mondoohq · misterpantz · Sep 29, 2023 · Sep 29, 2023
diff --git a/.github/actions/spelling/README.md b/.github/actions/spelling/README.md
@@ -1,16 +1,15 @@
 # check-spelling/check-spelling configuration
 
-| File                                               | Purpose                                                                          | Format                                                    | Info                                                                                                 |
-| -------------------------------------------------- | -------------------------------------------------------------------------------- | --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
-| [dictionary.txt](dictionary.txt)                   | Replacement dictionary (creating this file will override the default dictionary) | one word per line                                         | [dictionary](https://github.com/check-spelling/check-spelling/wiki/Configuration#dictionary)         |
-| [allow.txt](allow.txt)                             | Add words to the dictionary                                                      | one word per line (only letters and `'`s allowed)         | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow)                   |
-| [reject.txt](reject.txt)                           | Remove words from the dictionary (after allow)                                   | grep pattern matching whole dictionary words              | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject)     |
-| [excludes.txt](excludes.txt)                       | Files to ignore entirely                                                         | perl regular expression                                   | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes) |
-| [only.txt](only.txt)                               | Only check matching files (applied after excludes)                               | perl regular expression                                   | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only)         |
-| [patterns.txt](patterns.txt)                       | Patterns to ignore from checked lines                                            | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) |
-| [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines                                                | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) |
-| [expect.txt](expect.txt)                           | Expected words that aren't in the dictionary                                     | one word per line (sorted, alphabetically)                | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect)                 |
-| [advice.md](advice.md)                             | Supplement for GitHub comment when unrecognized words are found                  | GitHub Markdown                                           | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice)     |
+| File                                               | Purpose                                                         | Format                                                    | Info                                                                                                 |
+| -------------------------------------------------- | --------------------------------------------------------------- | --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
+| [allow.txt](allow.txt)                             | Add words to the dictionary                                     | one word per line (only letters and `'`s allowed)         | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow)                   |
+| [reject.txt](reject.txt)                           | Remove words from the dictionary (after allow)                  | grep pattern matching whole dictionary words              | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject)     |
+| [excludes.txt](excludes.txt)                       | Files to ignore entirely                                        | perl regular expression                                   | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes) |
+| [only.txt](only.txt)                               | Only check matching files (applied after excludes)              | perl regular expression                                   | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only)         |
+| [patterns.txt](patterns.txt)                       | Patterns to ignore from checked lines                           | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) |
+| [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines                               | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) |
+| [expect.txt](expect.txt)                           | Expected words that aren't in the dictionary                    | one word per line (sorted, alphabetically)                | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect)                 |
+| [advice.md](advice.md)                             | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown                                           | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice)     |
 
 Note: you can replace any of these files with a directory by the same name (minus the suffix)
 and then include multiple files inside that directory (with that suffix) to merge multiple files together.
diff --git a/.github/actions/spelling/advice.md b/.github/actions/spelling/advice.md
@@ -9,7 +9,7 @@ If items relate to a ...
 
   File paths are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files.
 
-  `^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](../tree/HEAD/README.md) (on whichever branch you're using).
+  `^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude README.md (on whichever branch you're using).
 
 - well-formed pattern.
 

diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
@@ -1 +0,0 @@
-

diff --git a/.github/actions/spelling/line_forbidden.patterns b/.github/actions/spelling/line_forbidden.patterns
@@ -1,6 +1,18 @@
-# Detect common combinations of valid words that are in fact invalid. 
+# Detect common combinations of valid words that are in fact invalid.
 # Useful for brand capitalizations
 
+#
+# Our Terms
+#
+
+# s.b. Mondoo Platform
+\sthe Mondoo Platform\b
+\sMondoo platform\b
+
+# s.b. Compliance Hub
+\scompliance hub\b
+\sCompliance hubplatform\b
+
 #
 # Industry Terms
 #
@@ -17,6 +29,10 @@
 \bSaas\b
 \bsaas\b
 
