Add release notes for 11.36

.github/actions/spelling/expect.txt

@@ -105,6 +105,7 @@ DHE
 Dlp
 dlq
 dmark
+Drack
 eae
 Ecn
 eddqq
@@ -363,6 +364,7 @@ Vadym
 VALUEX
 VAULTNAME
 vdcs
+virtualmachine
 vjtestpriv
 Vkt
 Vnet

docs/cnspec/cli/cnspec.md

@@ -29,6 +29,7 @@ cnspec is a cloud-native security testing tool for your entire infrastructure
 - [cnspec policy](cnspec_policy.md) - Manage local and upstream policies
 - [cnspec providers](cnspec_providers.md) - Providers add connectivity to all assets
 - [cnspec run](cnspec_run.md) - Run an MQL query
+- [cnspec scan](cnspec_scan.md) - Scan assets with one or more policies
 - [cnspec serve](cnspec_serve.md) - Start cnspec in background mode
 - [cnspec status](cnspec_status.md) - Verify access to Mondoo Platform
 - [cnspec vault](cnspec_vault.md) - Manage vault environments

docs/cnspec/cli/cnspec_scan.md

@@ -180,26 +180,23 @@ cnspec scan --inventory-file FILENAME
 ### Options
 
 ```
-      --annotation stringToString   Add an annotation to the asset. (default [])
-      --asset-name string           User-override for the asset name
-      --detect-cicd                 Try to detect CI/CD environments. If detected, set the asset category to 'cicd'. (default true)
-      --discover strings            Enable the discovery of nested assets. Supports: all,auto,container,container-images
-  -h, --help                        help for scan
-      --incognito                   Run in incognito mode. Do not report scan results to  Mondoo Platform.
-      --inventory-format-ansible    Set the inventory format to Ansible.
-      --inventory-format-domainlist Set the inventory format to domain list.
-      --inventory-file string       Set the path to the inventory file.
-  -j, --json                        Run the query and return the object in a JSON structure.
-  -o, --output string               Set output format: compact, csv, full, json, junit, report, summary, yaml (default "compact")
-      --output-target string        Set output target to which the asset report will be sent. Currently only supports AWS SQS topic URLs and local files
-      --platform-id string          Select a specific target asset by providing its platform ID.
-      --policy strings              Lists policies to execute. This requires --policy-bundle. You can pass multiple policies using --policy POLICY.
-  -f, --policy-bundle strings       Path to local policy file
-      --props stringToString        Custom values for properties (default [])
-      --record string               Record all resource calls and use resources in the recording
-      --score-threshold int         If any score falls below the threshold, exit 1.
-      --sudo                        Elevate privileges with sudo.
-      --use-recording string        Use a recording to inject resource data (read-only)
+      --annotation stringToString     Add an annotation to the asset. (default [])
+      --asset-name string             User-override for the asset name
+      --detect-cicd                   Try to detect CI/CD environments. If detected, set the asset category to 'cicd'. (default true)
+  -h, --help                          help for scan
+      --incognito                     Run in incognito mode. Do not report scan results to  Mondoo Platform.
+      --inventory-file string         Set the path to the inventory file.
+      --inventory-format-ansible      Set the inventory format to Ansible.
+      --inventory-format-domainlist   Set the inventory format to domain list.
+  -j, --json                          Run the query and return the object in a JSON structure.
+  -o, --output string                 Set output format: compact, csv, full, json, json-v1, json-v2, junit, report, summary, yaml, yaml-v1, yaml-v2 (default "compact")
+      --output-target string          Set output target to which the asset report will be sent. Currently only supports AWS SQS topic URLs and local files
+      --platform-id string            Select a specific target asset by providing its platform ID.
+      --policy strings                Lists policies to execute. This requires --policy-bundle. You can pass multiple policies using --policy POLICY.
+  -f, --policy-bundle strings         Path to local policy file
+      --props stringToString          Custom values for properties (default [])
+      --score-threshold int           If any score falls below the threshold, exit 1.
+      --trace-id string               Trace identifier
 ```
 
 ### Options inherited from parent commands

docs/mql/resources/core-pack/asset.md

@@ -19,7 +19,7 @@ General asset information
 | name        | string            | Human readable name of the asset                                                                                           |
 | ids         | []string  | All identifiers for this asset                                                                                             |
 | platform    | string            | Platform for this asset (redhat, windows, k8s-pod)                                                                         |
-| kind        | string            | Kind of platform, for example:, api, baremetal, vm, vm-image, container, container-image, network, ...                     |
+| kind        | string            | Kind of platform, for example:, api, baremetal, virtualmachine, container, container-image, network, ...                   |
 | runtime     | string            | Runtime is the specific kind of the platform. Examples include:, docker-container, podman-container, aws-ec2-instance, ... |
 | version     | string            | Version of the platform                                                                                                    |
 | arch        | string            | Architecture this OS is running on                                                                                         |

docs/platform/start/organize/workspaces.md

@@ -44,12 +44,12 @@ You set up a workspace by defining qualifying conditions, attributes that assets
 
