Proto commits in mondoohq/cnquery

These commits are when the Protocol Buffers files have changed: (only the last 100 relevant commits are shown)

Commit:5ca99bc
Author:Christoph Hartmann
Committer:GitHub

🌟 fex: publish Finding Exchange proto contract in the provider SDK (#8478) * 🌟 fex: publish Finding Exchange proto contract in the provider SDK Add a new providers-sdk/v1/upstream/fex package publishing the public Finding Exchange (FEX) and Vulnerability Exchange (VEX) data structures. This is the contract query packs use to construct finding/vulnerability documents and the format used to batch findings for upload. Messages: - FindingDocument (oneof wrapper: vex or fex) - VulnerabilityExchange, FindingExchange - FindingsUploadRequest (batch wrapper) - supporting types: Affects, Component, FileComponent, Rating, Severity, Source, Reference, VulnerabilityDetails, Remediation, FindingDetail, Evidence (+ File/User/Process/Container/Kubernetes/RegistryKey/ Connection/AttackTactic/AttackTechnique) - enums: Status, ScoringMethod, Confidence, SeverityRating, and the nested Remediation.Category, FindingDetail.Category, Connection.ConnectionProtocol The package is self-contained (imports only well-known google protobuf types). Field 14 of VulnerabilityExchange is reserved. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * πŸ“„ fex: fix two doc-comment typos in fex.proto - "finding wa last seen" -> "finding was last seen" - add missing space after // on the Evidence comment Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * πŸ“„ fex: wrap Evidence comment to stay under 80 cols Adding the missing space after // pushed the line to 81 chars. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

The documentation is generated from this commit.

Commit:b2ad665
Author:Christoph Hartmann
Committer:GitHub

🧹 ci: replace check-spelling with typos (#8461) * 🧹 ci: replace check-spelling with typos for spell checking The check-spelling@v0.0.26 action self-aborts on a security advisory it published against its own latest release, so the spell-check job fails on every PR that touches a checked file. Switch to crate-ci/typos, which checks the whole repo and is config-driven. Add _typos.toml: exclude generated code and testdata, and baseline the existing vocabulary β€” real technical terms and abbreviations, a company name, intentional test fixtures, and a set of pre-existing misspellings that are baked into MQL schema field names / exported Go identifiers (renaming those is a breaking change, left for a separate cleanup). Also fix the genuine typos typos found in comments, strings, and local identifiers across the tree, and drop the now-unused check-spelling config under .github/actions/spelling. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * 🧹 ci: address spell-check review feedback - ipmi: keep the misspelled "ipmbEventReciever" JSON tag for wire/persisted compatibility (renaming it silently drops the field from old payloads); the Go field stays correctly named. Baseline "reciever" in _typos.toml. - ms365: fix "scaped"/"scaping" -> "escaped"/"escaping" in comments, which typos missed. - sbom: regenerate mql_sbom.pb.go from the .proto via go generate rather than hand-editing the generated file. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com>

Commit:fe4c014
Author:Christoph Hartmann
Committer:Christoph Hartmann

🧹 ci: replace check-spelling with typos for spell checking The check-spelling@v0.0.26 action self-aborts on a security advisory it published against its own latest release, so the spell-check job fails on every PR that touches a checked file. Switch to crate-ci/typos, which checks the whole repo and is config-driven. Add _typos.toml: exclude generated code and testdata, and baseline the existing vocabulary β€” real technical terms and abbreviations, a company name, intentional test fixtures, and a set of pre-existing misspellings that are baked into MQL schema field names / exported Go identifiers (renaming those is a breaking change, left for a separate cleanup). Also fix the genuine typos typos found in comments, strings, and local identifiers across the tree, and drop the now-unused check-spelling config under .github/actions/spelling. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

Commit:c8880f1
Author:Dominik Richter
Committer:GitHub

πŸ“ƒ document alias handling on resources metadata (#8201)

Commit:d90a2b7
Author:Preslav

✨ Add SendReport RPC for structured diagnostic reports ErrorReporting now also exposes SendReport β€” a schema-less envelope that ships a google.protobuf.Struct payload tagged with a report_type discriminator. The envelope (service_account_mrn, agent_mrn, product, tags) mirrors SendErrorReq so both flow through the same auth + Sentry routing on the platform side. First consumer is the serverless-scanner-aws lambda's on-demand health report. The server-side handler can stay a no-op until consumers materialize; the type registration in this PR is enough for clients to start emitting. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Commit:918a60e
Author:Christian Zunker
Committer:GitHub

