From 7cbbdbbe0940dda93d43daeffb3b2994b496f901 Mon Sep 17 00:00:00 2001 From: Tim Smith <tsmith84@proton.me> Date: Fri, 10 Jan 2025 10:44:30 -0800 Subject: [PATCH] Add 11.37 release notes New week. New release Signed-off-by: Tim Smith <tsmith84@gmail.com> --- .github/actions/spelling/expect.txt | 1 + .../aws-pack/aws.iam.instanceprofile.md | 17 +-- docs/mql/resources/aws-pack/aws.iam.policy.md | 3 +- .../aws-pack/aws.iam.policyversion.md | 15 +-- docs/mql/resources/aws-pack/aws.iam.role.md | 3 +- docs/mql/resources/aws-pack/aws.iam.user.md | 3 +- .../aws.iam.usercredentialreportentry.md | 51 ++++----- .../gcp.project.storageservice.bucket.md | 1 + package.json | 2 +- releases/2025-01-14-mondoo-11.37-is-out.md | 103 ++++++++++++++++++ .../integration_filtering.png | Bin yarn.lock | 38 +++---- 12 files changed, 174 insertions(+), 63 deletions(-) create mode 100644 releases/2025-01-14-mondoo-11.37-is-out.md rename static/img/releases/{2025-01-07-mondoo-11.36-is-out => 2025-01-14-mondoo-11.37-is-out}/integration_filtering.png (100%) diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index 2ab2e63a..b456dabb 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -331,6 +331,7 @@ sqlserver sqlservice srvsvc stdevel +storageservice Stupakov sudolog suki diff --git a/docs/mql/resources/aws-pack/aws.iam.instanceprofile.md b/docs/mql/resources/aws-pack/aws.iam.instanceprofile.md index 8a1d72fb..6939cfde 100644 --- a/docs/mql/resources/aws-pack/aws.iam.instanceprofile.md +++ b/docs/mql/resources/aws-pack/aws.iam.instanceprofile.md @@ -18,11 +18,12 @@ AWS IAM instance profile **Fields** -| ID | TYPE | DESCRIPTION | -| ------------------- | ----------------------------------------- | ------------------------------------------ | -| arn | string | ARN of the instance profile | -| createDate | time | Time when the instance profile was created | -| instanceProfileId | string | ID of the IAM instance profile | -| instanceProfileName | string | Name of the instance profile | -| tags | map[string]string | Tags for the instance profile | -| iamRoles | [][aws.iam.role](aws.iam.role.md) | role attached to the instanceProfile | +| ID | TYPE | DESCRIPTION | +| ------------------- | ----------------------------------------- | --------------------------------------------------------------------- | +| arn | string | ARN of the instance profile | +| createDate | time | Time when the instance profile was created: deprecated, use createdAt | +| createdAt | time | Time when the instance profile was created | +| instanceProfileId | string | ID of the IAM instance profile | +| instanceProfileName | string | Name of the instance profile | +| tags | map[string]string | Tags for the instance profile | +| iamRoles | [][aws.iam.role](aws.iam.role.md) | role attached to the instanceProfile | diff --git a/docs/mql/resources/aws-pack/aws.iam.policy.md b/docs/mql/resources/aws-pack/aws.iam.policy.md index fdcc2a55..d3c8d98a 100644 --- a/docs/mql/resources/aws-pack/aws.iam.policy.md +++ b/docs/mql/resources/aws-pack/aws.iam.policy.md @@ -29,7 +29,8 @@ The `aws.iam.policy` resource provides fields for assessing the configuration of | description | string | Description of the policy | | isAttachable | bool | Whether the policy can be attached | | attachmentCount | int | Number of principal entities (users, groups, and roles) that the policy is attached to | -| createDate | time | Time when the policy was created | +| createDate | time | Time when the policy was created: deprecated, use createdAt | +| createdAt | time | Time when the policy was created | | updateDate | time | Time when the policy was updated | | scope | string | Scope of the policy | | versions | [][aws.iam.policyversion](aws.iam.policyversion.md) | List of versions for the policy | diff --git