Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add 11.37 release notes #543

Merged
merged 11 commits into from
Jan 16, 2025
Merged

Add 11.37 release notes #543

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
cc20644
Add 11.37 release notes
tas50 Jan 10, 2025
1895f13
Add a missing word
tas50 Jan 15, 2025
80fee93
Update releases/2025-01-14-mondoo-11.37-is-out.md
tas50 Jan 16, 2025
dd93f99
Update releases/2025-01-14-mondoo-11.37-is-out.md
tas50 Jan 16, 2025
de2be2f
Update releases/2025-01-14-mondoo-11.37-is-out.md
tas50 Jan 16, 2025
4727bb7
Update releases/2025-01-14-mondoo-11.37-is-out.md
tas50 Jan 16, 2025
9855ae6
Update releases/2025-01-14-mondoo-11.37-is-out.md
tas50 Jan 16, 2025
2814968
One last dep bump
tas50 Jan 16, 2025
b6aa822
Update releases/2025-01-14-mondoo-11.37-is-out.md
tas50 Jan 16, 2025
a66d652
Remove the org feature we didn't ship
tas50 Jan 16, 2025
24aa13b
Update releases/2025-01-14-mondoo-11.37-is-out.md
tas50 Jan 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/actions/spelling/expect.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -331,6 +331,7 @@ sqlserver
sqlservice
srvsvc
stdevel
storageservice
Stupakov
sudolog
suki
Expand Down
17 changes: 9 additions & 8 deletions docs/mql/resources/aws-pack/aws.iam.instanceprofile.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,12 @@ AWS IAM instance profile

**Fields**

| ID | TYPE | DESCRIPTION |
| ------------------- | ----------------------------------------- | ------------------------------------------ |
| arn | string | ARN of the instance profile |
| createDate | time | Time when the instance profile was created |
| instanceProfileId | string | ID of the IAM instance profile |
| instanceProfileName | string | Name of the instance profile |
| tags | map[string]string | Tags for the instance profile |
| iamRoles | [][aws.iam.role](aws.iam.role.md) | role attached to the instanceProfile |
| ID | TYPE | DESCRIPTION |
| ------------------- | ----------------------------------------- | --------------------------------------------------------------------- |
| arn | string | ARN of the instance profile |
| createDate | time | Time when the instance profile was created: deprecated, use createdAt |
| createdAt | time | Time when the instance profile was created |
| instanceProfileId | string | ID of the IAM instance profile |
| instanceProfileName | string | Name of the instance profile |
| tags | map[string]string | Tags for the instance profile |
| iamRoles | [][aws.iam.role](aws.iam.role.md) | role attached to the instanceProfile |
3 changes: 2 additions & 1 deletion docs/mql/resources/aws-pack/aws.iam.policy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ The `aws.iam.policy` resource provides fields for assessing the configuration of
| description | string | Description of the policy |
| isAttachable | bool | Whether the policy can be attached |
| attachmentCount | int | Number of principal entities (users, groups, and roles) that the policy is attached to |
| createDate | time | Time when the policy was created |
| createDate | time | Time when the policy was created: deprecated, use createdAt |
| createdAt | time | Time when the policy was created |
| updateDate | time | Time when the policy was updated |
| scope | string | Scope of the policy |
| versions | [][aws.iam.policyversion](aws.iam.policyversion.md) | List of versions for the policy |
Expand Down
15 changes: 8 additions & 7 deletions docs/mql/resources/aws-pack/aws.iam.policyversion.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,11 @@ The `aws.iam.policyversion` resource provides fields for assessing the metadata