✨ sbom.Package: add license + install_date proto fields (#7817) Adds two slots on sbom.Package so SBOM uploads can carry the new package metadata exposed by the OS / npm / python work: string license = 26; string install_date = 27; `license` is the SPDX expression (or upstream-reported license string). `install_date` is RFC3339 β€” empty when the backend doesn't report install time (dpkg without log parsing, apk, pacman, macOS). Pure proto + regen; no behavioural change to existing code paths. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Commit:33e4b54
Author:Jay Mundrawala
Committer:GitHub

🎫 Add feature flag for token-response WIF token exchange (#7362) Introduces the ExchangeTokenForToken feature flag. When enabled, the WIF external token exchange sends response_type=TOKEN and decodes the returned bearer token into ServiceAccountCredentials.Token. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Commit:8d9ecd8
Author:Jay Mundrawala
Committer:GitHub

Allow authenticating a service account with a bearer token (#6910)

Commit:a93c983
Author:Dominik Richter
Committer:GitHub

⭐ introduce maturity for providers, resources, and fields (#7140)

Commit:5cdca23
Author:Christoph Hartmann
Committer:GitHub

🧹 update copyright year to 2024, 2026 and bump copywrite to v0.25.2 (#7082) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Commit:da25948
Author:Ivan Milchev
Committer:GitHub

✨ implement vault delete for berglas (#7078) * ✨ implement vault delete for berglas Signed-off-by: Ivan Milchev <ivan@mondoo.com> * address comments Signed-off-by: Ivan Milchev <ivan@mondoo.com> --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com>

Commit:52e7bf6
Author:Mikita Iwanowski
Committer:GitHub

✨ Add custom tags to error reports for enhanced context (#6957)

Commit:2cbeede
Author:vj

✨ Add platform info to slow query alert Add PlatformInfo message to the error reporting proto and include it in SendErrorReq and SlowQueryInfo so slow query alerts carry context about the platform being scanned (name, arch, title, kind, runtime). Closes #6877 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Commit:c839db3
Author:Dominik Richter
Committer:GitHub

✨ track provider versions per resources and fields (#6654) * ✨ track provider versions per resources and fields Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * πŸ› fix minMondooVersions to previous state Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:fc08d03
Author:Dominik Richter
Committer:Dominik Richter

πŸ›‘ rename sbom cnquery=>mql Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:55dc1bd
Author:Dominik Richter
Committer:Dominik Richter

πŸ›‘πŸŒŸ cnquery => mql (#6599) * πŸ›‘πŸŒŸ rename cnquery => mql This is a major restructure as part of the v13 release. We are renaming cnquery to simplify concepts and just focus on mql instead. As part of v13 we are already moving all querypacks to cnspec, so what remains is the unification of the data-plane. Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * ✨ cnquery => mql logo + duplicate cleanup Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:1190a8e
Author:Dominik Richter
Committer:Dominik Richter

πŸ›‘ remove cnquery scan (#6513) * πŸ›‘ remove cnquery scan Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🟒 try to fix tests Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🧹 remove benchmark tests (see details) - we don't have querypacks anymore, which is what the benchmarks were running - we have benchmarks in cnspec - we will instead want separate provider and runtime benchmarks Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:cfc2a23
Author:Dominik Richter

πŸ›‘ rename sbom cnquery=>mql Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:ac591d5
Author:Dominik Richter
Committer:GitHub

πŸ›‘πŸŒŸ cnquery => mql (#6599) * πŸ›‘πŸŒŸ rename cnquery => mql This is a major restructure as part of the v13 release. We are renaming cnquery to simplify concepts and just focus on mql instead. As part of v13 we are already moving all querypacks to cnspec, so what remains is the unification of the data-plane. Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * ✨ cnquery => mql logo + duplicate cleanup Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:71f87d4
Author:Tim Smith
Committer:GitHub

πŸ“„ Update outdated documentation URLs (#6569) * πŸ“„ Update outdated documentation URLs Fix redirecting URLs in comments and documentation: - golang.org β†’ go.dev (Go moved their docs) - docs.microsoft.com β†’ learn.microsoft.com (Microsoft consolidated docs) - jqlang.github.io/jq β†’ jqlang.org (jq moved their site) - tools.ietf.org β†’ datatracker.ietf.org (IETF consolidated) - www.terraform.io/docs β†’ developer.hashicorp.com/terraform (HashiCorp moved docs) - cnquery.io β†’ mondoo.com/cnquery (domain redirect) - git.k8s.io β†’ github.com/kubernetes (shortlink to full URL) - confluence.jetbrains.com β†’ jetbrains.com/help/teamcity (JetBrains moved docs) - wiki.jenkins.io β†’ jenkins.io/doc (Jenkins moved docs) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * 🧹 regenerate proto file * 🧹 fix protolint errors --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Christoph Hartmann <chris@lollyrock.com>

