These commits are when the Protocol Buffers files have changed: (only the last 100 relevant commits are shown)
| Commit: | 5ca99bc | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
π fex: publish Finding Exchange proto contract in the provider SDK (#8478) * π fex: publish Finding Exchange proto contract in the provider SDK Add a new providers-sdk/v1/upstream/fex package publishing the public Finding Exchange (FEX) and Vulnerability Exchange (VEX) data structures. This is the contract query packs use to construct finding/vulnerability documents and the format used to batch findings for upload. Messages: - FindingDocument (oneof wrapper: vex or fex) - VulnerabilityExchange, FindingExchange - FindingsUploadRequest (batch wrapper) - supporting types: Affects, Component, FileComponent, Rating, Severity, Source, Reference, VulnerabilityDetails, Remediation, FindingDetail, Evidence (+ File/User/Process/Container/Kubernetes/RegistryKey/ Connection/AttackTactic/AttackTechnique) - enums: Status, ScoringMethod, Confidence, SeverityRating, and the nested Remediation.Category, FindingDetail.Category, Connection.ConnectionProtocol The package is self-contained (imports only well-known google protobuf types). Field 14 of VulnerabilityExchange is reserved. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * π fex: fix two doc-comment typos in fex.proto - "finding wa last seen" -> "finding was last seen" - add missing space after // on the Evidence comment Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * π fex: wrap Evidence comment to stay under 80 cols Adding the missing space after // pushed the line to 81 chars. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The documentation is generated from this commit.
| Commit: | b2ad665 | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
π§Ή ci: replace check-spelling with typos (#8461) * π§Ή ci: replace check-spelling with typos for spell checking The check-spelling@v0.0.26 action self-aborts on a security advisory it published against its own latest release, so the spell-check job fails on every PR that touches a checked file. Switch to crate-ci/typos, which checks the whole repo and is config-driven. Add _typos.toml: exclude generated code and testdata, and baseline the existing vocabulary β real technical terms and abbreviations, a company name, intentional test fixtures, and a set of pre-existing misspellings that are baked into MQL schema field names / exported Go identifiers (renaming those is a breaking change, left for a separate cleanup). Also fix the genuine typos typos found in comments, strings, and local identifiers across the tree, and drop the now-unused check-spelling config under .github/actions/spelling. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * π§Ή ci: address spell-check review feedback - ipmi: keep the misspelled "ipmbEventReciever" JSON tag for wire/persisted compatibility (renaming it silently drops the field from old payloads); the Go field stays correctly named. Baseline "reciever" in _typos.toml. - ms365: fix "scaped"/"scaping" -> "escaped"/"escaping" in comments, which typos missed. - sbom: regenerate mql_sbom.pb.go from the .proto via go generate rather than hand-editing the generated file. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
| Commit: | fe4c014 | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | Christoph Hartmann | |
π§Ή ci: replace check-spelling with typos for spell checking The check-spelling@v0.0.26 action self-aborts on a security advisory it published against its own latest release, so the spell-check job fails on every PR that touches a checked file. Switch to crate-ci/typos, which checks the whole repo and is config-driven. Add _typos.toml: exclude generated code and testdata, and baseline the existing vocabulary β real technical terms and abbreviations, a company name, intentional test fixtures, and a set of pre-existing misspellings that are baked into MQL schema field names / exported Go identifiers (renaming those is a breaking change, left for a separate cleanup). Also fix the genuine typos typos found in comments, strings, and local identifiers across the tree, and drop the now-unused check-spelling config under .github/actions/spelling. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
| Commit: | c8880f1 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
π document alias handling on resources metadata (#8201)
| Commit: | d90a2b7 | |
|---|---|---|
| Author: | Preslav | |
β¨ Add SendReport RPC for structured diagnostic reports ErrorReporting now also exposes SendReport β a schema-less envelope that ships a google.protobuf.Struct payload tagged with a report_type discriminator. The envelope (service_account_mrn, agent_mrn, product, tags) mirrors SendErrorReq so both flow through the same auth + Sentry routing on the platform side. First consumer is the serverless-scanner-aws lambda's on-demand health report. The server-side handler can stay a no-op until consumers materialize; the type registration in this PR is enough for clients to start emitting. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
| Commit: | 918a60e | |
|---|---|---|
| Author: | Christian Zunker | |
| Committer: | GitHub | |
