Add 11.17 release notes (#309)

* Add 11.17 release notes New week. New release Signed-off-by: Tim Smith <[email protected]> * Crop the image better Signed-off-by: Tim Smith <[email protected]> * Apply suggestions from code review Co-authored-by: Letha <[email protected]> * Save the IaC category for next week Signed-off-by: Tim Smith <[email protected]> --------- Signed-off-by: Tim Smith <[email protected]> Co-authored-by: Letha <[email protected]>
mondoohq · Aug 14, 2024 · 6b7e700 · 6b7e700
1 parent e253ceb
commit 6b7e700
Show file tree

Hide file tree

Showing 4 changed files with 181 additions and 11 deletions.
diff --git a/releases/2024-08-13-mondoo-11.17-is-out.md b/releases/2024-08-13-mondoo-11.17-is-out.md
@@ -0,0 +1,170 @@
+---
+slug: mondoo-11.17-is-out/
+title: Mondoo 11.17 is out!
+description: Announcing the 11.17 release of Mondoo, with Dockerfile security, all-new AWS security policies, and piles of new resources!
+authors: [tim]
+image: /img/releases/2024-08-07-mondoo-11.17-is-out/empty_state.png
+tags: [release, mondoo]
+---
+
+## 🥳 Mondoo 11.17 is out! This release includes Dockerfile security, all-new AWS security policies, and piles of new resources!
+
+Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec)
+
+---
+
+## 🎉 NEW FEATURES
+
+### New Dockerfile Security policy
+
+Secure your container workloads before they run in production with our new Dockerfile Security policy. With automatic Dockerfile discovery in GitHub and GitLab and this new policy, you can evaluate the security of Dockerfiles no matter where they're hiding. Once you've secured your existing files, keep them secure with Dockerfile scanning in CI pipelines.
+
+![Dockerfile policy](/img/releases/2024-08-13-mondoo-11.17-is-out/dockerfile.png)
+
+### New CIS AWS Database Services Benchmark policy
+
+Keep your most valuable business data secure with the new CIS AWS Database Services benchmark policy. This policy includes security recommendations for Amazon's most popular database services:
+
+- Amazon Aurora
+- Amazon DynamoDB
+- Amazon ElastiCache
+- Amazon Neptune
+- Amazon RDS
+- Amazon Timestream
+
+### Mew Mondoo Amazon Web Services (AWS) GuardDuty policy
+
+Make the most of AWS GuardDuty with our new Mondoo Amazon Web Services (AWS) GuardDuty policy. This policy includes checks to ensure that GuardDuty is properly enabled and configured for EC2, EKS, IAM, Lambda, and S3 security.
+
+### Mondoo Amazon Web Services (AWS) IAM Access Analyzer policy
+
+Cloud security starts with securing access to critical resources. With the new Mondoo Amazon Web Services (AWS) IAM Access Analyzer policy you can now ensure that IAM Access Analyzer is enabled and properly configured.
+
+## 🧹 IMPROVEMENTS
+
+### Newly certified CIS benchmark policies
+
+Our CIS Red Hat Enterprise Linux, Oracle Linux, AlmaLinux, and Rocky Linux 9 policies are better than ever with updates to improve reliability and query output. Even better, these policies are now certified to pass the rigorous CIS benchmark validation process, so you can be confident they'll secure even the most complex enterprise Linux installations.
+
+### Jump right to the point
+
+Now you find what you're looking for with fewer clicks thanks to improved linking behavior on affected assets pages. Links to assets now go directly to the asset result instead of the main asset page, so you can spend your time remediating findings instead of searching for them.
+
+### Resource updates
+
+#### aws.dynamodb.table
+
+- New `items` field
+- New `latestStreamArn` field
+
+#### aws.elasticache
+
+- New `serverlessCaches` field using the new `aws.elasticache.serverlessCache` resource
+
+#### aws.guardduty.detector
+
+- New `features` field
+- New `findings` field using the new `aws.guardduty.finding` resource
+- New `tags` field
+- Improve performance fetching detector details
+
+#### aws.iam.accessAnalyzer
+
+- Renamed from `aws.accessAnalyzer` with backward compatibility for existing policies
+- New `findings` field using the new `aws.iam.accessanalyzer.finding` resource
+
+#### aws.iam.accessanalyzer.analyzer
+
+- New `region` field
+- Include organization-level analyzers as well as activated but unused analyzers
+
+#### aws.neptune
+
+- New resource for the AWS Neptune graph database
+- `clusters` field using the new `aws.neptune.cluster` resource
+- `instances` field using the new `aws.neptune.instance` resource
+
+#### aws.rds
+
+- New `allPendingMaintenanceActions` field using the new `aws.rds.pendingMaintenanceAction` resource
+- Deprecate the `dbInstances` field in favor of a new `instances` field
+- Deprecate the `dbClusters` field in favor of a new `clusters` field
+
+#### aws.rds.dbcluster and aws.rds.dbinstance
+
+- New `activityStreamMode` field
+- New `activityStreamStatus` field
+- New `certificateAuthority` field
+- New `certificateExpiresAt` field
+- New `enabledCloudwatchLogsExports` field
+- New `iamDatabaseAuthentication` field
+- New `monitoringInterval` field
+- New `networkType` field
+- New `preferredBackupWindow` field
+- New `preferredMaintenanceWindow` field
+- Improve performance fetching security groups details
+- Don't include non-RDS engine results
+
+#### aws.timestream.liveanalytics
+
+- New resource with `databases` and `tables` fields
+
+#### aws.vpc
+
+- New `name` field
+
+#### azure.subscription.cloudDefender
+
+- Check the pricing tier for the Servers plan when verifying that Azure's Defender for Servers is enabled
+
+#### microsoft.application
+
+- New `certificates` field using the new `microsoft.keyCredential` resource
+- New `createdAt` field
+- New `description` field
+- New `hasExpiredCredentials` field
+- New `info` field
+- New `name` field
+- New `notes` field
+- New `secrets` field using the new `microsoft.passwordCredential` resource
+- New `tags` field
+
+#### microsoft.group
+
+- New `members` field
+
+#### microsoft.user
+
+- New `owners` field
+
+#### product.eol
+
+Use this new resource to look up end-of-life status for common products. Example:
+
+```coffee
+cnquery> product(name: "php", version: "8.1").releaseCycle { * }
+product.releaseCycle: {
+  endOfLife: 2025-12-31 01:00:00 +0100 CET
+  endOfExtendedSupport: 719528 days
+  cycle: "8.1"
+  lastReleaseDate: 2024-06-06 02:00:00 +0200 CEST
+  name: ""
+  link: "https://www.php.net/supported-versions.php"
+  latestVersion: "8.1.29"
+  endOfActiveSupport: 2023-11-25 01:00:00 +0100 CET
+  firstReleaseDate: 2021-11-25 01:00:00 +0100 CET
+}
+```
+
+## 🐛 BUG FIXES AND UPDATES
+
+- Fix a false negative result in the CIS Microsoft 365 policy's "Ensure a dynamic group for guest users is created" check.
+- Add VPC name to asset overview information.
+- Don't execute CIS Windows workstation benchmarks on server releases.
+- Improve the default data returned by the `k8s.node` resource.
+- On the Available Frameworks page, make compliance framework descriptions more concise.
+- Add an AWS CloudFormation policy variant icon on policy pages.
+- Fix missing risk factors in the affected assets views.
+- Show the risk score instead of CVSS scores in asset CVE tables.
+- Allow sorting by risk score in tables.
+- Fix Windows asset information not returning on some Windows releases if WinRM is disabled.
diff --git a/static/img/releases/2024-08-13-mondoo-11.17-is-out/dockerfile.png b/static/img/releases/2024-08-13-mondoo-11.17-is-out/dockerfile.png
diff --git a/static/img/releases/2024-08-20-mondoo-11.18-is-out/iac_category.png b/static/img/releases/2024-08-20-mondoo-11.18-is-out/iac_category.png
diff --git a/yarn.lock b/yarn.lock
@@ -2182,11 +2182,11 @@
     "@types/node" "*"
 