Commit:369c978
Author:Dominik Richter
Committer:GitHub

πŸ›‘ remove cnquery scan (#6513) * πŸ›‘ remove cnquery scan Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🟒 try to fix tests Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🧹 remove benchmark tests (see details) - we don't have querypacks anymore, which is what the benchmarks were running - we have benchmarks in cnspec - we will instead want separate provider and runtime benchmarks Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:66136f4
Author:Christoph Hartmann
Committer:GitHub

🧹shell suggestions (#6378) * 🧹 remove filtered queries for shell as this is not stable * 🧹simplify the shell completer * 🧹 include provider in suggestion * 🧹sort shell suggestion by connected provider * 🧹 add test for shell resource sorting function

Commit:c0d2c18
Author:Christoph Hartmann

🧹 include provider in suggestion

Commit:8dbd478
Author:Preslav Gerchev
Committer:GitHub

🧹 Drop deprecated v8 kind. (#3976) Signed-off-by: Preslav <preslav@mondoo.com>

Commit:bbada67
Author:Dominik Richter
Committer:GitHub

✨ extract property handler for bundles/packs + update examples (#5900)

Commit:7781208
Author:Dominik Richter
Committer:GitHub

⭐ add support for server-side features (#5898) This allows the server to set or unset certain features that it supports. This means e.g. that if the server can store resources data in the new format, we can send it this way. Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:97cab15
Author:Dominik Richter
Committer:Dominik Richter

πŸŽ‰ v12.0.0-pre1 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:ba6b63a
Author:Dominik Richter
Committer:Dominik Richter

πŸŽ‰ v12.0.0-pre1 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:8322827
Author:Christian Zunker
Committer:GitHub

✨ Add installed kernels explicitly to SBOM (#5868) * ✨ Detect active and inactive kernels Add the MQL data to the SBOM. Signed-off-by: Christian Zunker <christian@mondoo.com> * πŸ“ƒ tiny message doc Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Christian Zunker <christian@mondoo.com> Signed-off-by: Dominik Richter <dominik.richter@gmail.com> Co-authored-by: Dominik Richter <dominik.richter@gmail.com>

Commit:dafa41a
Author:Christian Zunker
Committer:Christian Zunker

✨ Detect active and inactive kernels Add the MQL data to the SBOM. Signed-off-by: Christian Zunker <christian@mondoo.com>

Commit:c7e3b00
Author:Dominik Richter
Committer:Dominik Richter

πŸŽ‰ v12 πŸŽ‰ Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:d678028
Author:Dominik Richter
Committer:Dominik Richter

⭐ v12 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:2c9d595
Author:Dominik Richter
Committer:Dominik Richter

⭐ v12 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:4a50cdf
Author:Dominik Richter
Committer:Dominik Richter

⭐ v12 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:8f45890
Author:Dominik Richter
Committer:GitHub

✨ introduce human time (#5778) This allows users to specify timestamps in a human-readable way. Particularly useful when dealing with YAML files, ie querypacks and policies, where you can now specify timestamps with a lot more grace and variety. We are also breaking out the time parsing code into its own utility so the same parser is now shared between MQL and policy/querypack bundles. Finally I found an issue with the numeric variants of RFC 822 and RFC 1123, since both are parsed in their non-numeric variants without error. Thus, the numeric variants are removed for now in the auto-detection. Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:d509746
Author:Christoph Hartmann
Committer:GitHub

⭐️ Improve cnquery sbom command (#5750) * ⭐️ add protobom for sbom conversion * 🧹 users need to explicitly enable the exclusion of the evidence for sbom generation * ⭐️ exclude CPEs from SBOM export * ⭐️ sbom asset title * 🧹 update go mod * 🧹 update protobuf files * 🧹 update go mod * 🧹 fix tests * 🧹 update cli test

Commit:8df7438
Author:Christian Zunker
Committer:GitHub

✨ Add title to SBOM packages (#5746) Signed-off-by: Christian Zunker <christian@mondoo.com>

