Add 11.31 release notes

.github/actions/spelling/expect.txt

@@ -19,6 +19,7 @@ APK
 apparmor
 appengine
 applicationinsight
+approvalsetting
 appsettings
 appstore
 ashburn
@@ -110,6 +111,7 @@ EDE
 efbe
 efc
 efcfc
+efi
 Ehd
 eig
 eip
@@ -371,12 +373,11 @@ Wib
 widescale
 wil
 winhttp
+winnt
 winsock
 WNl
 wolfi
 wordpress
-efi
-winnt
 Xmit
 xmna
 Xnp

docs/mql/resources/gitlab-pack/gitlab.group.md

@@ -8,10 +8,6 @@ description: GitLab group
 
 # gitlab.group
 
-**Maturity**
-
-experimental
-
 **Description**
 
 GitLab group

docs/mql/resources/gitlab-pack/gitlab.project.approvalsetting.md

@@ -22,3 +22,4 @@ GitLab project approval settings
 | mergeRequestsAuthorApproval               | bool | Whether author of merge request can approve                                          |
 | mergeRequestsDisableCommittersApproval    | bool | Whether users are prevented from overriding a committer's approval for merge request |
 | requirePasswordToApprove                  | bool | Whether a password is required to approve                                            |
+| selectiveCodeOwnerRemovals                | bool | Whether approvals are reset from Code Owners if their files changed                  |

docs/mql/resources/gitlab-pack/gitlab.project.md

@@ -8,10 +8,6 @@ description: GitLab project
 
 # gitlab.project
 
-**Maturity**
-
-experimental
-
 **Description**
 
 GitLab project
@@ -51,3 +47,7 @@ GitLab project
 | projectMembers                            | [][gitlab.project.member](gitlab.project.member.md)                   | List of members in the project with their roles                                |
 | projectFiles                              | [][gitlab.project.file](gitlab.project.file.md)                       | List of files in the project repository                                        |
 | webhooks                                  | [][gitlab.project.webhook](gitlab.project.webhook.md)                 | List of webhooks for the project                                               |
+| jobsEnabled                               | bool                                                                          | Whether CI jobs are enabled                                                    |
+| emptyRepo                                 | bool                                                                          | Whether the repo is empty                                                      |
+| sharedRunnersEnabled                      | bool                                                                          | Whether the project is enabled for shared runners                              |
+| groupRunnersEnabled                       | bool                                                                          | Whether the project is enabled for group runners                               |

docs/mql/resources/gitlab-pack/gitlab.project.member.md

@@ -14,8 +14,10 @@ GitLab project member
 
 **Fields**
 
-| ID   | TYPE   | DESCRIPTION |
-| ---- | ------ | ----------- |
-| id   | int    | Member ID   |
-| name | string | Member name |
-| role | string | Member role |
+| ID       | TYPE   | DESCRIPTION     |
+| -------- | ------ | --------------- |
+| id       | int    | Member ID       |
+| name     | string | Member name     |
+| role     | string | Member role     |
+| username | string | Member username |
+| state    | string | Member state    |

package.json

@@ -15,11 +15,11 @@
     "write-heading-ids": "docusaurus write-heading-ids"
   },
   "dependencies": {
-    "@algolia/client-search": "^5.14.2",
-    "@docusaurus/core": "^3.6.1",
-    "@docusaurus/plugin-client-redirects": "^3.6.1",
-    "@docusaurus/preset-classic": "^3.6.1",
-    "@docusaurus/theme-search-algolia": "^3.6.1",
+    "@algolia/client-search": "^5.15.0",
+    "@docusaurus/core": "^3.6.2",
+    "@docusaurus/plugin-client-redirects": "^3.6.2",
+    "@docusaurus/preset-classic": "^3.6.2",
+    "@docusaurus/theme-search-algolia": "^3.6.2",
     "@fontsource/roboto": "^5.1.0",
     "@mdx-js/react": "^3.1.0",
     "@stackql/docusaurus-plugin-hubspot": "^1.1.0",
@@ -58,7 +58,7 @@
     ]
   },
   "devDependencies": {
-    "@docusaurus/tsconfig": "^3.6.1",
+    "@docusaurus/tsconfig": "^3.6.2",
     "@types/react": "^18.3.12",
     "@types/react-helmet": "^6.1.11",
     "@types/react-router-dom": "^5.3.3",

