Add 11.8 release notes

.github/actions/spelling/expect.txt

@@ -3,6 +3,7 @@ aaaaaaaavixjk
 AAAAB
 abcbcada
 abelhju
+ACCOUNTADMIN
 acr
 activitylog
 adduser
@@ -89,6 +90,7 @@ cyclonedx
 CYEXAMPLEKEY
 datacompute
 datapath
+DATAUSER
 dcea
 Ddos
 debconf

releases/2024-06-11-mondoo-11.8-is-out.md

@@ -0,0 +1,230 @@
+---
+slug: mondoo-11.8-is-out/
+title: Mondoo 11.8 is out!
+description: Announcing the 11.8 release of Mondoo, with fine-grained cloud asset scanning, enhanced software inventory, Snowflake scanning, and more!
+author: Tim Smith
+author_title: Mondoo Core Team
+author_url: https://github.com/tas50
+image: /img/featured_img/release-feature.jpg
+tags: [release, mondoo]
+---
+
+## 🥳 Mondoo 11.8 is out! This release includes fine-grained cloud asset scanning, enhanced software inventory, Snowflake scanning, and more!
+
+Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec)
+
+---
+
+## 🎉 NEW FEATURES
+
+### Fine-grained cloud asset scanning
+
+Bring greater visibility to your cloud security posture with new fine-grained asset scanning for Azure, Google Cloud, and Mondoo-hosted AWS integrations. Mondoo now discovers and scans common cloud resources such as load balancers, virtual networks, or storage buckets as individual assets, giving you improved visibility into the security posture of your most important cloud assets.
+
+![Granular Cloud Assets](/img/releases/2024-06-11-mondoo-11.8-is-out/granular_assets.png)
+
+#### Expanded asset inventory
+
+With fine-grained asset scanning you can quickly find and understand cloud assets across multiple providers or accounts—all within Mondoo. Search for resources by name or type using our newly expanded search capabilities.
+
+![Asset search](/img/releases/2024-06-11-mondoo-11.8-is-out/search.png)
+
+Once you've found the right asset, quickly determine the location and owner with detailed asset overview data for each asset type.
+
+![Asset overview](/img/releases/2024-06-11-mondoo-11.8-is-out/asset_overview.png)
+
+#### Improved security visibility
+
+You can now understand where critical security vulnerabilities exist within your infrastructure. With checks applied directly to cloud assets, you can more easily see which assets are pass and fail which assets fail checks without diving into complex, account-wide check output.
+
+![Granular security check](/img/releases/2024-06-11-mondoo-11.8-is-out/security_check.png)
+
+#### Granular exceptions
+
+The world is full of edge cases! Now you have the granularity to account for those exceptions where necessary. With fine-grained asset scanning you can create exceptions that run on the specific cloud resources instead of on the account. This means you can disable or snooze a check without losing security visibility across your entire cloud account.
+
+![Granular asset exceptions](/img/releases/2024-06-11-mondoo-11.8-is-out/exceptions.png)
+
+#### Common questions
+
+**Q: Why is the cloud resource FOO not scanning as an asset?**
+
+**A**: In this initial release, Mondoo doesn't scan every type of cloud resource independently. We've begun with common resources that include security checks in CIS Level 1 policies. We will expand our scanning coverage as time goes on and as new checks are developed. If there's a resource you'd love to see scanned as an asset in Mondoo let us know at [[email protected]](mailto:[email protected]).
+
+**Q: Will the increase in asset counts impact billing?**
+
+**A**: Because we believe that cost shouldn't prevent you from solving critical security findings, there is no additional charge for these assets.
+
+### Space-wide software vulnerability page
+
+Mondoo now provides an exhaustive list of all the vulnerable software in your infrastructure. Even better, you can precisely identify risks by digging into specific versions of packages and see everywhere they're installed. This new feature also works seamlessly with Mondoo Firewatch, automatically helping you prioritize remediation using contributing risk factors such as known exploits, running processes, and open network ports.
+
+To get started, under **Vulnerabilities** in the main navigation, select **Software**. From there, you can access the full suite of features and immediately begin improving your infrastructure's security posture.
+
+![Software list](/img/releases/2024-06-11-mondoo-11.8-is-out/software_list.png)
+
+Individual software pages provide a breakdown of deployed package versions, software CVEs, risk factors, and which assets in your environment are running the particular software.
+
+![Software list](/img/releases/2024-06-11-mondoo-11.8-is-out/individual_software.png)
+
+### Snowflake scanning
+
+Use the new `snowflake` provider in cnquery/cnspec to query and secure critical data in your Snowflake account.
+
+```shell
+cnquery shell snowflake
+```
+
+Required arguments:
+
+- `--account` - The Snowflake account name.