β¨ sbom.Package: add license + install_date proto fields (#7817) Adds two slots on sbom.Package so SBOM uploads can carry the new package metadata exposed by the OS / npm / python work: string license = 26; string install_date = 27; `license` is the SPDX expression (or upstream-reported license string). `install_date` is RFC3339 β empty when the backend doesn't report install time (dpkg without log parsing, apk, pacman, macOS). Pure proto + regen; no behavioural change to existing code paths. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
| Commit: | 33e4b54 | |
|---|---|---|
| Author: | Jay Mundrawala | |
| Committer: | GitHub | |
π« Add feature flag for token-response WIF token exchange (#7362) Introduces the ExchangeTokenForToken feature flag. When enabled, the WIF external token exchange sends response_type=TOKEN and decodes the returned bearer token into ServiceAccountCredentials.Token. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
| Commit: | 8d9ecd8 | |
|---|---|---|
| Author: | Jay Mundrawala | |
| Committer: | GitHub | |
Allow authenticating a service account with a bearer token (#6910)
| Commit: | a93c983 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
β introduce maturity for providers, resources, and fields (#7140)
| Commit: | 5cdca23 | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
π§Ή update copyright year to 2024, 2026 and bump copywrite to v0.25.2 (#7082) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
| Commit: | da25948 | |
|---|---|---|
| Author: | Ivan Milchev | |
| Committer: | GitHub | |
β¨ implement vault delete for berglas (#7078) * β¨ implement vault delete for berglas Signed-off-by: Ivan Milchev <ivan@mondoo.com> * address comments Signed-off-by: Ivan Milchev <ivan@mondoo.com> --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com>
| Commit: | 52e7bf6 | |
|---|---|---|
| Author: | Mikita Iwanowski | |
| Committer: | GitHub | |
β¨ Add custom tags to error reports for enhanced context (#6957)
| Commit: | 2cbeede | |
|---|---|---|
| Author: | vj | |
β¨ Add platform info to slow query alert Add PlatformInfo message to the error reporting proto and include it in SendErrorReq and SlowQueryInfo so slow query alerts carry context about the platform being scanned (name, arch, title, kind, runtime). Closes #6877 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
| Commit: | c839db3 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
β¨ track provider versions per resources and fields (#6654) * β¨ track provider versions per resources and fields Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π fix minMondooVersions to previous state Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | fc08d03 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | Dominik Richter | |
π rename sbom cnquery=>mql Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 55dc1bd | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | Dominik Richter | |
ππ cnquery => mql (#6599) * ππ rename cnquery => mql This is a major restructure as part of the v13 release. We are renaming cnquery to simplify concepts and just focus on mql instead. As part of v13 we are already moving all querypacks to cnspec, so what remains is the unification of the data-plane. Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * β¨ cnquery => mql logo + duplicate cleanup Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 1190a8e | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | Dominik Richter | |
π remove cnquery scan (#6513) * π remove cnquery scan Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π’ try to fix tests Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π§Ή remove benchmark tests (see details) - we don't have querypacks anymore, which is what the benchmarks were running - we have benchmarks in cnspec - we will instead want separate provider and runtime benchmarks Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | cfc2a23 | |
|---|---|---|
| Author: | Dominik Richter | |
π rename sbom cnquery=>mql Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | ac591d5 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
ππ cnquery => mql (#6599) * ππ rename cnquery => mql This is a major restructure as part of the v13 release. We are renaming cnquery to simplify concepts and just focus on mql instead. As part of v13 we are already moving all querypacks to cnspec, so what remains is the unification of the data-plane. Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * β¨ cnquery => mql logo + duplicate cleanup Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 71f87d4 | |
|---|---|---|
| Author: | Tim Smith | |
| Committer: | GitHub | |
π Update outdated documentation URLs (#6569) * π Update outdated documentation URLs Fix redirecting URLs in comments and documentation: - golang.org β go.dev (Go moved their docs) - docs.microsoft.com β learn.microsoft.com (Microsoft consolidated docs) - jqlang.github.io/jq β jqlang.org (jq moved their site) - tools.ietf.org β datatracker.ietf.org (IETF consolidated) - www.terraform.io/docs β developer.hashicorp.com/terraform (HashiCorp moved docs) - cnquery.io β mondoo.com/cnquery (domain redirect) - git.k8s.io β github.com/kubernetes (shortlink to full URL) - confluence.jetbrains.com β jetbrains.com/help/teamcity (JetBrains moved docs) - wiki.jenkins.io β jenkins.io/doc (Jenkins moved docs) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * π§Ή regenerate proto file * π§Ή fix protolint errors --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Christoph Hartmann <chris@lollyrock.com>