a/docs/mql/resources/aws-pack/aws.iam.policyversion.md b/docs/mql/resources/aws-pack/aws.iam.policyversion.md index 434fe36d..80e79816 100644 --- a/docs/mql/resources/aws-pack/aws.iam.policyversion.md +++ b/docs/mql/resources/aws-pack/aws.iam.policyversion.md @@ -20,10 +20,11 @@ The `aws.iam.policyversion` resource provides fields for assessing the metadata **Fields** -| ID | TYPE | DESCRIPTION | -| ---------------- | ------ | -------------------------------------------------- | -| arn | string | ARN of the policy version | -| versionId | string | Version ID | -| isDefaultVersion | bool | Whether this version is the policy default version | -| document | dict | JSON statements for this policy version | -| createDate | time | Time when this policy version was created | +| ID | TYPE | DESCRIPTION | +| ---------------- | ------ | -------------------------------------------------------------------- | +| arn | string | ARN of the policy version | +| versionId | string | Version ID | +| isDefaultVersion | bool | Whether this version is the policy default version | +| document | dict | JSON statements for this policy version | +| createDate | time | Time when this policy version was created: deprecated, use createdAt | +| createdAt | time | Time when this policy version was created | diff --git a/docs/mql/resources/aws-pack/aws.iam.role.md b/docs/mql/resources/aws-pack/aws.iam.role.md index 45751bec..aafa517e 100644 --- a/docs/mql/resources/aws-pack/aws.iam.role.md +++ b/docs/mql/resources/aws-pack/aws.iam.role.md @@ -27,5 +27,6 @@ The `aws.iam.role` resource provides fields for assessing the configuration of i | name | string | Name of the role | | description | string | Description of the role | | tags | map[string]string | Tags associated with the role | -| createDate | time | Time when the role was created | +| createDate | time | Time when the role was created: deprecated, use createdAt | +| createdAt | time | Time when the role was created | | assumeRolePolicyDocument | dict | Policy document that grants an entity permission to assume the role | diff --git a/docs/mql/resources/aws-pack/aws.iam.user.md b/docs/mql/resources/aws-pack/aws.iam.user.md index 6a2b6216..c33954de 100644 --- a/docs/mql/resources/aws-pack/aws.iam.user.md +++ b/docs/mql/resources/aws-pack/aws.iam.user.md @@ -25,7 +25,8 @@ The `aws.iam.user` resource provides fields for assessing the configuration of i | arn | string | ARN of the IAM user | | id | string | ID of the IAM user | | name | string | Name of the user | -| createDate | time | Time when user was created | +| createDate | time | Time when user was created: deprecated, use createdAt | +| createdAt | time | Time when user was created | | passwordLastUsed | time | Time when password was last used | | tags | map[string]string | Tags for the IAM user | | policies | []string | List of inline policies attached to the user | diff --git a/docs/mql/resources/aws-pack/aws.iam.usercredentialreportentry.md b/docs/mql/resources/aws-pack/aws.iam.usercredentialreportentry.md index dd7f75cc..817998d3 100644 --- a/docs/mql/resources/aws-pack/aws.iam.usercredentialreportentry.md +++ b/docs/mql/resources/aws-pack/aws.iam.usercredentialreportentry.md @@ -24,28 +24,29 @@ aws.iam.usercredentialreportentry(properties map[string]string) **Fields** -| ID | TYPE | DESCRIPTION | -| ------------------------- | ------------------------------- | -------------------------------------------- | -| properties | map[string]string | properties on the IAM user credential report | -| arn | string | ARN for the credential report | -| accessKey1Active | bool | Whether the access key is active | -| accessKey1LastRotated | time | Time when key was last rotated | -| accessKey1LastUsedDate | time | Time when key was last used | -| accessKey1LastUsedRegion | string | Region in which the