Commit:b14a4ac
Author:Salim Afiune Maya
Committer:GitHub

✨ cnquery run `--exit-1-on-failure` (#5656) This change adds a new flag named `--exit-1-on-failure` which will make `cnquery` exit with code `1` if any query result failed. Simple Example: ``` cnquery run -c "1==2" --exit-1-on-failure ``` Closes https://github.com/mondoohq/cnspec/issues/1671 Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>

Commit:8cd7f94
Author:Salim Afiune Maya
Committer:Salim Afiune Maya

✨ cnquery run `--exit-1-on-failure` This change adds a new flag named `--exit-1-on-failure` which will make `cnquery` exit with code `1` if any query result failed. Simple Example: ``` cnquery run -c "1==2" --exit-1-on-failure ``` Closes https://github.com/mondoohq/cnspec/issues/1671 Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>

Commit:ddfe8ef
Author:Christian Zunker
Committer:GitHub

✨ Add MQL VEX document resource (#5555) * ✨ Add VEX documents to shodan hosts Fixes: https://github.com/mondoohq/cnquery/issues/5404 Signed-off-by: Christian Zunker <christian@mondoo.com> * 🧹 Rename VEX MQL resource and also add to core Signed-off-by: Christian Zunker <christian@mondoo.com> * Remove source from proto Signed-off-by: Christian Zunker <christian@mondoo.com> * 🧹 reverse changes in shodan * 🧹 make vex resource public Signed-off-by: Christian Zunker <christian@mondoo.com> --------- Signed-off-by: Christian Zunker <christian@mondoo.com> Co-authored-by: Christoph Hartmann <chris@lollyrock.com>

Commit:85ad84e
Author:Ivan Milchev
Committer:GitHub

✨ extend sbom proto (#5535) Signed-off-by: Ivan Milchev <ivan@mondoo.com>

Commit:779e4a6
Author:Salim Afiune Maya
Committer:GitHub

⭐️ `lr`: add provider dependencies to schema (#5495) * ⭐️ `lr`: add provider dependencies to schema Resources within a provider can depend on resources from another provider, for example; The `os` provider depends on `network` provider. The `lr` parser already reads these imports but it wasn't passing it to the schema. This change adds the list of dependencies so that we can install them at runtime. Signed-off-by: Salim Afiune Maya <afiune@mondoo.com> * ✨ test dependencies in lr files Signed-off-by: Salim Afiune Maya <afiune@mondoo.com> --------- Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>

Commit:03884fa
Author:Dominik Richter
Committer:Dominik Richter

⭐ v12 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:e1647fb
Author:Salim Afiune Maya
Committer:Salim Afiune Maya

⭐️ `lr`: add provider dependencies to schema Resources within a provider can depend on resources from another provider, for example; The `os` provider depends on `network` provider. The `lr` parser already reads these imports but it wasn't passing it to the schema. This change adds the list of dependencies so that we can install them at runtime. Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>

Commit:0e78e82
Author:Salim Afiune Maya
Committer:Salim Afiune Maya

wip Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>

Commit:fedd323
Author:Dominik Richter
Committer:Dominik Richter

⭐ v12 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:ebf6f34
Author:Casey Clayton
Committer:GitHub

✨ Add WIF auth support (#5439) * Add WIF token exchange calls to client * Add token fetching and handle exchange * Add function to figures out which provider to use * Add updated proto for upstream changes * Add ranger.go file for changed upstream.proto * Fix indentation * Add support for WIF config files * remove the default issuerUri from config.go, it's handled elsewhere * Use afero and add unit tests * Cleanup from when this was using flags * Clean up old and redundant code * Fix up tests

Commit:df6bea0
Author:Casey Clayton
Committer:Casey Clayton

Fix indentation

Commit:1dbbc48
Author:Casey Clayton
Committer:Casey Clayton

Add WIF token exchange calls to client

Commit:7d03294
Author:kkereziev
Committer:kkereziev

✨ add new exception types

Commit:0eb9aaa
Author:kkereziev
Committer:kkereziev

✨ add new exception types

Commit:a9abdae
Author:Dominik Richter
Committer:Dominik Richter

⭐ v12 Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:6bff0e6
Author:Casey Clayton
Committer:Casey Clayton