**Fields**

| ID | TYPE | DESCRIPTION |
| ---------------- | ------ | -------------------------------------------------- |
| arn | string | ARN of the policy version |
| versionId | string | Version ID |
| isDefaultVersion | bool | Whether this version is the policy default version |
| document | dict | JSON statements for this policy version |
| createDate | time | Time when this policy version was created |
| ID | TYPE | DESCRIPTION |
| ---------------- | ------ | -------------------------------------------------------------------- |
| arn | string | ARN of the policy version |
| versionId | string | Version ID |
| isDefaultVersion | bool | Whether this version is the policy default version |
| document | dict | JSON statements for this policy version |
| createDate | time | Time when this policy version was created: deprecated, use createdAt |
| createdAt | time | Time when this policy version was created |
3 changes: 2 additions & 1 deletion docs/mql/resources/aws-pack/aws.iam.role.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,6 @@ The `aws.iam.role` resource provides fields for assessing the configuration of i
| name | string | Name of the role |
| description | string | Description of the role |
| tags | map[string]string | Tags associated with the role |
| createDate | time | Time when the role was created |
| createDate | time | Time when the role was created: deprecated, use createdAt |
| createdAt | time | Time when the role was created |
| assumeRolePolicyDocument | dict | Policy document that grants an entity permission to assume the role |
3 changes: 2 additions & 1 deletion docs/mql/resources/aws-pack/aws.iam.user.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ The `aws.iam.user` resource provides fields for assessing the configuration of i
| arn | string | ARN of the IAM user |
| id | string | ID of the IAM user |
| name | string | Name of the user |
| createDate | time | Time when user was created |
| createDate | time | Time when user was created: deprecated, use createdAt |
| createdAt | time | Time when user was created |
| passwordLastUsed | time | Time when password was last used |
| tags | map[string]string | Tags for the IAM user |
| policies | []string | List of inline policies attached to the user |
Expand Down
51 changes: 26 additions & 25 deletions docs/mql/resources/aws-pack/aws.iam.usercredentialreportentry.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,28 +24,29 @@ aws.iam.usercredentialreportentry(properties map[string]string)

**Fields**

| ID | TYPE | DESCRIPTION |
| ------------------------- | ------------------------------- | -------------------------------------------- |
| properties | map[string]string | properties on the IAM user credential report |
| arn | string | ARN for the credential report |
| accessKey1Active | bool | Whether the access key is active |
| accessKey1LastRotated | time | Time when key was last rotated |
| accessKey1LastUsedDate | time | Time when key was last used |
| accessKey1LastUsedRegion | string | Region in which the key was last used |
| accessKey1LastUsedService | string | Service that last used the key |
| accessKey2Active | bool | Whether the access key is active |
| accessKey2LastRotated | time | Time when key was last rotated |
| accessKey2LastUsedDate | time | Time when key was last used |
| accessKey2LastUsedRegion | string | Region in which the key was last used |
| accessKey2LastUsedService | string | Service that last used the key |
| cert1Active | bool | Whether the cert is active |
| cert1LastRotated | time | Time when the cert was last rotated |
| cert2Active | bool | Whether the cert is active |
| cert2LastRotated | time | Time when the cert was last rotated |
| mfaActive | bool | Whether MFA is active in the account |
| passwordEnabled | bool | Whether passwords are enabled |
| passwordLastChanged | time | Time when the password was last changed |
| passwordLastUsed | time | Time when the password was last used |
| passwordNextRotation | time | Next time when the password should rotate |
| user | [aws.iam.user](aws.iam.user.md) | IAM user |
| userCreationTime | time | Time when user was created |
| ID | TYPE | DESCRIPTION |
| ------------------------- | ------------------------------- | ----------------------------------------------------- |
| properties | map[string]string | properties on the IAM user credential report |
| arn | string | ARN for the credential report |
| accessKey1Active | bool | Whether the access key is active |
| accessKey1LastRotated | time | Time when key was last rotated |
| accessKey1LastUsedDate | time | Time when key was last used |
| accessKey1LastUsedRegion | string | Region in which the key was last used |
| accessKey1LastUsedService | string | Service that last used the key |
| accessKey2Active | bool | Whether the access key is active |
| accessKey2LastRotated | time | Time when key was last rotated |
| accessKey2LastUsedDate | time | Time when key was last used |
| accessKey2LastUsedRegion | string | Region in which the key was last used |
| accessKey2LastUsedService | string | Service that last used the key |
| cert1Active | bool | Whether the cert is active |
| cert1LastRotated | time | Time when the cert was last rotated |
| cert2Active | bool | Whether the cert is active |
| cert2LastRotated | time | Time when the cert was last rotated |
| mfaActive | bool | Whether MFA is active in the account |
| passwordEnabled | bool | Whether passwords are enabled |
| passwordLastChanged | time | Time when the password was last changed |
| passwordLastUsed | time | Time when the password was last used |
| passwordNextRotation | time | Next time when the password should rotate |
| user | [aws.iam.user](aws.iam.user.md) | IAM user |
| userCreationTime | time | Time when user was created: deprecated, use createdAt |
| createdAt | time | Time when user was created |
1 change: 1 addition & 0 deletions docs/mql/resources/gcp-pack/gcp.project.storageservice.bucket.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ Google Cloud (GCP) Storage bucket
| iamPolicy | [][gcp.resourcemanager.binding](gcp.resourcemanager.binding.md) | IAM policy |
| iamConfiguration | dict | IAM configuration |
| retentionPolicy | dict | Retention policy |
| encryption | dict | Encryption |