 "@types/node@*":
-  version "22.2.0"
-  resolved "https://registry.yarnpkg.com/@types/node/-/node-22.2.0.tgz#7cf046a99f0ba4d628ad3088cb21f790df9b0c5b"
-  integrity sha512-bm6EG6/pCpkxDf/0gDNDdtDILMOHgaQBVOJGdwsqClnxA3xL6jtMv76rLBc006RVMWbmaf0xbmom4Z/5o2nRkQ==
+  version "22.3.0"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-22.3.0.tgz#7f8da0e2b72c27c4f9bd3cb5ef805209d04d4f9e"
+  integrity sha512-nrWpWVaDZuaVc5X84xJ0vNrLvomM205oQyLsRt7OHNZbSHslcWsvgFR7O7hire2ZonjLrWBbedmotmIlJDVd6g==
   dependencies:
-    undici-types "~6.13.0"
+    undici-types "~6.18.2"
 
 "@types/node@^17.0.5":
   version "17.0.45"
@@ -3718,9 +3718,9 @@ [email protected]:
   integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==
 
 electron-to-chromium@^1.5.4:
-  version "1.5.6"
-  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.6.tgz#c81d9938b5a877314ad370feb73b4e5409b36abd"
-  integrity sha512-jwXWsM5RPf6j9dPYzaorcBSUg6AiqocPEyMpkchkvntaH9HGfOOMZwxMJjDY/XEs3T5dM7uyH1VhRMkqUU9qVw==
+  version "1.5.7"
+  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.7.tgz#425d2a7f76ecfa564fdca1040d11fb1979851f3c"
+  integrity sha512-6FTNWIWMxMy/ZY6799nBlPtF1DFDQ6VQJ7yyDP27SJNt5lwtQ5ufqVvHylb3fdQefvRcgA3fKcFMJi9OLwBRNw==
 
 emoji-regex@^8.0.0:
   version "8.0.0"
@@ -8065,10 +8065,10 @@ typescript@^5.5.3:
   resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.5.4.tgz#d9852d6c82bad2d2eda4fd74a5762a8f5909e9ba"
   integrity sha512-Mtq29sKDAEYP7aljRgtPOpTvOfbwRWlS6dPRzwjdE+C0R4brX/GUyhHSecbHMFLNBLcJIPt9nl9yG5TZ1weH+Q==
 
-undici-types@~6.13.0:
-  version "6.13.0"
-  resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.13.0.tgz#e3e79220ab8c81ed1496b5812471afd7cf075ea5"
-  integrity sha512-xtFJHudx8S2DSoujjMd1WeWvn7KKWFRESZTMeL1RptAYERu29D6jphMjjY+vn96jvN3kVPDNxU/E13VTaXj6jg==
+undici-types@~6.18.2:
+  version "6.18.2"
+  resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.18.2.tgz#8b678cf939d4fc9ec56be3c68ed69c619dee28b0"
+  integrity sha512-5ruQbENj95yDYJNS3TvcaxPMshV7aizdv/hWYjGIKoANWKjhWNBsr2YEuYZKodQulB1b8l7ILOuDQep3afowQQ==
 
 unicode-canonical-property-names-ecmascript@^2.0.0:
   version "2.0.0"