 Mondoo currently supports these conditions for including assets in, or excluding assets from, a workspace:
 
-| Condition        | Values                                                                                                                                                                                                                       |
-| ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Platform         | Select one or more options such as Alpine Linux, Atlassian Jira, AWS S3 bucket, GitHub repository, Kubernetes pod, macOS, Slack team, Terraform plan, and more                                                               |
-| Platform version | Enter a version number such as 3, 4.5, or 12.75.9                                                                                                                                                                            |
-| Risk rating      | Select one or more options: Critical, High, Medium, Low, or None                                                                                                                                                             |
-| Asset name       | Type a full or partial name, such as test, 2024, win, us-east-1, or docker-                                                                                                                                                  |
+| Condition        | Values                                                                                                                                                                                                                        |
+| ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Platform         | Select one or more options such as Alpine Linux, Atlassian Jira, AWS S3 bucket, GitHub repository, Kubernetes pod, macOS, Slack team, Terraform plan, and more                                                                |
+| Platform version | Enter a version number such as 3, 4.5, or 12.75.9                                                                                                                                                                             |
+| Risk rating      | Select one or more options: Critical, High, Medium, Low, or None                                                                                                                                                              |
+| Asset name       | Type a full or partial name, such as test, 2024, win, us-east-1, or docker-                                                                                                                                                   |
 | Kind             | Select one or more options: API, Bare metal system (operating systems that are not containers), Infrastructure as code, Container, Container image, or Network (Arista, Shodan, NMap, HTTP headers, and SSL/TLS certificates) |
 
