v1.0.0

What's Changed

• Adds initial commit of core policies by @scottford-io in #1
• Add policies for securing Chef products by @tas50 in #2
• Updates AWS baseline with new controls, docs, and metadata by @scottford-io in #3
• Adds new core policies for various default targets by @scottford-io in #4
• Remove use of --token in GH policy by @tas50 in #5
• Update mondoo cli -> cnspec cli by @tas50 in #6
• updates scoring system and severity for github baseline by @scottford-io in #7
• Sync policy updates from the Mondoo repo by @tas50 in #8
• ⭐️ Add more k8s controls to Mondoo policies by @imilchev in #9
• Standardize cnspec default policy naming by @scottford-io in #12
• Don't error checking /etc/shadow if it's not there by @tas50 in #10
• ⭐️ add extra queries to mondoo k8s security policy by @joelddiaz in #11
• ⭐️ add linux workstation policy by @chris-rock in #15
• 🧹 update linux policy with new properties by @chris-rock in #14
• 🧹 merge TLS and TLS certificate policies into one policy by @chris-rock in #18
• 🧹 simplify uid for the macos policy by @chris-rock in #16
• Adds Mondoo GCP security policy and gitignore by @scottford-io in #19
• 🐛 fix property specs in linux policy by @chris-rock in #20
• 🧹 change policies with severity to worst scoring by @chris-rock in #21
• 🧹 harmonize policy uids by @chris-rock in #22
• re-titling kubernetes-security policy by @joelddiaz in #17
• Improve wording in AWS policy by @tas50 in #24
• 🧹 simplify windows policy uid by @chris-rock in #23
• More wording improvements to AWS Policy by @tas50 in #25
• More improvements to wording in policies by @tas50 in #27
• Fix more typos by @tas50 in #28
• 🐛 remove duplicated query by @chris-rock in #30
• Adds initial commit of Microsoft Azure Security by Mondoo by @scottford-io in #32
• update readme, and community links & improve wording for extra policies by @chris-rock in #26
• Add CLA Action by @benr in #33
• 🐛 Fail when auditd config file not present by @czunker in #35
• Update CLA message and allow list by @benr in #37
• Point to what we mean in yaml in more places by @tas50 in #36
• 🐛 Fixes PKI/SSL check for minikube by @czunker in #34
• 🧹 owner mrn is not required anymore therefore we can simply remove it by @chris-rock in #40
• 🧹 improve query ids for dns policy by @chris-rock in #39
• Adds updated overview for AWS Security by Mondoo by @scottford-io in #41
• Updates header tags in README for consistency by @scottford-io in #42
• 🧹 improve query ids for tls policy by @chris-rock in #38
• Updates policy overviews by @scottford-io in #43
• 🧹 update windows policy by @chris-rock in #45
• 🐛 Fix flaky gcp terraform query. by @preslavgerchev in #44
• 🧹 update uids for linux policy by @chris-rock in #46
• allow setting annnotation (per-UID) by @joelddiaz in #47
• Improve /etc/ file docs on Linux by @tas50 in #54
• 🐛 Fix application of probe controls by @czunker in #56
• 🐛 Add remediation to some controls by @czunker in #57
• Validate policies in a GitHub action by @tas50 in #29
• correct the remediation for the ssh private host key it must 600 by @atomic111 in #58
• adjust severity for and ssh-permituserenvironment and ssh-x11-forwarding by @atomic111 in #59
• fixes aws.iam check to ensure only one key is active by @scottford-io in #55
• 📄 Add 'why' and refs to k8s best practices by @czunker in #62
• fix remediation shell script for system accounts are non login by @atomic111 in #60
• Fixes asset filtering on Terraform policies by @scottford-io in #63
• add openssl vuln policy by @atomic111 in #65
• 🧹 align openssl vulnerability policy file name to policy name by @chris-rock in #66
• 🧹 add mql file extension by @chris-rock in #67
• Adds new controls for software updates by @scottford-io in #64
• add CVE numbers to openssl policy by @atomic111 in #68
• 🐛 Fix kubelet config control by @imilchev in #69
• 🧹 Updated queries in Kubernetes Policies regarding 'ephemeralContainers' by @mm-weber in #73
• introduce impact and smaller fixes by @atomic111 in #75
• 🧹 #49 fixed remediation: Ensure that strong Key Exchange algorithms are… by @mm-weber in #74
• ⭐️ slack security policy by @chris-rock in #76
• ⭐️ google workspace security policy by @chris-rock in #77
• Improve format of descriptions + titles in new policies by @tas50 in #79
• Aide in Ubuntu 22.04 had a new setting for cronjob by @tschuchort in #78
• Fix spacing and typos in policies by @tas50 in #80
• 🧹 remove unused flag is_public by @chris-rock in #81
• Add spellcheck github action + dependabot our actions by @tas50 in #82
• Bump actions/checkout from 2 to 3 by @dependabot in #83
• 🧹 improve slack policy by @chris-rock in #84
• Ignore SLACKBOT by @frozen425 in #85
• 🧹 improve slack policy by @chris-rock in #86
• 🧹 Rework of Linux related queries focusing on robustness and using native resources by @mm-weber in #88
• fix remediation for mac nfs test by @atomic111 in #91
• 🧹 Update the file extension of chef policies by @tas50 in #93
• ⭐️ add additional tags to policies by @chris-rock in #95
• 🐛 update tags for gcp policy by @chris-rock in #96
• 🧹 use cnspec for bundle validate by @chris-rock in #94
• Add certificate expiration check for k8s-ingress by @joelddiaz in #97
• Fix typos in policies by @tas50 in #98
• 🐛 fix yaml issues detected by new linter by @chris-rock in #99
• 🧹 release policies workflow by @chris-rock in #100

New Contributors

• @scottford-io made their first contribution in #1
• @tas50 made their first contribution in #2
• @imilchev made their first contribution in #9
• @joelddiaz made their first contribution in #11
• @chris-rock made their first contribution in #15
• @benr made their first contribution in #33
• @czunker made their first contribution in #35
• @preslavgerchev made their first contribution in #44
• @atomic111 made their first contribution in #58
• @mm-weber made their first contribution in #73
• @tschuchort made their first contribution in #78
• @dependabot made their first contribution in #83
• @frozen425 made their first contribution in #85

Full Changelog: https://github.com/mondoohq/cnspec-policies/commits/v1.0.0