key was last used | -| accessKey1LastUsedService | string | Service that last used the key | -| accessKey2Active | bool | Whether the access key is active | -| accessKey2LastRotated | time | Time when key was last rotated | -| accessKey2LastUsedDate | time | Time when key was last used | -| accessKey2LastUsedRegion | string | Region in which the key was last used | -| accessKey2LastUsedService | string | Service that last used the key | -| cert1Active | bool | Whether the cert is active | -| cert1LastRotated | time | Time when the cert was last rotated | -| cert2Active | bool | Whether the cert is active | -| cert2LastRotated | time | Time when the cert was last rotated | -| mfaActive | bool | Whether MFA is active in the account | -| passwordEnabled | bool | Whether passwords are enabled | -| passwordLastChanged | time | Time when the password was last changed | -| passwordLastUsed | time | Time when the password was last used | -| passwordNextRotation | time | Next time when the password should rotate | -| user | [aws.iam.user](aws.iam.user.md) | IAM user | -| userCreationTime | time | Time when user was created | +| ID | TYPE | DESCRIPTION | +| ------------------------- | ------------------------------- | ----------------------------------------------------- | +| properties | map[string]string | properties on the IAM user credential report | +| arn | string | ARN for the credential report | +| accessKey1Active | bool | Whether the access key is active | +| accessKey1LastRotated | time | Time when key was last rotated | +| accessKey1LastUsedDate | time | Time when key was last used | +| accessKey1LastUsedRegion | string | Region in which the key was last used | +| accessKey1LastUsedService | string | Service that last used the key | +| accessKey2Active | bool | Whether the access key is active | +| accessKey2LastRotated | time | Time when key was last rotated | +| accessKey2LastUsedDate | time | Time when key was last used | +| accessKey2LastUsedRegion | string | Region in which the key was last used | +| accessKey2LastUsedService | string | Service that last used the key | +| cert1Active | bool | Whether the cert is active | +| cert1LastRotated | time | Time when the cert was last rotated | +| cert2Active | bool | Whether the cert is active | +| cert2LastRotated | time | Time when the cert was last rotated | +| mfaActive | bool | Whether MFA is active in the account | +| passwordEnabled | bool | Whether passwords are enabled | +| passwordLastChanged | time | Time when the password was last changed | +| passwordLastUsed | time | Time when the password was last used | +| passwordNextRotation | time | Next time when the password should rotate | +| user | [aws.iam.user](aws.iam.user.md) | IAM user | +| userCreationTime | time | Time when user was created: deprecated, use createdAt | +| createdAt | time | Time when user was created | diff --git a/docs/mql/resources/gcp-pack/gcp.project.storageservice.bucket.md b/docs/mql/resources/gcp-pack/gcp.project.storageservice.bucket.md index ee77c613..2dacf0ae 100644 --- a/docs/mql/resources/gcp-pack/gcp.project.storageservice.bucket.md +++ b/docs/mql/resources/gcp-pack/gcp.project.storageservice.bucket.md @@ -33,6 +33,7 @@ Google Cloud (GCP) Storage bucket | iamPolicy | [][gcp.resourcemanager.binding](gcp.resourcemanager.binding.md) | IAM policy | | iamConfiguration | dict | IAM configuration | | retentionPolicy | dict | Retention policy | +| encryption | dict | Encryption | **References** diff --git a/package.json b/package.json index 72f5a77a..96c8cb0a 100644 --- a/package.json +++ b/package.json @@ -59,7 +59,7 @@ }, "devDependencies": { "@docusaurus/tsconfig": "^3.7.0", - "@types/react": "^19.0.6", + "@types/react": "^19.0.7", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.3.3", "prettier": "3.4.2", diff --git a/releases/2025-01-14-mondoo-11.37-is-out.md b/releases/2025-01-14-mondoo-11.37-is-out.md new file mode 100644 index 00000000..fd2fd0f3 --- /dev/null +++ b/releases/2025-01-14-mondoo-11.37-is-out.md @@ -0,0 +1,103 @@ +--- +slug: mondoo-11.37-is-out/ +title: Mondoo 11.37 is out! +description: Announcing the 11.37 release of Mondoo with FOO, BAR, BAZ, and more! +authors: [tim] +image: DEETS +tags: [release, mondoo] +--- + +## ๐ฅณ Mondoo 11.37 is out! This release includes FOO, BAR, BAZ, and more! + +Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec) + +--- + +## ๐ NEW FEATURES + +### SentinelOne vulnerability integration + +DEETS + +### Create workspaces from labels/tags, annotations, or technology + +https://github.com/mondoohq/console/pull/5392 + +### Search for assets and findings in workspaces + +DEETS + +## ๐งน IMPROVEMENTS + +### AWS RDS Cluster support + +DEETS: + +- Atlas +- Scanning +- Asset overview + +### Improved CIS Azure Foundations benchmark checks + +DEETS from Manuel on this one + +https://github.com/mondoohq/cnspec-enterprise-policies/pull/1184 + +### Quickly find integrations + +Find the right integration with less scrolling. The add integration page now supports search based on integration categories in addition to integration names. + +![Integration filtering with a category](/img/releases/2025-01-14-mondoo-11.37-is-out/integration_filtering.png) + +### Improved asset overview information + +DEETS from: + +- Link to integrations from configuration overview: https://github.com/mondoohq/console/pull/5401 +- Display scan times in scan overview: https://github.com/mondoohq/console/pull/5398 +- Copy values from asset data: https://github.com/mondoohq/console/pull/5397 + +### Resource updates + +#### aws.iam.instanceProfile + +- Deprecate `createDate` in favor of a new `createdAt` field + +#### aws.iam.policy + +- Deprecate `createDate` in favor of a new `createdAt` field + +#### aws.iam.policyversion + +- Deprecate `createDate` in favor of a new `createdAt` field + +#### aws.iam.role + +- Deprecate `createDate` in favor of a new `createdAt` field + +#### aws.iam.user + +- Deprecate `createDate` in favor of a new `createdAt` field + +#### aws.iam.usercredentialreportentry + +- Deprecate `createDate` in favor of a new `createdAt` field + +#### gcp.project.storageservice.bucket + +- New `encryption` field + +#### macos.alf + +- Support macOS Sequoia (15) assets + +## ๐ BUG FIXES AND UPDATES + +- Categorize Nmap assets as "Domains and Hosts" on the Assets page. +- Improve performance of compliance report generation. https://github.com/mondoohq/server/pull/9900 +- Fix an `invalid reporting job` error when running certain policies. +- Fix display of score boxes on CVE and Advisory pages. https://github.com/mondoohq/console/pull/5336 +- Show assets link on AWS integrations. +- Allow creating workspaces with the asset kind value of "Virtual Machine". +- Improve reliability of some CIS/BSI Windows policy checks on non-English systems. +- Improve fetching of available AWS regions. diff --git a/static/img/releases/2025-01-07-mondoo-11.36-is-out/integration_filtering.png b/static/img/releases/2025-01-14-mondoo-11.37-is-out/integration_filtering.png similarity index 100% rename from static/img/releases/2025-01-07-mondoo-11.36-is-out/integration_filtering.png rename to static/img/releases/2025-01-14-mondoo-11.37-is-out/integration_filtering.png diff --git a/yarn.lock b/yarn.lock index 3ec7cc88..bb79f6b8 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2436,9 +2436,9 @@ integrity sha512-AUZTa7hQ2KY5L7AmtSiqxlhWxb4ina0yd8hNbl4TWuqnv/pFP0nDMb3YrfSBf4hJVGLh2YEIBfKaBW/9UEl6IQ== "@types/qs@*": - version "6.9.17" - resolved "https://registry.yarnpkg.com/@types/qs/-/qs-6.9.17.tgz#fc560f60946d0aeff2f914eb41679659d3310e1a" - integrity