Add 11.15 release notes

docs/mql/resources/README.md

@@ -53,6 +53,7 @@ These specialized packs let you deep-dive into attributes unique to the platform
 - [IPMI resource pack](./ipmi-pack)
 - [Kubernetes resource pack](./k8s-pack)
 - [Microsoft 365 resource pack](./ms365-pack)
+- [Mondoo Platform resource pack](./mondoo-pack)
 - [Okta resource pack](./okta-pack)
 - [OPC UA resource pack](./opcua-pack)
 - [Oracle Cloud Infrastructure (OCI) resource pack](./oci-pack)

docs/mql/resources/github-pack/github.file.md

@@ -14,14 +14,15 @@ GitHub repository file
 
 **Fields**
 
-| ID        | TYPE                                    | DESCRIPTION                    |
-| --------- | --------------------------------------- | ------------------------------ |
-| path      | string                                  | File path                      |
-| name      | string                                  | File name                      |
-| type      | string                                  | File type                      |
-| sha       | string                                  | File shasum                    |
-| isBinary  | bool                                    | Whether the file is a binary   |
-| files     | [][github.file](github.file.md) | List of files in the directory |
-| ownerName | string                                  | File owner                     |
-| repoName  | string                                  | File repository name           |
-| content   | string                                  | File content                   |
+| ID          | TYPE                                    | DESCRIPTION                    |
+| ----------- | --------------------------------------- | ------------------------------ |
+| path        | string                                  | File path                      |
+| name        | string                                  | File name                      |
+| type        | string                                  | File type                      |
+| sha         | string                                  | File shasum                    |
+| isBinary    | bool                                    | Whether the file is a binary   |
+| files       | [][github.file](github.file.md) | List of files in the directory |
+| ownerName   | string                                  | File owner                     |
+| repoName    | string                                  | File repository name           |
+| content     | string                                  | File content                   |
+| downloadUrl | string                                  | File download URL              |

docs/mql/resources/mondoo-pack/README.md

@@ -0,0 +1,20 @@
+---
+title: Mondoo Resource Pack - MQL Resources
+id: mondoo.pack
+sidebar_label: Mondoo Resource Pack
+displayed_sidebar: MQL
+description: The Mondoo resource pack lets you interact with Mondoo Platform and its assets and resources.
+---
+
+# Mondoo Mondoo Resource Pack Reference
+
+The Mondoo resource pack lets you interact with Mondoo Platform and its assets and resources.
+
+Resources included in this pack:
+
+| ID                                    | DESCRIPTION   |
+| ------------------------------------- | ------------- |
+| [mondoo.agent](mondoo.agent.md)       | Mondoo Client |
+| [mondoo.asset](mondoo.asset.md)       | Mondoo Asset  |
+| [mondoo.resource](mondoo.resource.md) | Resource      |
+| [mondoo.space](mondoo.space.md)       | Mondoo Space  |

docs/mql/resources/mondoo-pack/mondoo.agent.md

@@ -0,0 +1,19 @@
+---
+title: mondoo.agent
+id: mondoo.agent
+sidebar_label: mondoo.agent
+displayed_sidebar: MQL
+description: Mondoo Client
+---
+
+# mondoo.agent
+
+**Description**
+
+Mondoo Client
+
+**Fields**
+
+| ID  | TYPE   | DESCRIPTION       |
+| --- | ------ | ----------------- |
+| mrn | string | Client identifier |

docs/mql/resources/mondoo-pack/mondoo.asset.md

@@ -0,0 +1,22 @@
+---
+title: mondoo.asset
+id: mondoo.asset
+sidebar_label: mondoo.asset
+displayed_sidebar: MQL
+description: Mondoo Asset
+---
+
+# mondoo.asset
+
+**Description**
+
+Mondoo Asset
+
+**Fields**
+
+| ID        | TYPE                                            | DESCRIPTION      |
+| --------- | ----------------------------------------------- | ---------------- |
+| name      | string                                          | Asset name       |
+| mrn       | string                                          | Asset identifier |
+| platform  | string                                          | Platform name    |
+| resources | [][mondoo.resource](mondoo.resource.md) | Asset resources  |

docs/mql/resources/mondoo-pack/mondoo.resource.md

@@ -0,0 +1,20 @@
+---
+title: mondoo.resource
+id: mondoo.resource
+sidebar_label: mondoo.resource
+displayed_sidebar: MQL
+description: Resource
+---
+
+# mondoo.resource
+
+**Description**
+
+Resource
+
+**Fields**
+
+| ID   | TYPE   | DESCRIPTION         |
+| ---- | ------ | ------------------- |
+| name | string | Resource name       |
+| id   | string | Resource identifier |