| Commit: | 369c978 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
π remove cnquery scan (#6513) * π remove cnquery scan Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π’ try to fix tests Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π§Ή remove benchmark tests (see details) - we don't have querypacks anymore, which is what the benchmarks were running - we have benchmarks in cnspec - we will instead want separate provider and runtime benchmarks Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 66136f4 | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
π§Ήshell suggestions (#6378) * π§Ή remove filtered queries for shell as this is not stable * π§Ήsimplify the shell completer * π§Ή include provider in suggestion * π§Ήsort shell suggestion by connected provider * π§Ή add test for shell resource sorting function
| Commit: | c0d2c18 | |
|---|---|---|
| Author: | Christoph Hartmann | |
π§Ή include provider in suggestion
| Commit: | 8dbd478 | |
|---|---|---|
| Author: | Preslav Gerchev | |
| Committer: | GitHub | |
π§Ή Drop deprecated v8 kind. (#3976) Signed-off-by: Preslav <preslav@mondoo.com>
| Commit: | bbada67 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
β¨ extract property handler for bundles/packs + update examples (#5900)
| Commit: | 7781208 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
β add support for server-side features (#5898) This allows the server to set or unset certain features that it supports. This means e.g. that if the server can store resources data in the new format, we can send it this way. Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 97cab15 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | Dominik Richter | |
π v12.0.0-pre1 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | ba6b63a | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | Dominik Richter | |
π v12.0.0-pre1 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 8322827 | |
|---|---|---|
| Author: | Christian Zunker | |
| Committer: | GitHub | |
β¨ Add installed kernels explicitly to SBOM (#5868) * β¨ Detect active and inactive kernels Add the MQL data to the SBOM. Signed-off-by: Christian Zunker <christian@mondoo.com> * π tiny message doc Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Christian Zunker <christian@mondoo.com> Signed-off-by: Dominik Richter <dominik.richter@gmail.com> Co-authored-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | dafa41a | |
|---|---|---|
| Author: | Christian Zunker | |
| Committer: | Christian Zunker | |
β¨ Detect active and inactive kernels Add the MQL data to the SBOM. Signed-off-by: Christian Zunker <christian@mondoo.com>
| Commit: | c7e3b00 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | Dominik Richter | |
π v12 π Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | d678028 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | Dominik Richter | |
β v12 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 2c9d595 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | Dominik Richter | |
β v12 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 4a50cdf | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | Dominik Richter | |
β v12 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 8f45890 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
β¨ introduce human time (#5778) This allows users to specify timestamps in a human-readable way. Particularly useful when dealing with YAML files, ie querypacks and policies, where you can now specify timestamps with a lot more grace and variety. We are also breaking out the time parsing code into its own utility so the same parser is now shared between MQL and policy/querypack bundles. Finally I found an issue with the numeric variants of RFC 822 and RFC 1123, since both are parsed in their non-numeric variants without error. Thus, the numeric variants are removed for now in the auto-detection. Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | d509746 | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
βοΈ Improve cnquery sbom command (#5750) * βοΈ add protobom for sbom conversion * π§Ή users need to explicitly enable the exclusion of the evidence for sbom generation * βοΈ exclude CPEs from SBOM export * βοΈ sbom asset title * π§Ή update go mod * π§Ή update protobuf files * π§Ή update go mod * π§Ή fix tests * π§Ή update cli test
| Commit: | 8df7438 | |
|---|---|---|
| Author: | Christian Zunker | |
| Committer: | GitHub | |
β¨ Add title to SBOM packages (#5746) Signed-off-by: Christian Zunker <christian@mondoo.com>
| Commit: | b14a4ac | |
|---|---|---|
| Author: | Salim Afiune Maya | |
| Committer: | GitHub | |
β¨ cnquery run `--exit-1-on-failure` (#5656) This change adds a new flag named `--exit-1-on-failure` which will make `cnquery` exit with code `1` if any query result failed. Simple Example: ``` cnquery run -c "1==2" --exit-1-on-failure ``` Closes https://github.com/mondoohq/cnspec/issues/1671 Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
| Commit: | 8cd7f94 | |
|---|---|---|
| Author: | Salim Afiune Maya | |