Fix indentation

Commit:3ed06a8
Author:Casey Clayton
Committer:Casey Clayton

Add WIF token exchange calls to client

Commit:d519d1b
Author:Casey Clayton

Add status to sbom package

Commit:0e01b21
Author:Dominik Richter
Committer:GitHub

✨ ip.cidr, ip.address and raw IP storage (#5292) * ✨ ip.cidr and raw IP storage Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🧹 rename mask -> prefixlength Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🧹 expand int2ip types Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * πŸ› print CIDR of IP by default Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🐎 more efficient bitmask generator Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * πŸ“ƒ clarify IP internal vars Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * ✨ add ip.address Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * πŸ”¨ switch from manual to proto-based IP marshaling Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🧹 remove those unnecessary types Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🧹 split up test for data conversion Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:1fcb88a
Author:Salim Afiune Maya
Committer:GitHub

πŸ› fix core `asset.labels` + ✨ new `asset.platformMetadata` (#5227) The labels of an asset come from the asset itself, not the platform, but as some point we made a mistake to use the platform labels, this PR is the first step to fix this issue. In this PR we are: * Introducing a new field to the proto message `asset.Platform.Metadata` with the goal to give more clarity and avoid confusions with `asset.Labels` * We are deprecating `asset.Platform.Labels` in favor of `asset.Platform.Metadata` (this field will be remove in `v12`) * We are introducing a new `asset.platformMetadata` to the `asset` MQL schema, this new field will have the `asset.Platform.Metadata` * We are fixing the `asset.labels` MQL resource to have the actual asset labels but, we are going to merge this field with the platform labels for backwards compatibility After merging this PR, we will start migrating the use of `asset.Platform.Labels` to `asset.Platform.Metadata`, so that in `v12` we can remove `asset.Platform.Labels. --------- Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>

Commit:ad18fc9
Author:Salim Afiune Maya

wip: remove platform.labels for testing Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>

Commit:2138e1d
Author:Salim Afiune Maya

βš™οΈ expose platform labels as `asset.platformMetadata` Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>

Commit:332996e
Author:Dominik Richter
Committer:GitHub

✨ resource context in LR definition (#5176) Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:d19b449
Author:Jay Mundrawala
Committer:GitHub

⭐️ Add tags to objectref (#5083) * ⭐️ Add tags to objectref We can use the tags to provide additional metadata for variants like what icon to use and what title to show An example: ``` queries: - uid: mondoo-edr-policy-ensure-edr-agent-is-installed title: Ensure EDR Agent is installed variants: - uid: mondoo-edr-policy-ensure-edr-agent-is-installed-macos tags: mondoo.com/filter-title: macos - uid: mondoo-edr-policy-ensure-edr-agent-is-installed-linux tags: mondoo.com/filter-title: linux - uid: mondoo-edr-policy-ensure-edr-agent-is-installed-windows tags: mondoo.com/filter-title: windows ``` * update example

Commit:fe27e2e
Author:Christoph Hartmann
Committer:GitHub

🧹 update documentation for protobuf and regenerate with latest protoc (#5045) * 🧹 update documentation of proto file * 🧹 update generated protobuf code

Commit:82eb3d6
Author:Jay Mundrawala
Committer:GitHub

Add disabled scoring system (#4944) Needed for https://github.com/mondoohq/cnspec/pull/1502

Commit:549cf3c
Author:Christoph Hartmann
Committer:GitHub

⭐️ add more optional metadata fields to remediations (#4826)

Commit:8bab9f0
Author:Christoph Hartmann
Committer:GitHub

⭐️ product.releaseCycle resource (#4512)

Commit:2311977
Author:Tim Smith
Committer:GitHub

Capitalize Mondoo Platform in a few places (#4464) * Capitalize Mondoo Platform in a few places This also updates the short description of the platform that is used in `cnspec scan/shell help` ``` ... mondoo Scan the Mondoo Platform ... ``` Signed-off-by: Tim Smith <tsmith84@gmail.com> * Update Makefile Co-authored-by: Letha <letha@mondoo.com> * Update providers/mondoo/config/config.go Co-authored-by: Letha <letha@mondoo.com> * Update providers-sdk/v1/upstream/upstream.proto Co-authored-by: Letha <letha@mondoo.com> --------- Signed-off-by: Tim Smith <tsmith84@gmail.com> Co-authored-by: Letha <letha@mondoo.com>

Commit:c08fd8e
Author:Dominik Richter
Committer:GitHub

✨ ListResources for resources explorer (#4448) Slowly starting to extend the functionality to cover exploration use-cases Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:e6e0016
Author:Preslav Gerchev
Committer:GitHub

✨ Add labels to the reporter assets. (#4401) Signed-off-by: Preslav <preslav@mondoo.com>

