From 9de8243f1dd0701f9475b19066d1545fe0ce20b2 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Thu, 29 Feb 2024 13:47:49 -0800 Subject: [PATCH] Add 10.6 release notes Docs for the 10.6 release Signed-off-by: Tim Smith --- docs/mql/resources/aws-pack/README.md | 1 + .../aws-pack/aws.config.deliverychannel.md | 29 +++++++ docs/mql/resources/aws-pack/aws.config.md | 9 ++- docs/mql/resources/aws-pack/aws.iam.role.md | 17 +++-- docs/mql/resources/os-pack/package.md | 32 ++++---- releases/2024-03-06-mondoo-10.6-is-out.md | 76 +++++++++++++++++++ yarn.lock | 6 +- 7 files changed, 139 insertions(+), 31 deletions(-) create mode 100644 docs/mql/resources/aws-pack/aws.config.deliverychannel.md create mode 100644 releases/2024-03-06-mondoo-10.6-is-out.md diff --git a/docs/mql/resources/aws-pack/README.md b/docs/mql/resources/aws-pack/README.md index fb5b1da4c..e8b15c634 100644 --- a/docs/mql/resources/aws-pack/README.md +++ b/docs/mql/resources/aws-pack/README.md @@ -45,6 +45,7 @@ In this pack: | [aws.codebuild](aws.codebuild.md) | AWS CodeBuild for building and testing code | | [aws.codebuild.project](aws.codebuild.project.md) | AWS CodeBuild project | | [aws.config](aws.config.md) | AWS config | +| [aws.config.deliverychannel](aws.config.deliverychannel.md) | AWS config delivery channel | | [aws.config.recorder](aws.config.recorder.md) | AWS config recorder | | [aws.config.rule](aws.config.rule.md) | AWS config rule | | [aws.dms](aws.dms.md) | AWS Database Migration Service (DMS) | diff --git a/docs/mql/resources/aws-pack/aws.config.deliverychannel.md b/docs/mql/resources/aws-pack/aws.config.deliverychannel.md new file mode 100644 index 000000000..2a9091f92 --- /dev/null +++ b/docs/mql/resources/aws-pack/aws.config.deliverychannel.md @@ -0,0 +1,29 @@ +--- +title: aws.config.deliverychannel +id: aws.config.deliverychannel +sidebar_label: aws.config.deliverychannel +displayed_sidebar: MQL +description: AWS config delivery channel +--- + +# aws.config.deliverychannel + +**Supported platform** + +- aws + +**Description** + +AWS config delivery channel + +The `aws.config.deliverychannel` resource provides fields representing an individual AWS Config delivery channel configured within an account. For usage, read the `aws.config` resource documentation. + +**Fields** + +| ID | TYPE | DESCRIPTION | +| ------------ | ------ | -------------------------------------------------------------------- | +| name | string | Name of the delivery channel | +| s3BucketName | string | S3 bucket name where configuration snapshots are delivered | +| s3KeyPrefix | string | Prefix for the S3 bucket where configuration snapshots are delivered | +| snsTopicARN | string | ARN of the SNS topic that AWS Config delivers notifications to | +| region | string | Region for the delivery channel | diff --git a/docs/mql/resources/aws-pack/aws.config.md b/docs/mql/resources/aws-pack/aws.config.md index 0f87544d6..1940230c0 100644 --- a/docs/mql/resources/aws-pack/aws.config.md +++ b/docs/mql/resources/aws-pack/aws.config.md @@ -20,10 +20,11 @@ Use the `aws.config` resource to assess the configuration of the AWS Config serv **Fields** -| ID | TYPE | DESCRIPTION | -| --------- | ------------------------------------------------------- | -------------------------------------------------------------- | -| recorders | [][aws.config.recorder](aws.config.recorder.md) | List of configuration recorders for each region in the account | -| rules | [][aws.config.rule](aws.config.rule.md) | List of AWS Config rules | +| ID | TYPE | DESCRIPTION | +| ---------------- | --------------------------------------------------------------------- | -------------------------------------------------------------- | +| recorders | [][aws.config.recorder](aws.config.recorder.md) | List of configuration recorders for each region in the account | +| rules | [][aws.config.rule](aws.config.rule.md) | List of AWS Config rules | +| deliveryChannels | [][aws.config.deliverychannel](aws.config.deliverychannel.md) | List of delivery channels for each region in the account | **Examples** diff --git a/docs/mql/resources/aws-pack/aws.iam.role.md b/docs/mql/resources/aws-pack/aws.iam.role.md index 1abd8e5c9..219b382a1 100644 --- a/docs/mql/resources/aws-pack/aws.iam.role.md +++ b/docs/mql/resources/aws-pack/aws.iam.role.md @@ -20,11 +20,12 @@ The `aws.iam.role` provides fields for assessing the configuration of individual **Fields** -| ID | TYPE | DESCRIPTION | -| ----------- | ----------------- | ------------------------------ | -| arn | string | ARN of the role | -| id | string | ID of the role | -| name | string | Name of the role | -| description | string | Description of the role | -| tags | map[string]string | Tags associated with the role | -| createDate | time | Time when the role was created | +| ID | TYPE | DESCRIPTION | +| ------------------------ | ----------------- | ----------------------------------------------------------------------- | +| arn | string | ARN of the role | +| id | string | ID of the role | +| name | string | Name of the role | +| description | string | Description of the role | +| tags | map[string]string | Tags associated with the role | +| createDate | time | Time when the role was created | +| assumeRolePolicyDocument | dict | The policy document that grants an entity permission to assume the role | diff --git a/docs/mql/resources/os-pack/package.md b/docs/mql/resources/os-pack/package.md index e2e5b0559..e9f050863 100644 --- a/docs/mql/resources/os-pack/package.md +++ b/docs/mql/resources/os-pack/package.md @@ -18,19 +18,19 @@ package(name