**References**

Expand Down
93 changes: 93 additions & 0 deletions releases/2025-01-14-mondoo-11.37-is-out.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
---
slug: mondoo-11.37-is-out/
title: Mondoo 11.37 is out!
description: Announcing the 11.37 release of Mondoo with workspace creation from tags/labels and Mondoo annotations, plus a whole lot more!
authors: [tim]
image: /img/releases/2025-01-14-mondoo-11.37-is-out/tags.png
tags: [release, mondoo]
---

## 🥳 Mondoo 11.37 is out! This release includes workspace creation from tags/labels and Mondoo annotations, plus a whole lot more!

Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec)

---

## 🎉 NEW FEATURES

### Create workspaces from labels/tags and annotations

Create the perfect workspace for exploring assets in your infrastructure with new filtering capabilities. Now you can create a workspace that includes or excludes all assets that match certain labels or tags, such as `environment:production`, or Mondoo annotations you set, such as `priority:high`.

Create a workspace of production cloud assets:

![Workspaces selection using cloud tags](/img/releases/2025-01-14-mondoo-11.37-is-out/tags.png)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice


Create a workspace of assets you've annotated as high priority:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice way to use screenshots to do the talking for you. 👍


![Workspaces selection using Mondoo annotations](/img/releases/2025-01-14-mondoo-11.37-is-out/annotations.png)

## 🧹 IMPROVEMENTS

### Quickly find integrations

Find the right integration with less scrolling. The Add Integration page now supports search based on integration categories in addition to integration names.

![Integration filtering with a category](/img/releases/2025-01-14-mondoo-11.37-is-out/integration_filtering.png)

### Improved asset overview information

Dive into asset configuration with new first and last scan time data. Plus, now you can easily copy asset information: When you hover over any value, you see the option to copy the data to your clipboard.

![Asset overview](/img/releases/2025-01-14-mondoo-11.37-is-out/asset.png)

### Resource updates

#### aws.iam.instanceProfile

- Deprecate `createDate` in favor of a new `createdAt` field

#### aws.iam.policy

- Deprecate `createDate` in favor of a new `createdAt` field

#### aws.iam.policyversion

- Deprecate `createDate` in favor of a new `createdAt` field

#### aws.iam.role

- Deprecate `createDate` in favor of a new `createdAt` field

#### aws.iam.user

- Deprecate `createDate` in favor of a new `createdAt` field

#### aws.iam.usercredentialreportentry

- Deprecate `createDate` in favor of a new `createdAt` field

#### gcp.project.storageservice.bucket

- New `encryption` field

#### macos.alf

- Support macOS Sequoia (15) assets

## 🐛 BUG FIXES AND UPDATES

- Categorize Nmap assets as "Domains and Hosts" on the Assets page.
- Fix an `invalid reporting job` error when running certain policies.
- Fix display of score boxes on CVE and Advisory pages.
- Show assets link on AWS integrations.
- Allow creating workspaces with the asset kind value of "Virtual Machine".
- Improve reliability of some CIS/BSI Windows policy checks on non-English systems.
- Improve fetching available AWS regions.
- Expand CVE and advisory detection on Windows 2025 hosts.
- Fix user check failures on Windows when a domain user has not locally logged in.
- Fix the risk rating order in the check overview tile on asset pages.
- Update the EOL date for Amazon Linux 2023 to the extended June 30th, 2029 date.
- Rework multiple checks in the CIS Azure Foundations policy to improve reliability and readability of output.
- Fix incorrect form validation when setting up the Microsoft Defender for Cloud integration.
- Improve links to documentation on integration pages.
Binary file added static/img/releases/2025-01-14-mondoo-11.37-is-out/annotations.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added static/img/releases/2025-01-14-mondoo-11.37-is-out/asset.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
0 ...oo-11.36-is-out/integration_filtering.png → ...oo-11.37-is-out/integration_filtering.png
View file
Open in desktop
File renamed without changes
Binary file added static/img/releases/2025-01-14-mondoo-11.37-is-out/tags.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Loading