| Committer: | Salim Afiune Maya | |
β¨ cnquery run `--exit-1-on-failure` This change adds a new flag named `--exit-1-on-failure` which will make `cnquery` exit with code `1` if any query result failed. Simple Example: ``` cnquery run -c "1==2" --exit-1-on-failure ``` Closes https://github.com/mondoohq/cnspec/issues/1671 Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
| Commit: | ddfe8ef | |
|---|---|---|
| Author: | Christian Zunker | |
| Committer: | GitHub | |
β¨ Add MQL VEX document resource (#5555) * β¨ Add VEX documents to shodan hosts Fixes: https://github.com/mondoohq/cnquery/issues/5404 Signed-off-by: Christian Zunker <christian@mondoo.com> * π§Ή Rename VEX MQL resource and also add to core Signed-off-by: Christian Zunker <christian@mondoo.com> * Remove source from proto Signed-off-by: Christian Zunker <christian@mondoo.com> * π§Ή reverse changes in shodan * π§Ή make vex resource public Signed-off-by: Christian Zunker <christian@mondoo.com> --------- Signed-off-by: Christian Zunker <christian@mondoo.com> Co-authored-by: Christoph Hartmann <chris@lollyrock.com>
| Commit: | 85ad84e | |
|---|---|---|
| Author: | Ivan Milchev | |
| Committer: | GitHub | |
β¨ extend sbom proto (#5535) Signed-off-by: Ivan Milchev <ivan@mondoo.com>
| Commit: | 779e4a6 | |
|---|---|---|
| Author: | Salim Afiune Maya | |
| Committer: | GitHub | |
βοΈ `lr`: add provider dependencies to schema (#5495) * βοΈ `lr`: add provider dependencies to schema Resources within a provider can depend on resources from another provider, for example; The `os` provider depends on `network` provider. The `lr` parser already reads these imports but it wasn't passing it to the schema. This change adds the list of dependencies so that we can install them at runtime. Signed-off-by: Salim Afiune Maya <afiune@mondoo.com> * β¨ test dependencies in lr files Signed-off-by: Salim Afiune Maya <afiune@mondoo.com> --------- Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
| Commit: | 03884fa | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | Dominik Richter | |
β v12 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | e1647fb | |
|---|---|---|
| Author: | Salim Afiune Maya | |
| Committer: | Salim Afiune Maya | |
βοΈ `lr`: add provider dependencies to schema Resources within a provider can depend on resources from another provider, for example; The `os` provider depends on `network` provider. The `lr` parser already reads these imports but it wasn't passing it to the schema. This change adds the list of dependencies so that we can install them at runtime. Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
| Commit: | 0e78e82 | |
|---|---|---|
| Author: | Salim Afiune Maya | |
| Committer: | Salim Afiune Maya | |
wip Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
| Commit: | fedd323 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | Dominik Richter | |
β v12 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | ebf6f34 | |
|---|---|---|
| Author: | Casey Clayton | |
| Committer: | GitHub | |
β¨ Add WIF auth support (#5439) * Add WIF token exchange calls to client * Add token fetching and handle exchange * Add function to figures out which provider to use * Add updated proto for upstream changes * Add ranger.go file for changed upstream.proto * Fix indentation * Add support for WIF config files * remove the default issuerUri from config.go, it's handled elsewhere * Use afero and add unit tests * Cleanup from when this was using flags * Clean up old and redundant code * Fix up tests
| Commit: | df6bea0 | |
|---|---|---|
| Author: | Casey Clayton | |
| Committer: | Casey Clayton | |
Fix indentation
| Commit: | 1dbbc48 | |
|---|---|---|
| Author: | Casey Clayton | |
| Committer: | Casey Clayton | |
Add WIF token exchange calls to client
| Commit: | 7d03294 | |
|---|---|---|
| Author: | kkereziev | |
| Committer: | kkereziev | |
β¨ add new exception types
| Commit: | 0eb9aaa | |
|---|---|---|
| Author: | kkereziev | |
| Committer: | kkereziev | |
β¨ add new exception types
| Commit: | a9abdae | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | Dominik Richter | |
β v12 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 6bff0e6 | |
|---|---|---|
| Author: | Casey Clayton | |
| Committer: | Casey Clayton | |
Fix indentation
| Commit: | 3ed06a8 | |
|---|---|---|
| Author: | Casey Clayton | |
| Committer: | Casey Clayton | |
Add WIF token exchange calls to client
| Commit: | d519d1b | |
|---|---|---|
| Author: | Casey Clayton | |
Add status to sbom package
| Commit: | 0e01b21 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
β¨ ip.cidr, ip.address and raw IP storage (#5292) * β¨ ip.cidr and raw IP storage Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π§Ή rename mask -> prefixlength Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π§Ή expand int2ip types Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π print CIDR of IP by default Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π more efficient bitmask generator Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π clarify IP internal vars Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * β¨ add ip.address Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π¨ switch from manual to proto-based IP marshaling Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π§Ή remove those unnecessary types Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π§Ή split up test for data conversion Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 1fcb88a | |