string) **Fields** -| ID | TYPE | DESCRIPTION | -| ----------- | --------------------------------------- | ------------------------------------------------- | -| name | string | Name of the package | -| description | string | Package description | -| version | string | Current version of the package | -| arch | string | Architecture of this package | -| epoch | string | Epoch of this package | -| format | string | Format of this package (e.g., rpm, deb) | -| status | string | Status of this package (e.g., if it is needed) | -| purl | string | Package URL | -| cpes | []core.cpe | Common Platform Enumeration (CPE) for the package | -| origin | string | Package origin (optional) | -| available | string | Available version | -| installed | bool | Whether the package is installed | -| outdated | bool | Whether the package is outdated | -| files | [][pkgFileInfo](pkgfileinfo.md) | Package files | +| ID | TYPE | DESCRIPTION | +| ----------- | --------------------------------------- | ------------------------------------------------------------ | +| name | string | Name of the package | +| description | string | Package description | +| version | string | Current version of the package | +| arch | string | Architecture of this package | +| epoch | string | Epoch of this package | +| format | string | Format of this package (e.g., rpm, deb) | +| status | string | Status of this package (e.g., if it is needed) | +| purl | string | Package URL | +| cpes | []core.cpe | Common Platform Enumeration (CPE) for the package | +| origin | string | Package origin, may includes version if available (optional) | +| available | string | Available version | +| installed | bool | Whether the package is installed | +| outdated | bool | Whether the package is outdated | +| files | [][pkgFileInfo](pkgfileinfo.md) | Package files | diff --git a/releases/2024-03-06-mondoo-10.6-is-out.md b/releases/2024-03-06-mondoo-10.6-is-out.md new file mode 100644 index 000000000..6a0c6337f --- /dev/null +++ b/releases/2024-03-06-mondoo-10.6-is-out.md @@ -0,0 +1,76 @@ +--- +slug: mondoo-10.6-is-out/ +title: Mondoo 10.6 is out! +author: Tim Smith +author_title: Mondoo Core Team +author_url: https://github.com/tas50 +tags: [release, mondoo] +--- + +## ๐Ÿฅณ Mondoo 10.6 is out! This release includes FOO, BAR, BAZ, and more! + +Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec) + +--- + +## ๐ŸŽ‰ NEW FEATURES + +### Convert types in MQL + +https://github.com/mondoohq/cnquery/pull/3463 + +### Open source Mondoo documentation + +DEETS + +## ๐Ÿงน IMPROVEMENTS + +### Resource improvements + +#### package + +- Add new `originVersion` field on Debian Linux based assets. +- Include version data in the `origin` field for source packages on Debian Linux based assets. + +### Filter AWS scans by region + +https://github.com/mondoohq/cnquery/pull/3225 + +```bash +cnquery shell aws --filters all:region=us-east-2 +cnquery shell aws --filters region=us-east-2 +cnquery shell aws --filters ec2:region=us-east-2 +``` + +### Improved policy check impact scores + +https://github.com/mondoohq/cnspec-enterprise-policies/pull/709 + +### Improved AWS policies + +- https://github.com/mondoohq/cnspec-enterprise-policies/pull/703 +- https://github.com/mondoohq/cnspec-enterprise-policies/pull/747 +- https://github.com/mondoohq/cnspec-enterprise-policies/pull/701 +- https://github.com/mondoohq/cnspec-enterprise-policies/pull/742 +- https://github.com/mondoohq/cnspec-enterprise-policies/pull/719 +- https://github.com/mondoohq/cnspec-enterprise-policies/pull/711 +- https://github.com/mondoohq/cnspec-enterprise-policies/pull/715 + +## ๐Ÿ› BUG FIXES AND UPDATES + +- Improve reliability of fetching CVE data for assets. +- Only show unresolved CVEs in the asset CVE list. +- Fix package CVE false positives for some Debian packages. +- Fix CVEs not showing after the first asset scan. +- Fix failures scanning a GitHub organization if the supplied token cannot access all repositories. +- Only show the options to add new integrations when the user has the appropriate permissions for the space. +- Change documentation links in the console to go directly to Mondoo Platform documentation. +- Improve how space owners are listed in the Organization dashboard's CVE list. +- Fix policy recommendation during the Kubernetes integration setup. +- Show EPSS scores with a single decimal point in all locations. +- Don't fail scanning if the location of an S3 bucket cannot be determined. +- Return more than 100 Microsoft 365 users in queries. +- Improve output of the `Ensure macOS is up to date` check in the macOS Security policy. +- Distinguish between domain controllers and member servers in Windows Security policy checks. +- Improve empty states for software, CVE, and advisory asset page tabs. +- Improve rendering of columns in the asset page's advisories tab. diff --git a/yarn.lock b/yarn.lock index cf6fbf40f..5a9c63be0 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3824,9 +3824,9 @@ ee-first@1.1.1: integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow== electron-to-chromium@^1.4.668: - version "1.4.691" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.691.tgz#e3c49de174b36b2bb96d09f44c81ff8ba273d775" - integrity sha512-vJ+/LmKja/St8Ofq4JGMFVZuwG7ECU6akjNSn2/g6nv8xbIBOWGlEs+WA8/3XaWkU0Nlyu0iFGgOxC4mpgFjgA== + version "1.4.692" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.692.tgz#82139d20585a4b2318a02066af7593a3e6bec993" + integrity sha512-d5rZRka9n2Y3MkWRN74IoAsxR0HK3yaAt7T50e3iT9VZmCCQDT3geXUO5ZRMhDToa1pkCeQXuNo+0g+NfDOVPA== emoji-regex@^8.0.0: version "8.0.0"