sha512-rX4/bPcfmvxHDv0XjfJELTTr+iB+tn032nPILqHm5wbthUUUuVtNGGqzhya9XUxjTP8Fpr0qYgSZZKxGY++svQ== + version "6.9.18" + resolved "https://registry.yarnpkg.com/@types/qs/-/qs-6.9.18.tgz#877292caa91f7c1b213032b34626505b746624c2" + integrity sha512-kK7dgTYDyGqS+e2Q4aK9X3D7q234CIZ1Bv0q/7Z5IwRDoADNU81xXJK/YVyLbLTZCoIwUoDoffFeF+p/eIklAA== "@types/range-parser@*": version "1.2.7" @@ -2478,10 +2478,10 @@ "@types/history" "^4.7.11" "@types/react" "*" -"@types/react@*", "@types/react@^19.0.6": - version "19.0.6" - resolved "https://registry.yarnpkg.com/@types/react/-/react-19.0.6.tgz#98deae4c5c4b24735e5d9e341302f9ebd45e80d3" - integrity sha512-gIlMztcTeDgXCUj0vCBOqEuSEhX//63fW9SZtCJ+agxoQTOklwDfiEMlTWn4mR/C/UK5VHlpwsCsOyf7/hc4lw== +"@types/react@*", "@types/react@^19.0.7": + version "19.0.7" + resolved "https://registry.yarnpkg.com/@types/react/-/react-19.0.7.tgz#c451968b999d1cb2d9207dc5ff56496164cf511d" + integrity sha512-MoFsEJKkAtZCrC1r6CM8U22GzhG7u2Wir8ons/aCKH6MBdD1ibV24zOSSkdZVUKqN5i396zG5VKLYZ3yaUZdLA== dependencies: csstype "^3.0.2" @@ -2771,9 +2771,9 @@ ajv@^8.0.0, ajv@^8.9.0: require-from-string "^2.0.2" algoliasearch-helper@^3.22.6: - version "3.22.6" - resolved "https://registry.yarnpkg.com/algoliasearch-helper/-/algoliasearch-helper-3.22.6.tgz#6a31c67d277a32f3f7ae1b8a6e57ca73f1e1a0b0" - integrity sha512-F2gSb43QHyvZmvH/2hxIjbk/uFdO2MguQYTFP7J+RowMW1csjIODMobEnpLI8nbLQuzZnGZdIxl5Bpy1k9+CFQ== + version "3.23.0" + resolved "https://registry.yarnpkg.com/algoliasearch-helper/-/algoliasearch-helper-3.23.0.tgz#638e766bf6be2308b8dcda3282e47aff66438712" + integrity sha512-8CK4Gb/ju4OesAYcS+mjBpNiVA7ILWpg7D2vhBZohh0YkG8QT1KZ9LG+8+EntQBUGoKtPy06OFhiwP4f5zzAQg== dependencies: "@algolia/events" "^4.0.1" @@ -3966,9 +3966,9 @@ ee-first@1.1.1: integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow== electron-to-chromium@^1.5.73: - version "1.5.80" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.80.tgz#ca7a8361d7305f0ec9e203ce4e633cbb8a8ef1b1" - integrity sha512-LTrKpW0AqIuHwmlVNV+cjFYTnXtM9K37OGhpe0ZI10ScPSxqVSryZHIY3WnCS5NSYbBODRTZyhRMS2h5FAEqAw== + version "1.5.82" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.82.tgz#b9116ac6d6b6346c2baa49f14c1272ba2ce1ccdb" + integrity sha512-Zq16uk1hfQhyGx5GpwPAYDwddJuSGhtRhgOA2mCxANYaDT79nAeGnaXogMGng4KqLaJUVnOnuL0+TDop9nLOiA== emoji-regex@^8.0.0: version "8.0.0" @@ -4046,9 +4046,9 @@ es-module-lexer@^1.2.1: integrity sha512-qqnD1yMU6tk/jnaMosogGySTZP8YtUgAffA9nMN+E/rjxcfRQ6IEk7IiozUjgxKoFHBGjTLnrHB/YC45r/59EQ== es-object-atoms@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/es-object-atoms/-/es-object-atoms-1.0.0.tgz#ddb55cd47ac2e240701260bc2a8e31ecb643d941" - integrity sha512-MZ4iQ6JwHOBQjahnjwaC1ZtIBH+2ohjamzAO3oaHcXYup7qxjF2fixyH+Q71voWHeOkI2q/TnJao/KfXYIZWbw== + version "1.1.0" + resolved "https://registry.yarnpkg.com/es-object-atoms/-/es-object-atoms-1.1.0.tgz#095de9ecceeb2ca79668212b60ead450ffd323bf" + integrity sha512-Ujz8Al/KfOVR7fkaghAB1WvnLsdYxHDWmfoi2vlA2jZWRg31XhIC1a4B+/I24muD8iSbHxJ1JkrfqmWb65P/Mw== dependencies: es-errors "^1.3.0" @@ -7375,9 +7375,9 @@ postcss-zindex@^6.0.2: integrity sha512-5BxW9l1evPB/4ZIc+2GobEBoKC+h8gPGCMi+jxsYvd2x0mjq7wazk6DrP71pStqxE9Foxh5TVnonbWpFZzXaYg== postcss@^8.4.21, postcss@^8.4.24, postcss@^8.4.26, postcss@^8.4.33, postcss@^8.4.38: - version "8.5.0" - resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.5.0.tgz#15244b9fd65f809b2819682456f0e7e1e30c145b" - integrity sha512-27VKOqrYfPncKA2NrFOVhP5MGAfHKLYn/Q0mz9cNQyRAKYi3VNHwYU2qKKqPCqgBmeeJ0uAFB56NumXZ5ZReXg== + version "8.5.1" + resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.5.1.tgz#e2272a1f8a807fafa413218245630b5db10a3214" + integrity sha512-6oz2beyjc5VMn/KV1pPw8fliQkhBXrVn1Z3TVyqZxU8kZpzEKhBdmCFqI6ZbmGtamQvQGuU1sgPTk8ZrXDD7jQ== dependencies: nanoid "^3.3.8" picocolors "^1.1.1"