|---|---|---|
| Author: | Salim Afiune Maya | |
| Committer: | GitHub | |
π fix core `asset.labels` + β¨ new `asset.platformMetadata` (#5227) The labels of an asset come from the asset itself, not the platform, but as some point we made a mistake to use the platform labels, this PR is the first step to fix this issue. In this PR we are: * Introducing a new field to the proto message `asset.Platform.Metadata` with the goal to give more clarity and avoid confusions with `asset.Labels` * We are deprecating `asset.Platform.Labels` in favor of `asset.Platform.Metadata` (this field will be remove in `v12`) * We are introducing a new `asset.platformMetadata` to the `asset` MQL schema, this new field will have the `asset.Platform.Metadata` * We are fixing the `asset.labels` MQL resource to have the actual asset labels but, we are going to merge this field with the platform labels for backwards compatibility After merging this PR, we will start migrating the use of `asset.Platform.Labels` to `asset.Platform.Metadata`, so that in `v12` we can remove `asset.Platform.Labels. --------- Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
| Commit: | ad18fc9 | |
|---|---|---|
| Author: | Salim Afiune Maya | |
wip: remove platform.labels for testing Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
| Commit: | 2138e1d | |
|---|---|---|
| Author: | Salim Afiune Maya | |
βοΈ expose platform labels as `asset.platformMetadata` Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
| Commit: | 332996e | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
β¨ resource context in LR definition (#5176) Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | d19b449 | |
|---|---|---|
| Author: | Jay Mundrawala | |
| Committer: | GitHub | |
βοΈ Add tags to objectref (#5083) * βοΈ Add tags to objectref We can use the tags to provide additional metadata for variants like what icon to use and what title to show An example: ``` queries: - uid: mondoo-edr-policy-ensure-edr-agent-is-installed title: Ensure EDR Agent is installed variants: - uid: mondoo-edr-policy-ensure-edr-agent-is-installed-macos tags: mondoo.com/filter-title: macos - uid: mondoo-edr-policy-ensure-edr-agent-is-installed-linux tags: mondoo.com/filter-title: linux - uid: mondoo-edr-policy-ensure-edr-agent-is-installed-windows tags: mondoo.com/filter-title: windows ``` * update example
| Commit: | fe27e2e | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
π§Ή update documentation for protobuf and regenerate with latest protoc (#5045) * π§Ή update documentation of proto file * π§Ή update generated protobuf code
| Commit: | 82eb3d6 | |
|---|---|---|
| Author: | Jay Mundrawala | |
| Committer: | GitHub | |
Add disabled scoring system (#4944) Needed for https://github.com/mondoohq/cnspec/pull/1502
| Commit: | 549cf3c | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
βοΈ add more optional metadata fields to remediations (#4826)
| Commit: | 8bab9f0 | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
βοΈ product.releaseCycle resource (#4512)
| Commit: | 2311977 | |
|---|---|---|
| Author: | Tim Smith | |
| Committer: | GitHub | |
Capitalize Mondoo Platform in a few places (#4464) * Capitalize Mondoo Platform in a few places This also updates the short description of the platform that is used in `cnspec scan/shell help` ``` ... mondoo Scan the Mondoo Platform ... ``` Signed-off-by: Tim Smith <tsmith84@gmail.com> * Update Makefile Co-authored-by: Letha <letha@mondoo.com> * Update providers/mondoo/config/config.go Co-authored-by: Letha <letha@mondoo.com> * Update providers-sdk/v1/upstream/upstream.proto Co-authored-by: Letha <letha@mondoo.com> --------- Signed-off-by: Tim Smith <tsmith84@gmail.com> Co-authored-by: Letha <letha@mondoo.com>
| Commit: | c08fd8e | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
β¨ ListResources for resources explorer (#4448) Slowly starting to extend the functionality to cover exploration use-cases Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | e6e0016 | |
|---|---|---|
| Author: | Preslav Gerchev | |
| Committer: | GitHub | |
β¨ Add labels to the reporter assets. (#4401) Signed-off-by: Preslav <preslav@mondoo.com>
| Commit: | fd341e8 | |
|---|---|---|
| Author: | Preslav Gerchev | |
| Committer: | GitHub | |
β¨ Add Azure ID and Azure sub external IDs to the sbom proto. (#4348) Signed-off-by: Preslav <preslav@mondoo.com>
| Commit: | 4833f78 | |
|---|---|---|
| Author: | Christian Zunker | |
| Committer: | GitHub | |
β¨ Expose package vendor via MQL (#4357) Based on #7524 Signed-off-by: Christian Zunker <christian@mondoo.com>
| Commit: | 7740874 | |
|---|---|---|
| Author: | Preslav | |
| Committer: | Preslav | |
π§Ή Drop deprecated v8 kind. Signed-off-by: Preslav <preslav@mondoo.com>
| Commit: | 217bbb1 | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
βοΈ support env variables as credential type for inventories (#3792) This is especially useful when used in CI/CD environments. Users have a pre-defined inventory file with one or multiple entries but do not want to store the secrets in there. Instead the CI/CD run defines the secret via an environment variable. ```yaml spec: assets: - connections: - type: slack credentials: - type: env env: CUSTOM_SLACK_TOKEN ```