+- `--region` - The Snowflake region.
+- `--user` - The Snowflake username.
+- `--role` - The Snowflake role.
+
+Password authentication arguments:
+
+- `--password` - The Snowflake password.
+- `--ask-pass` - Prompt for the Snowflake password.
+
+```shell
+shell snowflake --account zi12345 --region us-central1.gcp --user CHRIS  --role ACCOUNTADMIN --ask-pass
+```
+
+Certificate authentication arguments:
+
+- `--private-key` - The path to the private key file.
+
+```shell
+shell snowflake --account zi12345 --region us-central1.gcp --user CHRIS  --role ACCOUNTADMIN --private-key ~/.ssh/id_rsa
+```
+
+> You need to generate a RSA key pair and assign the public key to your user via [Snowsight](https://docs.snowflake.com/en/user-guide/key-pair-auth).
+
+#### Example queries
+
+**Retrieve all users:**
+
+```shell
+cnquery> snowflake.account.users
+snowflake.account.users: [
+  0: snowflake.user name="CHRIS"
+  1: snowflake.user name="DATAUSER"
+  2: snowflake.user name="SNOWFLAKE"
+]
+```
+
+**Retrieve all users that have no MFA:**
+
+```shell
+cnquery> snowflake.account.users.where(extAuthnDuo == false)
+snowflake.account.users.where: [
+  0: snowflake.user name="CHRIS"
+  1: snowflake.user name="DATAUSER"
+  2: snowflake.user name="SNOWFLAKE"
+]
+```
+
+**Retrieve all users that have password authentication:**
+
+```shell
+cnquery> snowflake.account.users.where(hasPassword)
+snowflake.account.users.where: [
+  0: snowflake.user name="CHRIS"
+  1: snowflake.user name="DATAUSER"
+  2: snowflake.user name="SNOWFLAKE"
+]
+
+```
+
+**Retrieve all users that have certificate authentication:**
+
+```shell
+cnquery> snowflake.account.users.where(hasRsaPublicKey)
+snowflake.account.users.where: [
+  0: snowflake.user name="CHRIS"
+]
+```
+
+**Retrieve users that have not logged in for 30 days:**
+
+```shell
+cnquery> snowflake.account.users.where(time.now - lastSuccessLogin > time.day * 30) { lastSuccessLogin }
+snowflake.account.users.where: [
+  0: {
+    lastSuccessLogin: 366 days
+  }
+]
+```
+
+**Check that SCIM is enabled:**
+
+```shell
+cnquery> snowflake.account.securityIntegrations.where(type == /SCIM/).any(enabled == true)
+[failed] [].any()
+  actual:   []
+```
+
+**Check that the retention time is greater 90 days:**
+
+```shell
+cnquery> snowflake.account.parameters.one(key == "DATA_RETENTION_TIME_IN_DAYS" && value >= 90)
+```
+
+**Retrieve all databases:**
+
+```shell
+cnquery> snowflake.account.databases
+snowflake.account.databases: [
+  0: snowflake.database name="CNQUERY"
+  1: snowflake.database name="SNOWFLAKE"
+  2: snowflake.database name="SNOWFLAKE_SAMPLE_DATA"
+]
+```
+
+### Quick space and organization navigation
+
+Quickly navigate between different organizations or spaces with our new navigation bar. With this improved navigation tool, you can:
+
+- Search for organizations or spaces within the drop-down menus
+- Choose a space without accessing an organization's Spaces page
+
+![Navigating between spaces](/img/releases/2024-06-11-mondoo-11.8-is-out/nav_bar.png)
+
+## 🧹 IMPROVEMENTS
+
+### New risk factors for critical Windows systems
+
+Expose vulnerabilities and misconfigurations on the most import Windows systems in your environment with new risk factors for assets running Microsoft SQL Server or IIS.
+
+### Resource updates
+
+#### aws.applicationautoscaling.target
+
+- New `createdAt` field
+
+#### aws.ec2.image
+
+- New `deprecatedAt` field
+
+## 🐛 BUG FIXES AND UPDATES
+
+- Fix a type error querying data from the `aws.ecs.task` resource.
+- When a policy on an asset is in preview, display it in gray on the asset page.
+- Show the correct Microsoft icon on the Mondoo Console login page.
+- Fix the display of priority chart totals in light mode.
+- Improve rendering of priority chart tooltips with large names.
+- Fix the tooltip for the priority chart sometimes displaying in the top left of the screen.
+- Expand Linux policies to support PowerPC and ARM based systems.
+- Improve icons on the workstation setup page.
+- Allow updating the Mondoo-hosted AWS integration without re-entering credentials.
+- Improve policy score calculations when some policies are in preview.
+- Display the correct VPC icon in the AWS integration overview.
+- Improve the AWS integration page's Type column to distinguish between organization and single account integrations.
+- Improve the performance of Azure VM scanning.
+- Add a log entry to the Azure integration when a stopped VM skips during scans.
+- Add missing `resolved_on` CVE data in S3 exports.
+- Improve detection of the latest VMware CVEs.
+- Avoid rendering the entire page when switching between spaces.
+- Improve rendering of text on the "Welcome to Mondoo" that displays when new spaces are created.
+- Improve the reliability of the Kubernetes Workload and Cluster Security policy's "Container image pull should be consistent" check.