releases/2024-11-19-mondoo-11.31-is-out.md

@@ -0,0 +1,89 @@
+---
+slug: mondoo-11.31-is-out/
+title: Mondoo 11.31 is out!
+description: Announcing the 11.31 release of Mondoo with asset inventory exploration, NGINX security, expanded risk detection, and more!
+authors: [tim]
+image: /img/releases/2024-11-19-mondoo-11.31-is-out/query_pack_assets.png
+tags: [release, mondoo]
+---
+
+## 🥳 Mondoo 11.31 is out! This release includes asset inventory exploration, NGINX security, expanded risk detection, and more!
+
+Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec)
+
+---
+
+## 🎉 NEW FEATURES
+
+### Explore query packs results space-wide
+
+Understand the configuration of systems throughout your spaces with query packs. Query pack pages now expose results returned for each asset. Use Mondoo's two dozen out-of-the-box query packs to expose important configuration data such as running processes or available memory. If those query packs don't include quite what you need, write your own query packs to expose business-specific asset configuration data throughout your spaces.
+
+![Space-wide asset queries](/img/releases/2024-11-19-mondoo-11.31-is-out/query_pack_assets.png)
+
+### New CIS NGINX benchmark policies
+
+Keep critical web servers, proxy servers, and load balancers secure with new CIS NGINX benchmarks. These six policies include 91 checks in total designed to ensure that NGINX is not only installed securely but configured to protect sensitive data from prying eyes.
+
+![NGINX policy page](/img/releases/2024-11-19-mondoo-11.31-is-out/nginx_policy.png)
+
+### Run Mondoo in Azure Cloud Shell
+
+Secure your Azure subscriptions without complex Entra ID and Azure configuration. Now Mondoo can install and run directly in Azure Cloud Shell: Simply paste the Workstation Quick Setup command in Azure Cloud Shell.
+
+![Azure CloudShell Installation](/img/releases/2024-11-19-mondoo-11.31-is-out/cloudshell_install.png)
+
+## 🧹 IMPROVEMENTS
+
+### Priority findings on the spaces page
+
+Quickly understand the spaces that need your attention the most with a count of priority findings shown on the spaces page. The number of priority findings is the total of all critical and high findings on the space. Mondoo highlights them to help you to better prioritize your effort.
+
+![Spaces page tiles](/img/releases/2024-11-19-mondoo-11.31-is-out/priority_findings.png)
+
+### Faster load times in compliance
+
+Track your compliance quicker than ever, with up to 10x faster load times in the Compliance Frameworks page.
+
+### Additional risk factors for FTP servers
+
+Prioritize the risks that matter the most with new risk factors for assets running vsftp, Pure-FTPd, and ProFTPD FTP servers.
+
+![New risk factors in Security Model configuration](/img/releases/2024-11-19-mondoo-11.31-is-out/risk_factors.png)
+
+### Updated CIS Debian 11 Benchmark policy 2.0.0
+
+With 665 updates including new and improved checks, descriptions, and remediation steps, this updated keeps your Debian 11 systems secure against the latest threats.
+
+### Resource updates
+
+#### gitlab.project
+
+- New `emptyRepo` field
+- New `groupRunnersEnabled` field
+- New `jobsEnabled` field
+- New `sharedRunnersEnabled` field
+
+#### gitlab.project.approvalsetting
+
+- New `selectiveCodeOwnerRemovals` field
+
+#### gitlab.project.member
+
+- New `state` field
+- New `username` field
+
+## 🐛 BUG FIXES AND UPDATES
+
+- Improve the rendering of descriptions and remediation steps in the Mondoo Linux Security policy.
+- Move all service checks in the Mondoo Linux Security policy into a Sensitive Services chapter.
+- Expand the Mondoo Linux Security policy `Ensure FTP servers are stopped and not enabled` check to include Pure-FTPd and ProFTPD.
+- Expand the Mondoo Linux Security policy's `Ensure IMAP and POP3 servers are stopped and not enabled` check to include the Cyrus IMAP server.
+- Expand the Mondoo Linux Security policy's `Ensure DNS server is stopped and not enabled`, `Ensure NIS server is stopped and not enabled`, and `Ensure talk server is stopped and not enabled` checks to support Debian- and Ubuntu-based systems.
+- Add remediation steps for SLES/openSUSE to the Mondoo Linux Security policy.
+- Fix the Mondoo Linux Security policy's `Ensure SSH Protocol is set to 2` check incorrectly running on Ubuntu 24.04 systems.
+- Fix the Mondoo Linux Security policy's `Ensure mail transfer agent is configured for local-only mode` incorrectly identifying the IPv6 loopback address.
+- Ensure that the remediation steps in the Mondoo Linux Security policy include service restarts where necessary.
+- Fix failing compliance reports in some spaces.
+- Fix some AWS and Azure platforms not displaying correctly in the inventory overview.
+- Fix the link to the CloudFormation template during AWS Serverless integration setup with non-us-east-1 regions.