Mondoo Core Team
author_url: https://github.com/tas50
tags: [release, mondoo]
---

## 🥳 Mondoo 10.10 is out! This release includes xz vulnerability detection, expanded AWS asset inventory, and more!

Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec)

---

## 🎉 NEW FEATURES

### xz vulnerability policy

The recent xz supply chain attack in xz 5.6.0 and 5.6.1 (CVE-2024–3094) thankfully didn't make it in any mainstream enterprise Linux distributions. There's still a significant risk if employees are running rolling distributions or pre-releases of upcoming Linux distros. To quickly evaluate your CVE-2024–3094 expose we've created a new xz Vulnerability (CVE-2024–3094) policy that looks for xz 5.6.0/5.6.1 on impacted Linux releases:

- Alpine
- Arch
- Debian trixie/sid

Check failure on line 24 in releases/2024-04-02-mondoo-10.10-is-out.md

View workflow job for this annotation

GitHub Actions / Run spell check 

`trixie` is not a recognized word. (unrecognized-spelling)
- Fedora 40
- Kali 2024.1
- openSUSE Tumbleweed

![xz Policy affected assets](/img/releases/2024-04-02-mondoo-10.10-is-out/xz_policy.png)

## 🧹 IMPROVEMENTS

### Resource improvements

#### aws.autoscaling.groups

- Improve default values
- New `availabilityZones` field
- New `capacityRebalance` field
- New `defaultInstanceWarmup` field
- New `desiredCapacity` field
- New `instances` field
- New `maxInstanceLifetime` field

#### aws.cloudfront.distributions

- New `cnames` field

### Improved AWS asset overview information

DEETS

Check failure on line 51 in releases/2024-04-02-mondoo-10.10-is-out.md

View workflow job for this annotation

GitHub Actions / Run spell check 

`DEETS` is not a recognized word. (unrecognized-spelling)

### Expanded Endpoint Detection and Response policy support

Detect the ESET EDR in the Endpoint Detection and Response (EDR) policy.

### New Terraform checks in CIS GCP Foundation policy

Flag critical security misconfigurations before they're ever running in your infrastructure with expanded Terraform config checks in the CIS Google Cloud Platform Foundation policy. New checks evaluate Terraform configs for proper [GCP uniform bucket level access](https://cloud.google.com/storage/docs/uniform-bucket-level-access) setup.

## 🐛 BUG FIXES AND UPDATES

- Improve performance of AWS cloud detection.
- Fix Windows policies with multi-language support to rely on the system language not the locale.
- Simplify the Linux server installation instructions.
- Support vulnerability scanning of RPMs with a `^` symbol in the name.

Check failure on line 66 in releases/2024-04-02-mondoo-10.10-is-out.md

View workflow job for this annotation

GitHub Actions / Run spell check 

`RPMs` is not a recognized word. (unrecognized-spelling)
- Update additional CIS GCP Foundations checks to work against Terraform configs.
- Fix `CIS VMware ESXi 6.7 Benchmark - Corporate/Enterprise Environment` policy to only apply to VMware 6.
Binary file added static/img/releases/2024-04-02-mondoo-10.10-is-out/xz_policy.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 5ffa590

Please sign in to comment.