Commit:fd341e8
Author:Preslav Gerchev
Committer:GitHub

✨ Add Azure ID and Azure sub external IDs to the sbom proto. (#4348) Signed-off-by: Preslav <preslav@mondoo.com>

Commit:4833f78
Author:Christian Zunker
Committer:GitHub

✨ Expose package vendor via MQL (#4357) Based on #7524 Signed-off-by: Christian Zunker <christian@mondoo.com>

Commit:7740874
Author:Preslav
Committer:Preslav

🧹 Drop deprecated v8 kind. Signed-off-by: Preslav <preslav@mondoo.com>

Commit:217bbb1
Author:Christoph Hartmann
Committer:GitHub

⭐️ support env variables as credential type for inventories (#3792) This is especially useful when used in CI/CD environments. Users have a pre-defined inventory file with one or multiple entries but do not want to store the secrets in there. Instead the CI/CD run defines the secret via an environment variable. ```yaml spec: assets: - connections: - type: slack credentials: - type: env env: CUSTOM_SLACK_TOKEN ```

Commit:27bf823
Author:Dominik Richter
Committer:GitHub

πŸŽ‰ v11 πŸŽ‰ (#3755) * πŸŽ‰ v11 πŸŽ‰ Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🟒 lint Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🟒 fix mockprovider (version bumped to v11) Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:7652752
Author:Preslav Gerchev
Committer:GitHub

✨Add trace-id to sbom proto. (#3752) Signed-off-by: Preslav <preslav@mondoo.com>

Commit:5136576
Author:Christoph Hartmann
Committer:GitHub

⭐️ trace-id argument for cnquery (#3749) * ⭐️ trace-id argument for cnquery * 🧹 update tests

Commit:403df5b
Author:Christoph Hartmann
Committer:GitHub

⭐️ define proto for cnspec report (#3697) * ⭐️ define proto for cnspec report * 🧹 use new proto report format for sbom

Commit:3a2d0b9
Author:Dominik Richter
Committer:GitHub

⭐ resources explorer API (#3668) * ⭐ upstream recording support Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * πŸ› ensure recordings get updated MRNs after discovery We previously only store the internal asset ID in recordings. However, whenever available, we want to use the MRN in the ID field. This will provide better lookups for the recording when loading assets via MRN. Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * πŸ§ͺ Migrate Resources Explorer to cnquery Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🧹 entirely restructure the resources explorer Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * πŸ› pull platform IDs into recording Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🟒 go mod tidy Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * ✨ mark upstream as hidden for now Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:2a9c40c
Author:Christoph Hartmann
Committer:Christoph Hartmann

⭐️ new vuln mgmt proto api

Commit:fda3374
Author:Christoph Hartmann
Committer:GitHub

🧹 support origin package information sbom (#3558)

Commit:00f3bbb
Author:Dominik Richter
Committer:GitHub

⭐ add TechnologyUrl to platform + AssetUrlTrees to provider (#3540) * ⭐ add TechnologyUrl to platform + AssetUrlTrees to provider 1. Providers are extended to define their AssetUrlTrees. These are part of the config and can be loaded statically. This allows developers to define and extend existing AssetUrlTrees. Note that we currently maintain a `/technology=X` asset tree. We are in the process of adding all providers to this grouping strategy. 2. Extend the inventory definition of the asset `Platform` to include the TechnologyUrl. While assets may belong to a multitude of URLs, the platform definition only focuses on the technology URL. 3. Implement both for the `os` provider. Note: Initially this was designed to define the entire tree of URLs, including all OS names and versions. I noticed, however, that the structure of the tree doesn't change by different OS families, names, or versions, at all. Thus, we use `*` to allow for arbitrary terms, as these terms won't have any impact on the remaining URL. Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🧹 check against platform name or version being empty Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:a906786
Author:Christoph Hartmann
Committer:GitHub

⭐️ support scope mrn reading from service account (#3146)

Commit:fe83bb0
Author:Dominik Richter
Committer:GitHub

⭐ introduce asset URLs (#3529) * ⭐ introduce asset URLs From the code docs: Assets are generally structured in a giant graph. However, we often find it difficult to reason with arbitrary graphs. As humans, we tend to group assets into hierarchical tree structures, that make it easy for us to put them into a box and reason about them. For example: A techology-centric view of the world would group a VM in a cloud environment like this: /aws/accountX/ec2/instances/linux/debian/8.0 Every entry in this path structure follows a strict schema. Thus "aws" above is the chosen path value for the key "technology". As you can see, some keys lead to predefined (limited) values (technology can be aws, azure, os, k8s, etc), while other keys can have (almost) arbitrary values (eg account). Providers create this schema and may extend this schema. Providers cannot create conflicting entries in this schema. Assets can belong to multiple URLs at the same time, which allows us to look at it from different perspectives. URLs enable fast lookup, but do not restrict in terms of the search. This support looking at e.g. linux instances on all kinds of environments and runtimes. Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🟒 opinionated linter... Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * ✨ add method to build asset url chain from path Signed-off-by: Dominik Richter <dominik.richter@gmail.com> --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:1b98d7f
Author:Ivan Milchev
Committer:GitHub