yarn.lock

@@ -3735,9 +3735,9 @@ [email protected]:
   integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==
 
 electron-to-chromium@^1.4.796:
-  version "1.4.796"
-  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.796.tgz#48dd6ff634b7f7df6313bd27aaa713f3af4a2b29"
-  integrity sha512-NglN/xprcM+SHD2XCli4oC6bWe6kHoytcyLKCWXmRL854F0qhPhaYgUswUsglnPxYaNQIg2uMY4BvaomIf3kLA==
+  version "1.4.799"
+  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.799.tgz#271c56654ab4dc703037e47a5af4fc8945160611"
+  integrity sha512-3D3DwWkRTzrdEpntY0hMLYwj7SeBk1138CkPE8sBDSj3WzrzOiG2rHm3luw8jucpf+WiyLBCZyU9lMHyQI9M9Q==
 
 emoji-regex@^8.0.0:
   version "8.0.0"
@@ -5132,9 +5132,9 @@ jest-worker@^29.4.3:
     supports-color "^8.0.0"
 
 jiti@^1.20.0:
-  version "1.21.5"
-  resolved "https://registry.yarnpkg.com/jiti/-/jiti-1.21.5.tgz#1b22e744691081f333ff9077773d1f3545b7e5b0"
-  integrity sha512-JmvHYAZK3v0BifQ3fk+kOhuCeni40Ehqx1qdFJsYUeFZVL3kKeyWPRQ4NEY0rjklqgVZzLzqNHktzQRirst15Q==
+  version "1.21.6"
+  resolved "https://registry.yarnpkg.com/jiti/-/jiti-1.21.6.tgz#6c7f7398dd4b3142767f9a168af2f317a428d268"
+  integrity sha512-2yTgeWTWzMWkHu6Jp9NKgePDaYHbntiwvYuuJLbbN9vl7DC9DvXKOB2BC3ZZ92D3cvV/aflH0osDfwpHepQ53w==
 
 joi@^17.9.2:
   version "17.13.1"