Mondoo 7.18 is out!

🥳 Mondoo 7.18 is out! This release includes updated GCP resources, expanded EOL detection, and more!

Get this release: Installation Docs | Package Downloads | Docker Container

🧹 IMPROVEMENTS

GCP resource updates

We've continued to expand the data you can query using MQL in your GCP projects to make asset inventory and security easier:

Add new gcp.project.compute.addresses resource

Mqlscript
gcp.project.compute.addresses[0]: {
ipv6EndpointType: ""
created: 2022-12-15 12:45:25.62 -0800 -0800
address: "10.10.0.2"
network: data is not a map to auto-expand
networkTier: "PREMIUM"
id: "2700460578865297802"
userUrls: [
    0: "https://www.googleapis.com/compute/v1/projects/mondoo-edge/regions/us-central1/forwardingRules/gke-mondoo-gke-cluster-2-c255f8bc-73b71c8f-pe"
]
ipVersion: ""
name: "gke-mondoo-gke-cluster-2-c255f8bc-73b71c8f-pe"
status: "IN_USE"
subnetworkUrl: "https://www.googleapis.com/compute/v1/projects/mondoo-edge/regions/us-central1/subnetworks/mondoo-gke-cluster-2-subnet"
prefixLength: 0
networkUrl: ""
regionUrl: "https://www.googleapis.com/compute/v1/projects/mondoo-edge/regions/us-central1"
addressType: "INTERNAL"
purpose: "GCE_ENDPOINT"
description: ""
subnetwork: gcp.project.computeService.subnetwork name="mondoo-gke-cluster-2-subnet"
}

Add new gcp.project.compute.forwardingRules resource

Mqlscript
gcp.project.compute.forwardingRules: [
0: {
    description: ""
    ipProtocol: "TCP"
    serviceDirectoryRegistrations: []
    id: "1374403102344"
    labels: {}
    name: "front-lb-1-test"
    serviceName: ""
    network: gcp.project.computeService.network name="test-vpc-3"
    networkUrl: "https://www.googleapis.com/compute/v1/projects/manuel-development-2/global/networks/test-vpc-3"
    allPorts: false
    targetUrl: "https://www.googleapis.com/compute/v1/projects/manuel-development-2/regions/us-central1/targetHttpProxies/lb-1-test-target-proxy"
    ipAddress: "35.209.226.183"
    allowGlobalAccess: false
    networkTier: "STANDARD"
    backendService: ""
    isMirroringCollector: false
    subnetwork: data is not a map to auto-expand
    noAutomateDnsZone: false
    serviceLabel: ""
    ports: []
    loadBalancingScheme: "EXTERNAL_MANAGED"
    ipVersion: ""
    created: 2023-01-19 10:56:30.873 -0800 -0800
    metadataFilters: []
    regionUrl: "https://www.googleapis.com/compute/v1/projects/manuel-development-2/regions/us-central1"
    portRange: "80-80"
    subnetworkUrl: ""
}
]

gcp.project.dataproc.clusters data is now only gathered if if the DataProc Cloud service is enabled in the project.
Improve reliability of parsing GCP alert policies conditions.

New and improved EOL detection

We've improved support for detecting end of life (EOL) platforms with new and updates EOL detection support:

Added EOL detection support for FreeBSD.
Added EOL detection support for Linux Mint.
Added EOL date for Alpine 3.17.
Added EOL date for Fedora 36 and 37.
Updated Debian EOL dates to use the end of LTS dates.
Updated Photon 2.0 EOL date for the revised date of Dec 31, 2022.
Updated Amazon 2022 EOL date for the revised date of Nov 1, 2027.

Support storing Okta token in `OKTA_CLIENT_TOKEN` env var

If you don't want to pass your Okta token on the CLI with the --token flag, cnquery and cnspec now support fetching the token from the OKTA_CLIENT_TOKEN env var in your shell.

🐛 BUG FIXES AND UPDATES

Improve consistency of the icons in each integrations page and ensure they are all using the latest vendor logos.
Allow opening assets in the fleet view in new windows.
Don't show advisories with 0 impacted assets on the space overview page if there are no advisories for any assets in the space.