+# s.b. Docker Hub
+\bDockerHub\b
+\bDockerhub\b
+
 # s.b. REST API
 \bRest API\b
 \brest API\b
@@ -25,15 +41,40 @@
 # s.b. DevSecOps
 \bDevsecops\b
 
+# s.b. on-premises
+\bon-premise\b
+
 #
 # Product Names
 #
 
+# s.b. Jira
+\bJIRA\b
+
+# s.b. MariaDB
+\bMaria DB\b
+\bmariaDB\b
+# \bmariaDb\b causes failures in MQL queries
+
+# s.b. PostgreSQL
+\bPostgreSql\b
+
+# s.b. Firefox
+\bFireFox\b
+
+# s.b. CentOS
+\bCentos\b
+\bCent OS\b
+\bcentOS\b
+
 # s.b. macOS
 \bOS X\b
 \bMacOS\b
 \bMac OS\b
 
+# s.b. Okta
+\bOcta\b
+
 # s.b. Elasticsearch
 \bElasticSearch\b
 
@@ -61,6 +102,7 @@
 
 # s.b. Red Hat
 \bRedHat\b
+\bRedhat\b
 
 # s.b. AlmaLinux
 \bAlma Linux\b
@@ -78,6 +120,10 @@
 \bApparmor\b
 \bApp Armor\b
 
+# s.b. SELinux
+\bSeLinux\b
+\bSelinux\b
+
 # s.b. InSpec
 \b[Ii]nspec\b
 
@@ -90,9 +136,52 @@
 # s.b. JavaScript
 \bJavascript\b
 
+# s.b. OpenSSL
+\bOpenssl\b
+\bopenSSL\b
+
+#
+# Microsoft Products
+#
+
 # s.b. Microsoft
 \bMicroSoft\b
 
+# s.b. Windows Server
+\bWindows server\b
+
+# s.b. Team Foundation Server
+\bTeam foundation server\b
+\bteam foundation server\b
+
+# s.b. Active Directory
+\bActive directory\b
+\bactive directory\b
+
+# s.b. Group Policy Object
+\bGroup policy object\b
+\bgroup policy object\b
+\bGroup Policy object\b
+
+#
+# VMware Products
+#
+
+# s.b. VMware
+\bVmware\b
+\bVMWare\b
+
+# s.b. vCenter
+\bVcenter\b
+\bVCenter\b
+
+# s.b. vSphere
+\bVsphere\b
+\bVSphere\b
+
+# s.b. ESXi
+\bEsxi\b
+
 #
 # AWS Products
 #
@@ -123,7 +212,9 @@
 \bCloudsearch\b
 
 # s.b. CloudShell
+# we can't check for Cloud Shell since that's what Azure calls it
 \bCloudshell\b
+\bcloudshell\b
 
 # s.b. CloudTrail
 \bCloudtrail\b
@@ -299,17 +390,91 @@
 \bCloudBuild\b
 \bCloud build\b
 
-# disabled for now in this repo due to false positives
 # s.b. Cloud Run
-# \bCloudRun\b
-# \bCloud run\b
+\bCloudRun\b
+\bCloud run\b
 
 #
 # Azure Products
 #
 
 # s.b. Key Vault
 \bKey vault\b
+\bKeyVault\b
+
+# s.b. Ampere
+\bampere\b
+
+# s.b. Azure DevOps Server
+\bAzure DevOps server\b
+
+# s.b. Synapse Analytics
+\bSynapse analytics\b
+\bsynapse analytics\b
+
+# s.b. Cognitive Services
+\bCognitive services\b
+\bcognitive services\b
+
+# s.b. Event Hubs
+\bEvent hubs\b
+\bevent hubs\b
+
+# s.b. CloudOps
+\bCloud Ops\b
+\bCloud ops\b
+\bcloud ops\b
+
+# s.b. Batch Service
+\bBatch service\b
+\bbatch service\b
+
+# s.b. Service Fabric Cluster
+\bservice fabric cluster\b
+
+# s.b. Azure Kubernetes Service
+\bAzure Kubernetes service\b
+
+# s.b. Cosmos DB
+\bCosmosDB\b
+\bCosmoDB\b
+\bCosmo DB\b
+
+# s.b. SignalR Service
+\bSignalR service\b
+\bSignal R Service\b
+
+# s.b. App Service Certificate
+\bapp service certificate\b
+
+# s.b. Privileged Identity Management
+\bprivileged identity management\b
+
+# s.b. BizTalk Service
+\bBizTalk service\b
+\bBiztalk service\b
+\bBiz Talk service\b
+\bBiz Talk Service\b
+
+# s.b. Data Box
+\bdata box\b
+
+# s.b. Database Migration Service
+\bdatabase migration service\b
+
+# s.b. Internet Analyzer
+\bInternet analyzer\b
+\binternet analyzer\b
+
+# s.b. Web Application Firewall
+\bWeb application firewall\b
+\bweb Application Firewall\b
+
+# s.b. SQL Vulnerability Assessment
+\bSQL vulnerability assessment\b
+
+# s.b. StorSimple
+\bStor Simple\b
 