⭐️ delayed asset discovery (#3496) * delayed asset discovery Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix delayed discovery scans Signed-off-by: Ivan Milchev <ivan@mondoo.com> * skip discovery only for new clients Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix build Signed-off-by: Ivan Milchev <ivan@mondoo.com> * SkipDiscovery -> DelayDiscovery Signed-off-by: Ivan Milchev <ivan@mondoo.com> * cleanup delayed discovery handling Signed-off-by: Ivan Milchev <ivan@mondoo.com> * extend provider tests to cover delayed discovery Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix comments Signed-off-by: Ivan Milchev <ivan@mondoo.com> --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com>

Commit:54e3819
Author:Ivan Milchev
Committer:GitHub

✨ add isLastBatch to StoreResults (#3508) * ✨ add isLastBatch to StoreResults Signed-off-by: Ivan Milchev <ivan@mondoo.com> * set flag when storeresults is called Signed-off-by: Ivan Milchev <ivan@mondoo.com> --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com>

Commit:7f2f837
Author:Dominik Richter
Committer:GitHub

πŸ§ͺ experimental: decayed + banded scoring (#3466) These will be added in cnspec, keywords need to be defined in cnquery Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

Commit:7d1f8a5
Author:Ivan Milchev
Committer:GitHub

✨ refactor providers coordinator (#3308) * ✨ shutdown any unused providers on runtime.Close Signed-off-by: Ivan Milchev <ivan@mondoo.com> * add a Coordinator interface to allow mocking Signed-off-by: Ivan Milchev <ivan@mondoo.com> * use uber mockgen instead of golang mockgen Signed-off-by: Ivan Milchev <ivan@mondoo.com> * cleanup coordinator code Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix makefile and gitignore Signed-off-by: Ivan Milchev <ivan@mondoo.com> * remove Stop function from coordinator interface Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix gh actions Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix deadlock Signed-off-by: Ivan Milchev <ivan@mondoo.com> * add mocks for plugins Signed-off-by: Ivan Milchev <ivan@mondoo.com> * add more tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * refactor mock generation Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * add more tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * remove unused var Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix go.mod formatting Signed-off-by: Ivan Milchev <ivan@mondoo.com> * lock for the whole call of GetRunningProvider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * 🧹 use 1 global resource schema instead of per runtime (#3326) * use uber mockgen instead of golang mockgen Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix go.mod formatting Signed-off-by: Ivan Milchev <ivan@mondoo.com> * 🧹 use 1 global resource schema instead of per runtime Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix more tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * make sure resource overriding and extension works Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix more failing tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * code cleanup Signed-off-by: Ivan Milchev <ivan@mondoo.com> * more test fixes Signed-off-by: Ivan Milchev <ivan@mondoo.com> * more fixes Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix extensible schema test Signed-off-by: Ivan Milchev <ivan@mondoo.com> * add more safe guards for merging resources Signed-off-by: Ivan Milchev <ivan@mondoo.com> * make extensible schema test deterministic Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix comments Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix linter Signed-off-by: Ivan Milchev <ivan@mondoo.com> --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com> * code cleanup Signed-off-by: Ivan Milchev <ivan@mondoo.com> --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com>

Commit:04b47bb
Author:Christoph Hartmann
Committer:GitHub

⭐️ SBOM pkg files (#3317) * ⭐️ add evidence of package files on disk into sbom * 🧹 improve sbom evidence rendering and simplify naming

