-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add 10.8 release notes Signed-off-by: Tim Smith <[email protected]> * Add cgr Signed-off-by: Tim Smith <[email protected]> * Update releases/2024-03-19-mondoo-10.8-is-out.md Co-authored-by: Letha <[email protected]> * Update releases/2024-03-19-mondoo-10.8-is-out.md Co-authored-by: Letha <[email protected]> * Update releases/2024-03-19-mondoo-10.8-is-out.md Co-authored-by: Letha <[email protected]> * Update releases/2024-03-19-mondoo-10.8-is-out.md Co-authored-by: Letha <[email protected]> * Update releases/2024-03-19-mondoo-10.8-is-out.md Co-authored-by: Letha <[email protected]> * Update releases/2024-03-19-mondoo-10.8-is-out.md Co-authored-by: Letha <[email protected]> * Update releases/2024-03-19-mondoo-10.8-is-out.md Co-authored-by: Letha <[email protected]> --------- Signed-off-by: Tim Smith <[email protected]> Co-authored-by: Letha <[email protected]>
- Loading branch information
1 parent
c2d5936
commit b6b2462
Showing
4 changed files
with
633 additions
and
535 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,97 @@ | ||
| --- | ||
| slug: mondoo-10.8-is-out/ | ||
| title: Mondoo 10.8 is out! | ||
| author: Tim Smith | ||
| author_title: Mondoo Core Team | ||
| author_url: https://github.com/tas50 | ||
| tags: [release, mondoo] | ||
| --- | ||
|
|
||
| ## 🥳 Mondoo 10.8 is out! This release includes a NIST CSF 2.0 compliance, Okta and Entra ID SCIM, expanded policies, and more! | ||
|
|
||
| Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec) | ||
|
|
||
| --- | ||
|
|
||
| ## 🎉 NEW FEATURES | ||
|
|
||
| ### Okta and Microsoft Entra ID SCIM 2.0 support | ||
|
|
||
| There's nothing worse than the endless stream of tickets to add, remove, or change user access to SaaS services. Now, with Okta and Microsoft Entra ID SCIM 2.0 support in Mondoo private instances, that's a thing of the past. Sync your users and groups automatically so the right users always have the proper access, keeping your auditors happy without a ticket in sight. Did that big budget increase finally allow you to expand your security team? Automatically provision access for your new team members as they start. Time to promote an engineer into management to wrangle your growing team? Automatically provide that employee with the appropriate administrative access to Mondoo spaces and organizations. Contact your support representative to learn more about enabling SCIM 2.0 support, including automated deployment options with the Mondoo Terraform provider. | ||
|
|
||
| ### NIST Cybersecurity Framework (CSF) 2.0 support | ||
|
|
||
| Automatically track your compliance against the [newly released NIST Cybersecurity Framework (CSF) 2.0](https://www.nist.gov/news-events/news/2024/02/nist-releases-version-20-landmark-cybersecurity-framework). With CIS benchmark checks automatically mapped to the 104 new CSF 2.0 controls, you can enable policies and watch the results flow in showing where you stack up against these updated NIST recommendations. | ||
|
|
||
|  | ||
|
|
||
| ## 🧹 IMPROVEMENTS | ||
|
|
||
| ### Resource improvements | ||
|
|
||
| #### gcp.project.computeService.attachedDisk | ||
|
|
||
| - Add a new `source` field. | ||
|
|
||
| #### AWS Resources | ||
|
|
||
| - Improve handling of integer values in AWS. Fields representing maximum/minimum values, such as `aws.cloudfront.distribution.origin.connectionTimeout`, now return `0` when no value has been set. When a field represents a port value, such as `aws.rds.dbInstance.port`, Mondoo now represents unset values as `-1`. | ||
|
|
||
| ### Expanded CIS GCP Foundations policy | ||
|
|
||
| Catch security problems before they reach production without the need for multiple tools and security policies. New Terraform variants in the CIS GCP Foundations benchmark policy provide a single check for both running GCP assets and the Terraform code that generates those assets. Learn more about securing Terraform code using Mondoo in the [Mondoo docs](https://mondoo.com/docs/cnspec/supplychain/terraform/). | ||
|
|
||
| ### New CLI flags for inventory files | ||
|
|
||
| New simpler command line flags make it clearer how to use inventory files with cnspec and how to specify different inventory formats: | ||
|
|
||
| - `--inventory-file string`: Set the path to the inventory file. | ||
| - `--inventory-format-ansible`: Set the inventory format to Ansible. | ||
| - `--inventory-format-domainlist`: Set the inventory format to domain list. | ||
|
|
||
| ### Additional package data in SBOMs | ||
|
|
||
| SBOM files generated with `cnquery sbom` now include each installed package's origin and architecture data. | ||
|
|
||
| ### Improved AWS instance naming / tagging | ||
|
|
||
| AWS instances scanned with SSM or through the Mondoo Platform AWS integration include new configuration information to make them easier to find and understand: | ||
|
|
||
| - Asset names now use the AWS instance name (if the instance has a name) | ||
| - New `mondoo.com/parent-id`, `mondoo.com/instance-id`, and `mondoo.com/ssm-connection` labels display on each AWS instance asset. | ||
|
|
||
| ### Wolfi container package detection | ||
|
|
||
| Expose package information in Chainguard's Wolfi "un-distribution" with support for Wolfi's APK packages: | ||
|
|
||
| ```shell | ||
| cnquery shell container image cgr.dev/chainguard/caddy | ||
| → connected to Wolfi | ||
| ___ _ __ __ _ _ _ ___ _ __ _ _ | ||
| / __| '_ \ / _` | | | |/ _ \ '__| | | | | ||
| | (__| | | | (_| | |_| | __/ | | |_| | | ||
| \___|_| |_|\__, |\__,_|\___|_| \__, | | ||
| mondoo™ |_| |___/ interactive shell | ||
|
|
||
| cnquery> packages | ||
| packages.list: [ | ||
| 0: package name="ca-certificates-bundle" version="1708982311:20240226-r0" | ||
| 1: package name="caddy" version="1710420294:2.7.6-r4" | ||
| 2: package name="wolfi-baselayout" version="1701735113:20230201-r7" | ||
| ] | ||
| ``` | ||
| ## 🐛 BUG FIXES AND UPDATES | ||
| - Resolve failures scanning Amazon ECR. | ||
| - Add missing description and remediation step in `NSA PowerShell: Security Measures to Use and Embrace` policy. | ||
| - Update searches on the space page to be case-insensitive. | ||
| - Improve reliability of queries in the CIS Azure Foundations and AWS Operational Best Practices policies. | ||
| - Remove any pending space invites if the inviter no longer has the necessary privileges to invite users. | ||
| - Fix failures loading software pages on an asset due to duplicate discovered packages. | ||
| - When an Ansible inventory file is malformed, display an error message instead of returning 0 assets. | ||
| - Support generating Ubuntu CPEs in SBOMs on the upcoming Ubuntu 24.04 release. | ||
| - Fix failures scanning AWS instances from the AWS integration. | ||
| - Improve checks for LAPS on Windows assets in CIS/BSI policies. | ||
| - Improve checks for anonymous pipe access on Windows assets to account for differences between domain controllers and domain member servers. | ||
| - Improve the descriptions and remediation text in the AWS Operational Best Practices policies. |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.