 #
 # Common Typos
@@ -349,8 +514,12 @@
 # s.b. policies
 [Pp]olices
 
+# s.b. ID
+# \bId\b # disabled in this repo due to false positives
+
+# s.b. CSV
+\bCVS\b
+
 # Reject duplicate words
 \s([A-Z]{3,}|[A-Z][a-z]{2,}|[a-z]{3,})\s\g{-1}\s
 
-# s.b. ID
-\bId\b
diff --git a/.github/actions/spelling/patterns.txt b/.github/actions/spelling/patterns.txt
@@ -20,8 +20,11 @@ console\.mondoo\.com\/space.*\b
 # azure subscription ID
 [0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}
 
+# azure subscriptions URL
+\/subscriptions\/\S*
+
 # docker container
-[a-z,0-9]{12}
+\b[a-z,0-9]{12}\b
 
 # URLs in markdown links / images
 ]\(.*\)
@@ -31,3 +34,35 @@ Key Vault Vault
 
 # luna containers in scan output
 \bluna/.*\b
+
+# this comes up in permissions and is valid
+\broot root\b
+
+# AWS resources
+(ami|subnet|vpc|sg)-[0-9a-fA-F]{17}
+
+# http and https URLs
+https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)
+
+# registry key paths
+HKEY_[\w\\]*
+
+# Container digests
+\bsha256:\w*
+
+# mime types
+\bapplication\/\S*
+
+# skip mql uids
+uid:\s.*$
+
+# ARN values
+\barn:\S*
+
+# mac user dir path
+\/Users\/\S*
+
+# AWS Token, ID access key, etc
+aws_session_token\s+\=(\s+)?.+
+aws_access_key_id\s+\=(\s+)?.+
+aws_secret_access_key\s+\=(\s+)?.+
diff --git a/.github/actions/spelling/reject.txt b/.github/actions/spelling/reject.txt
@@ -10,4 +10,3 @@ Sorce
 ^untilling$
 ^wether.*
 \w*(?<!right-)click
-press
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,6 +1,11 @@
+---
 version: 2
 updates:
   - package-ecosystem: github-actions
     directory: /
     schedule:
       interval: daily
+  - package-ecosystem: bundler
+    directory: /
+    schedule:
+      interval: daily
diff --git a/.github/workflows/cla.yaml b/.github/workflows/cla.yaml
@@ -1,20 +1,21 @@
+---
 name: "CLA Assistant"
 on:
   issue_comment:
     types: [created]
   pull_request_target:
-    types: [opened,closed,synchronize]
+    types: [opened, closed, synchronize]
 
 jobs:
   CLAssistant:
     runs-on: ubuntu-latest
     steps:
       - name: "CLA Assistant"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the Mondoo CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
-        uses: contributor-assistant/[email protected].0
+        uses: contributor-assistant/[email protected].1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PERSONAL_ACCESS_TOKEN : ${{ secrets.CLA_ACCESS_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_ACCESS_TOKEN }}
         with:
           path-to-signatures: 'signatures/version1/cla.json'
           path-to-document: 'https://github.com/mondoohq/.github/blob/master/CLA.md'