| Commit: | 27bf823 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
π v11 π (#3755) * π v11 π Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π’ lint Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π’ fix mockprovider (version bumped to v11) Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 7652752 | |
|---|---|---|
| Author: | Preslav Gerchev | |
| Committer: | GitHub | |
β¨Add trace-id to sbom proto. (#3752) Signed-off-by: Preslav <preslav@mondoo.com>
| Commit: | 5136576 | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
βοΈ trace-id argument for cnquery (#3749) * βοΈ trace-id argument for cnquery * π§Ή update tests
| Commit: | 403df5b | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
βοΈ define proto for cnspec report (#3697) * βοΈ define proto for cnspec report * π§Ή use new proto report format for sbom
| Commit: | 3a2d0b9 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
β resources explorer API (#3668) * β upstream recording support Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π ensure recordings get updated MRNs after discovery We previously only store the internal asset ID in recordings. However, whenever available, we want to use the MRN in the ID field. This will provide better lookups for the recording when loading assets via MRN. Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π§ͺ Migrate Resources Explorer to cnquery Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π§Ή entirely restructure the resources explorer Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π pull platform IDs into recording Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π’ go mod tidy Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * β¨ mark upstream as hidden for now Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 2a9c40c | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | Christoph Hartmann | |
βοΈ new vuln mgmt proto api
| Commit: | fda3374 | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
π§Ή support origin package information sbom (#3558)
| Commit: | 00f3bbb | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
β add TechnologyUrl to platform + AssetUrlTrees to provider (#3540) * β add TechnologyUrl to platform + AssetUrlTrees to provider 1. Providers are extended to define their AssetUrlTrees. These are part of the config and can be loaded statically. This allows developers to define and extend existing AssetUrlTrees. Note that we currently maintain a `/technology=X` asset tree. We are in the process of adding all providers to this grouping strategy. 2. Extend the inventory definition of the asset `Platform` to include the TechnologyUrl. While assets may belong to a multitude of URLs, the platform definition only focuses on the technology URL. 3. Implement both for the `os` provider. Note: Initially this was designed to define the entire tree of URLs, including all OS names and versions. I noticed, however, that the structure of the tree doesn't change by different OS families, names, or versions, at all. Thus, we use `*` to allow for arbitrary terms, as these terms won't have any impact on the remaining URL. Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π§Ή check against platform name or version being empty Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | a906786 | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
βοΈ support scope mrn reading from service account (#3146)
| Commit: | fe83bb0 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
β introduce asset URLs (#3529) * β introduce asset URLs From the code docs: Assets are generally structured in a giant graph. However, we often find it difficult to reason with arbitrary graphs. As humans, we tend to group assets into hierarchical tree structures, that make it easy for us to put them into a box and reason about them. For example: A techology-centric view of the world would group a VM in a cloud environment like this: /aws/accountX/ec2/instances/linux/debian/8.0 Every entry in this path structure follows a strict schema. Thus "aws" above is the chosen path value for the key "technology". As you can see, some keys lead to predefined (limited) values (technology can be aws, azure, os, k8s, etc), while other keys can have (almost) arbitrary values (eg account). Providers create this schema and may extend this schema. Providers cannot create conflicting entries in this schema. Assets can belong to multiple URLs at the same time, which allows us to look at it from different perspectives. URLs enable fast lookup, but do not restrict in terms of the search. This support looking at e.g. linux instances on all kinds of environments and runtimes. Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π’ opinionated linter... Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * β¨ add method to build asset url chain from path Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 1b98d7f | |
|---|---|---|
| Author: | Ivan Milchev | |
| Committer: | GitHub | |