docs/mql/resources/mondoo-pack/mondoo.space.md

@@ -0,0 +1,21 @@
+---
+title: mondoo.space
+id: mondoo.space
+sidebar_label: mondoo.space
+displayed_sidebar: MQL
+description: Mondoo Space
+---
+
+# mondoo.space
+
+**Description**
+
+Mondoo Space
+
+**Fields**
+
+| ID     | TYPE                                      | DESCRIPTION      |
+| ------ | ----------------------------------------- | ---------------- |
+| name   | string                                    | Space name       |
+| mrn    | string                                    | Space identifier |
+| assets | [][mondoo.asset](mondoo.asset.md) | Assets in space  |

releases/2024-07-30-mondoo-11.15-is-out.md

@@ -0,0 +1,86 @@
+---
+slug: mondoo-11.15-is-out/
+title: Mondoo 11.15 is out!
+description: Announcing the 11.15 release of Mondoo, with GitLab security benchmarks, improved Kubernetes scanning, and more!
+author: Tim Smith
+author_title: Mondoo Core Team
+author_url: https://github.com/tas50
+image: /img/featured_img/release-feature.jpg
+tags: [release, mondoo]
+---
+
+## 🥳 Mondoo 11.15 is out! This release includes GitLab security benchmarks, improved Kubernetes scanning, and more!
+
+Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec)
+
+---
+
+## 🎉 NEW FEATURES
+
+### CIS benchmarks for GitLab security
+
+Secure your critical supply chain infrastructure with our new CIS GitLab benchmark policies. These policies include 27 checks for users, groups, and projects in level 1 and level 2 policies. Each policy is compatible with both self-hosted and SaaS GitLab instances.
+
+## 🧹 IMPROVEMENTS
+
+### Focus Kubernetes scanning on top-level resources
+
+Focus on the workloads that matter to your business with the latest release of the Mondoo Kubernetes Operator. Mondoo now scans top-level workloads only so that:
+
+- Results better reflect the actual state of security in your cluster.
+
+- All results in Mondoo can be traced back to actual Kubernetes manifest code that you can update.
+
+For example, if you define a CronJob in a Kubernetes manifest, we scan only the CronJob workload asset instead of also scanning the Job and Pod assets during each execution of the CronJob. In this case, hundreds of child assets no longer scan. Space statistics don't reflect ephemeral child assets that are no longer present in the cluster. 
+
+In addition to a more focused set of assets in the Mondoo Console, you now also experience faster scans and lower scan memory usage. We saw a 3x improvement in our test clusters!
+
+### Linux Mint 22 CVE and EOL detection
+
+Secure the latest release of Linux Mint with new support for CVE scanning and EOL detection in Linux Mint 22.
+
+### Data export improvements
+
+Mondoo data exports now include more data than ever so you can feed your critical security findings into external SIEM or data warehousing systems. Exports now include vulnerability data as well as detailed asset scoring information.
+
+### Resource updates
+
+#### aws.eks.cluster
+
+- New `supportType` field
+- New `authenticationMode` field
+
+#### aws.rds.dbcluster
+
+- New `engineLifecycleSupport` field
+
+#### aws.rds.dbinstance
+
+- New `engineLifecycleSupport` field
+
+#### github.file
+
+- New `downloadUrl` field
+
+## 🐛 BUG FIXES AND UPDATES
+
+- Fix incorrect policy scoring when banded scoring is selected.
+- Fix passing the `--token` failure with the Shodan provider.
+- Fix the display of organizations with zero spaces on the organization's dashboard.
+- Don't apply CIS Windows desktop benchmark policies to Windows Server assets.
+- Fix `Ensure password hashing algorithm is SHA-512` check in the CIS Distribution Independent Linux benchmark policy.
+- Improve the application of CIS Linux policies on container assets.
+- Fix failures scanning Atlassian Confluence assets.
+- Fix an error fetching `createdAt` in the `aws.ec2.keypair` resource.
+- Fix a failure fetching `approvalSettings` in the `gitlab.project` resource.
+- Fix broken links in Jira issues created with cases.
+- Update Debian 11 and Ubuntu 24.04 EOL dates to match the latest vendor published dates.
+- Ensure that the AWS EC2 instance name is always set as the asset name (if the asset name is present).
+- Fix reports retrieval for Google Workspace.
+- Fix fetching project approval settings in GitLab.
+- Add debug level logging for retries in the GitHub provider.
+- Rework CIS Google Workspace policy queries to improve output.
+- Add descriptions to the CIS Google Workspace policies.
+- Fix a failure running data exports.
+- Fix a misdetection of platforms on some large container images.
+- Improve scan times for single GitHub repository scans.