 :::note

releases/2025-01-07-mondoo-11.36-is-out.md

@@ -0,0 +1,141 @@
+---
+slug: mondoo-11.36-is-out/
+title: Mondoo 11.36 is out!
+description: Announcing the 11.36 release of Mondoo featuring ad hoc risk prioritization with workspaces!
+authors: [tim]
+image: /img/releases/2025-01-07-mondoo-11.36-is-out/workspaces_filter.png
+tags: [release, mondoo]
+---
+
+## 🥳 Mondoo 11.36 is out! This release includes ad hoc risk prioritization with workspaces!
+
+Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec)
+
+---
+
+## 🎉 NEW FEATURES
+
+### Zero in on exactly the assets you need with workspaces
+
+Do you find yourself repeatedly searching for the same groups of assets? Do you wish you could see a subgroup of assets in your space to compare them or measure progress on a certain project? Or maybe some assets just get in the way of what you want to focus on right now? What you need are workspaces!
+
+![Lists of workspaces](/img/releases/2025-01-07-mondoo-11.36-is-out/workspaces_list.png)
+
+Workspaces are dynamic groups of assets in a space that you want to view and assess together. Unlike spaces, assets in a workspace are included based on queries. Best of all, an asset can be in as many workspaces as you want. Create a workspace that shows only assets with critical findings, another workspace that has all your Windows 2016 systems that still need to be upgraded, and another that includes all the systems owned by the front end team... whatever meets your specific business needs.
+
+**How might you use workspaces to solve problems?**
+
+Like many companies, Lunalectric has thousands of assets, but recently their CISO has been increasingly focused on their supply chain. To ensure GitHub and GitLab source code and CI/CD configuration meet best practices, let's create a workspace just for these SCM assets.
+
+![Creating a workspaces filter](/img/releases/2025-01-07-mondoo-11.36-is-out/workspaces_filter.png)
+
+We create a single asset selection that includes the GitHub and GitLab platforms. Asset selections can match on asset name, kind, platform, platform version, and risk rating with more options coming soon. We can even add as many additional conditions to the selection as we want to create complex queries like _Windows systems with a critical risk rating that aren't Windows 2022 and have the word "luna" in the asset name_.
+
+Once our workspace is created, we can find it by selecting Workspaces in the left navigation menu or choosing it from the new workspaces top navigation drop-down menu.
+
+![Workspaces in the top navigation](/img/releases/2025-01-07-mondoo-11.36-is-out/nav_bar.png)
+
+Once in our new SCM Assets workspace, the layout feels similar to the existing Lunalectric spaces, only more focused on understanding risks and exploring assets. Our workspaces dashboard shows just our GitLab and GitHub assets, including the top misconfigurations we should start tackling. We can dive into policies, checks, CVES, or advisories to see more details... all the while remaining tightly focused on the task at hand.
+
+![Workspace dashboard](/img/releases/2025-01-07-mondoo-11.36-is-out/workspace_dashboard.png)
+
+Even without diving deeper, the workspace dashboard's inventory overview is telling quite a story. GitLab assets are all passing checks, but GitHub assets, on the other hand, are all high risk.
+
+![GitHub assets](/img/releases/2025-01-07-mondoo-11.36-is-out/github_assets.png)
+
+Armed with this quick insight, we have the information we need to let our CISO know about the current SCM risk and develop a remediation plan to secure these critical assets.
+
+To learn how you can use workspaces to better organize assets and expose risks, read [Plan Your Mondoo Organization](https://mondoo.com/docs/platform/start/organize/overview/) and [Workspaces](https://mondoo.com/docs/platform/start/organize/workspaces/) in the Mondoo documentation.
+
+### Quick access to reports
+
+Quickly access compliance reports by selecting Reporting in the left navigation menu. Looking for more reports? Stay tuned for more updates in upcoming releases. If you're looking for something in particular, let us know at [[email protected]](mailto:[email protected])!
+
+![Quick access to reports](/img/releases/2025-01-07-mondoo-11.36-is-out/reporting.png)
+
+## 🧹 IMPROVEMENTS
+
+### Optionally follow HTTP -> HTTPS redirects
+
+You now have additional control over how Mondoo scans HTTP hosts in the `host` provider. By default cnquery and cnspec no longer follow redirects from HTTP to HTTPS endpoints, so you can now inspect your HTTP configurations when you choose. If you prefer to follow redirects, use the new `--follow-redirects` flag.
+
+Without the redirect you can inspect the original page and headers:
+
+```shell
+$ cnquery shell host http://mondoo.com
+
+cnquery> http.get
+http.get: http.get url=url id = http://mondoo.com statusCode=301
+cnquery> http.get.body
+http.get.body: ""
+```
+
+With redirects specified, you can follow all redirects to the final page users would see:
+
+```shell
+$ cnquery shell host --follow-redirects http://mondoo.com
+
+cnquery> http.get
+http.get: http.get url=url id = http://mondoo.com statusCode=200
+cnquery> http.get.body
+http.get.body: "<!DOCTYPE html><!-- Last Published: Fri Jan 10 2025 00:09:49 GMT+0000 (Coordinated Universal Time) --><html..."
+```
+
+### Resource updates
+
+#### azure.subscriptions.defenderForContainers
+
+- Expose `Extensions` values
+
+#### azure.subscription.policy.assignment
+
+- New `parameters` field
+
+#### fstab
+
+- Update `options` field to an array of options instead of a single string
+
+#### k8s.node
+
+- New `kubeletPort` field
+- New `nodeInfo` field
+- New `created` field
+
+#### microsoft.applications
+
+- Fetch all applications in large installations
+
+### Improved CIS benchmarks
+
+Sometimes the best changes are behind the scenes. This week we shipped all-new internal tooling to generate CIS benchmark policies in Mondoo Platform. These changes not only let us to bring you the latest and greatest policies more quickly in the future&mdash;they also enabled us to make a huge number of small improvements to existing policies:
+
+- New checks that were previously marked as requiring manual user validation
+- More clear and concise descriptions for each policy
+- Expanded check descriptions, including rationale behind the security concerns
+- New audit and remediation steps in many Linux distribution policies
+- Simplified MQL queries to improve readability
+- Additional platform version tags to improve searching for policies
+- Improved policy search results when searching for platform versions
+
+## 🐛 BUG FIXES AND UPDATES
+
+- Display CVEs for Fedora 41 assets.
+- Fix a failure querying Microsoft 365 applications.
+- Correct the remediation steps in the BSI 'Ensure SSH Idle Timeout Interval is configured' check.
+- Add EOL dates for FreeBSD 14.2 and Alpine Linux 3.21.
+- Correct the EOL date for FreeBSD 14.1.
+- Update the Amazon Linux 2 EOL date, which has been extended to June 30, 2026.
+- Support EBS volume scanning of instances with LVM partitions.
+- Improve remediation step formatting in Mondoo VMware policies.
+- Open check remediation links in a new window or tab.
+- Fix an `unknown-score-type` error when comparing semver data in checks.
+- Fix display of GitHub provider help.
+- Don't reinstall some providers on each scan.
+- Fix errors using the Cloudflare provider.
+- Show the link to discovered assets on each integration page.
+- Add detection of the upcoming M4 MacBook Air/Pro models to asset overview information.
+- Add form validation to the Microsoft Defender for Cloud integration to ensure UIDs are correctly formatted.
+- Display platform icon for Nmap assets in affected asset tables.
+- Update Windows checks for the `RestrictSendingNTLMTraffic` registry entry to accept both Audit All and Deny All configurations.
+- Add a missing permission to the automated CLI Azure setup.
+- Show the platform in all cnspec scan results. Thanks for suggesting this, [@DrackThor](https://github.com/DrackThor)!