βοΈ delayed asset discovery (#3496) * delayed asset discovery Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix delayed discovery scans Signed-off-by: Ivan Milchev <ivan@mondoo.com> * skip discovery only for new clients Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix build Signed-off-by: Ivan Milchev <ivan@mondoo.com> * SkipDiscovery -> DelayDiscovery Signed-off-by: Ivan Milchev <ivan@mondoo.com> * cleanup delayed discovery handling Signed-off-by: Ivan Milchev <ivan@mondoo.com> * extend provider tests to cover delayed discovery Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix comments Signed-off-by: Ivan Milchev <ivan@mondoo.com> --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com>
| Commit: | 54e3819 | |
|---|---|---|
| Author: | Ivan Milchev | |
| Committer: | GitHub | |
β¨ add isLastBatch to StoreResults (#3508) * β¨ add isLastBatch to StoreResults Signed-off-by: Ivan Milchev <ivan@mondoo.com> * set flag when storeresults is called Signed-off-by: Ivan Milchev <ivan@mondoo.com> --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com>
| Commit: | 7f2f837 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
π§ͺ experimental: decayed + banded scoring (#3466) These will be added in cnspec, keywords need to be defined in cnquery Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
| Commit: | 7d1f8a5 | |
|---|---|---|
| Author: | Ivan Milchev | |
| Committer: | GitHub | |
β¨ refactor providers coordinator (#3308) * β¨ shutdown any unused providers on runtime.Close Signed-off-by: Ivan Milchev <ivan@mondoo.com> * add a Coordinator interface to allow mocking Signed-off-by: Ivan Milchev <ivan@mondoo.com> * use uber mockgen instead of golang mockgen Signed-off-by: Ivan Milchev <ivan@mondoo.com> * cleanup coordinator code Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix makefile and gitignore Signed-off-by: Ivan Milchev <ivan@mondoo.com> * remove Stop function from coordinator interface Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix gh actions Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix deadlock Signed-off-by: Ivan Milchev <ivan@mondoo.com> * add mocks for plugins Signed-off-by: Ivan Milchev <ivan@mondoo.com> * add more tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * refactor mock generation Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * add more tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * remove unused var Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix go.mod formatting Signed-off-by: Ivan Milchev <ivan@mondoo.com> * lock for the whole call of GetRunningProvider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * π§Ή use 1 global resource schema instead of per runtime (#3326) * use uber mockgen instead of golang mockgen Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix go.mod formatting Signed-off-by: Ivan Milchev <ivan@mondoo.com> * π§Ή use 1 global resource schema instead of per runtime Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix more tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * make sure resource overriding and extension works Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix more failing tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * code cleanup Signed-off-by: Ivan Milchev <ivan@mondoo.com> * more test fixes Signed-off-by: Ivan Milchev <ivan@mondoo.com> * more fixes Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix extensible schema test Signed-off-by: Ivan Milchev <ivan@mondoo.com> * add more safe guards for merging resources Signed-off-by: Ivan Milchev <ivan@mondoo.com> * make extensible schema test deterministic Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix comments Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix linter Signed-off-by: Ivan Milchev <ivan@mondoo.com> --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com> * code cleanup Signed-off-by: Ivan Milchev <ivan@mondoo.com> --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com>
| Commit: | 04b47bb | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
βοΈ SBOM pkg files (#3317) * βοΈ add evidence of package files on disk into sbom * π§Ή improve sbom evidence rendering and simplify naming
| Commit: | 054b1dc | |
|---|---|---|
| Author: | Ivan Milchev | |
| Committer: | GitHub | |
βοΈ support re-using MQL cache between provider connections (#3274) * βοΈ support re-using MQL cache between provider connections Signed-off-by: Ivan Milchev <ivan@mondoo.com> * remove go-memoize from k8s provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * make k8s discovery reuses mql cache Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate arista provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate atlassian provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate aws provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate os provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate azure provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate equinix provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * re-use plugin.Connection instead of copying functions Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate gcp provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate github provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate gitlab provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * make sure cache is reused for discovered gcp assets Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate google-workspace provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate ipmi provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate ms365 provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate network provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * define plugin.Connection and reuse in all providers Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate okta provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate opcua provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate slack provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate terraform provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate vcd provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate vsphere provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix test build Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix linter error Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix mock provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix dns tests for network provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix more tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * re-use plugin.Connection in os provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * add tests for connection sharing Signed-off-by: Ivan Milchev <ivan@mondoo.com> * do not use pointer for ParentID Signed-off-by: Ivan Milchev <ivan@mondoo.com> * use plugin.Connection in winrm Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com>
| Commit: | c32aa49 | |
|---|---|---|
| Author: | Ivan Milchev | |
| Committer: | GitHub | |
βοΈ refactor providers code (#3242) * refactor providers code * make sure AddRuntime uses a runtime builder function * fix k8s tests * fix runtime * migrate arista provider * migrate atlassian provider * migrate aws provider * migrate azure provider * migrate core provider * migrate equinix provider * migrate gcp provider * migrate github provider * migrate gitlab provider * migrate google-workspace provider * migrate ipmi provider * migrate ms365 provider * migrate network provider * migrate oci provider * migrate okta provider * migrate opcua provider * migrate os provider * migrate slack provider * migrate terraform provider * migrate vcd provider * migrate vsphere provider * call Disconnect on runtime close * fix broken test * fix tests * fix deadlock * properly call disconnect * add tests for service * fix terraform provider connection ids * fix more provider connection ids --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com>
| Commit: | d9762d9 | |
|---|---|---|
| Author: | vjeffrey | |
| Committer: | GitHub | |
π§Ή add aws org externalid type to sbom proto (#3160)
| Commit: | 83023b4 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
β implement StoreResults for resources data (#3096)
| Commit: | 3e502d0 | |
|---|---|---|
| Author: | Dominik Richter | |
| Committer: | GitHub | |
π v10 π (#2966) * π remove v9 from ID of providers We don't want it in the ID, since they have a separate version info. Having the ID in the name makes it much trickier to update a provider (technically). * π§Ή remove leftover _motor files from v9 migration Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π v10 bump Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π’ remove unused tracer Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π’ lint line length in proto Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * π§Ή update generated files * π§Ή fix spelling in makefile * π§Ή use list of cross-connection provider * make network provider backwards-compatible * π§Ή remove k8s.kubelet alias * π§Ή update provider ids in recordings --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com> Co-authored-by: Christoph Hartmann <chris@lollyrock.com>
| Commit: | 6510e0d | |
|---|---|---|
| Author: | vjeffrey | |
| Committer: | GitHub | |
π§Ή add started status & error message to sbom proto (#2988)
| Commit: | f264fde | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
βοΈ new panic handler that reports client panics (#2963) * βοΈ new panic handler that reports client panics * π§Ή use log.Error instead of lof.Info
| Commit: | 4d22cdf | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | Christoph Hartmann | |
βοΈ improved recordings
| Commit: | 7f0391c | |
|---|---|---|
| Author: | Ivan Milchev | |
| Committer: | GitHub | |
add out of scope action (#2848) Signed-off-by: Ivan Milchev <ivan@mondoo.com>
| Commit: | b70547d | |
|---|---|---|
| Author: | Ivan Milchev | |
| Committer: | GitHub | |
π fix mvd go package name (#2847) Signed-off-by: Ivan Milchev <ivan@mondoo.com>
| Commit: | 8c1c31e | |
|---|---|---|
| Author: | Christian Zunker | |
| Committer: | GitHub | |
π Fix cvss.proto import path (#2823) Signed-off-by: Christian Zunker <christian@mondoo.com>
| Commit: | a8c6437 | |
|---|---|---|
| Author: | Christian Zunker | |
| Committer: | GitHub | |
β¨ New vulnmgmt resources (#2654) * β¨ New vulnmgmt resources Signed-off-by: Christian Zunker <christian@mondoo.com> Co-authored-by: Ivan Milchev <ivan@mondoo.com>
| Commit: | c0709b0 | |
|---|---|---|
| Author: | Christoph Hartmann | |
| Committer: | GitHub | |
βοΈ new experimental sbom subcommand (#2642) * βοΈ sbom support * π§Ή add experimental message to sbom sub command