Commit:054b1dc
Author:Ivan Milchev
Committer:GitHub

⭐️ support re-using MQL cache between provider connections (#3274) * ⭐️ support re-using MQL cache between provider connections Signed-off-by: Ivan Milchev <ivan@mondoo.com> * remove go-memoize from k8s provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * make k8s discovery reuses mql cache Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate arista provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate atlassian provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate aws provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate os provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate azure provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate equinix provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * re-use plugin.Connection instead of copying functions Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate gcp provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate github provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate gitlab provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * make sure cache is reused for discovered gcp assets Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate google-workspace provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate ipmi provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate ms365 provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate network provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * define plugin.Connection and reuse in all providers Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate okta provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate opcua provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate slack provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate terraform provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate vcd provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * migrate vsphere provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix test build Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix linter error Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix mock provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix dns tests for network provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix more tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * re-use plugin.Connection in os provider Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> * add tests for connection sharing Signed-off-by: Ivan Milchev <ivan@mondoo.com> * do not use pointer for ParentID Signed-off-by: Ivan Milchev <ivan@mondoo.com> * use plugin.Connection in winrm Signed-off-by: Ivan Milchev <ivan@mondoo.com> * fix tests Signed-off-by: Ivan Milchev <ivan@mondoo.com> --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com>

Commit:c32aa49
Author:Ivan Milchev
Committer:GitHub

⭐️ refactor providers code (#3242) * refactor providers code * make sure AddRuntime uses a runtime builder function * fix k8s tests * fix runtime * migrate arista provider * migrate atlassian provider * migrate aws provider * migrate azure provider * migrate core provider * migrate equinix provider * migrate gcp provider * migrate github provider * migrate gitlab provider * migrate google-workspace provider * migrate ipmi provider * migrate ms365 provider * migrate network provider * migrate oci provider * migrate okta provider * migrate opcua provider * migrate os provider * migrate slack provider * migrate terraform provider * migrate vcd provider * migrate vsphere provider * call Disconnect on runtime close * fix broken test * fix tests * fix deadlock * properly call disconnect * add tests for service * fix terraform provider connection ids * fix more provider connection ids --------- Signed-off-by: Ivan Milchev <ivan@mondoo.com>

Commit:d9762d9
Author:vjeffrey
Committer:GitHub

🧹 add aws org externalid type to sbom proto (#3160)

Commit:83023b4
Author:Dominik Richter
Committer:GitHub

⭐ implement StoreResults for resources data (#3096)

Commit:3e502d0
Author:Dominik Richter
Committer:GitHub

πŸŽ‰ v10 πŸŽ‰ (#2966) * πŸ›‘ remove v9 from ID of providers We don't want it in the ID, since they have a separate version info. Having the ID in the name makes it much trickier to update a provider (technically). * 🧹 remove leftover _motor files from v9 migration Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🌟 v10 bump Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🟒 remove unused tracer Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🟒 lint line length in proto Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * 🧹 update generated files * 🧹 fix spelling in makefile * 🧹 use list of cross-connection provider * make network provider backwards-compatible * 🧹 remove k8s.kubelet alias * 🧹 update provider ids in recordings --------- Signed-off-by: Dominik Richter <dominik.richter@gmail.com> Co-authored-by: Christoph Hartmann <chris@lollyrock.com>

Commit:6510e0d
Author:vjeffrey
Committer:GitHub

🧹 add started status & error message to sbom proto (#2988)

Commit:f264fde
Author:Christoph Hartmann
Committer:GitHub

⭐️ new panic handler that reports client panics (#2963) * ⭐️ new panic handler that reports client panics * 🧹 use log.Error instead of lof.Info

Commit:4d22cdf
Author:Christoph Hartmann
Committer:Christoph Hartmann

⭐️ improved recordings

Commit:7f0391c
Author:Ivan Milchev
Committer:GitHub

add out of scope action (#2848) Signed-off-by: Ivan Milchev <ivan@mondoo.com>

Commit:b70547d
Author:Ivan Milchev
Committer:GitHub

πŸ› fix mvd go package name (#2847) Signed-off-by: Ivan Milchev <ivan@mondoo.com>

Commit:8c1c31e
Author:Christian Zunker
Committer:GitHub

πŸ› Fix cvss.proto import path (#2823) Signed-off-by: Christian Zunker <christian@mondoo.com>

Commit:a8c6437
Author:Christian Zunker
Committer:GitHub

✨ New vulnmgmt resources (#2654) * ✨ New vulnmgmt resources Signed-off-by: Christian Zunker <christian@mondoo.com> Co-authored-by: Ivan Milchev <ivan@mondoo.com>

Commit:c0709b0
Author:Christoph Hartmann
Committer:GitHub

⭐️ new experimental sbom subcommand (#2642) * ⭐️ sbom support * 🧹 add experimental message to sbom sub command