Merge branch 'main' into dg-refactor-cloud-logs-wf

.ci/updatecli/updatecli.d/update-beats.yml

@@ -16,7 +16,7 @@ scms:
 
 actions:
   default:
-    title: '[updatecli] Update to elastic/beats@{{ source "beats" }}'
+    title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update to elastic/beats@{{ source "beats" }}'
     kind: github/pullrequest
     scmid: default
     spec:

.ci/updatecli/updatecli.d/update-golang.yml

@@ -16,16 +16,16 @@ scms:
 
 actions:
   cloudbeat:
-    title: '[updatecli] Update Golang version to {{ source "latestGoVersion" }}'
+    title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update Golang version to {{ source "latestGoVersion" }}'
     kind: github/pullrequest
     scmid: default
     sourceid: latestGoVersion
     spec:
       automerge: false
       labels:
         - automation
+        - backport-skip
         - dependency
-        - backport-v8.x
         - go
       description: |-
         ### What

.ci/updatecli/updatecli.d/update-hermit.yml

@@ -16,14 +16,14 @@ scms:
 
 actions:
   default:
-    title: '[updatecli] Update hermit and pre-commit dependencies'
+    title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update hermit and pre-commit dependencies'
     kind: github/pullrequest
     scmid: default
     spec:
       automerge: false
       labels:
         - automation
-        - backport-v8.x
+        - backport-skip
         - dependency
       description: |-
         ### What

.ci/updatecli/updatecli.d/update-mods.yml

@@ -16,14 +16,14 @@ scms:
 
 actions:
   default:
-    title: '[updatecli] Update golang mod dependencies'
+    title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update golang mod dependencies'
     kind: github/pullrequest
     scmid: default
     spec:
       automerge: false
       labels:
         - automation
-        - backport-v8.x
+        - backport-skip
         - dependency
         - go
       description: |-

.github/dependabot.yml

@@ -2,9 +2,12 @@
 
 version: 2
 updates:
-  # Maintain dependencies for go.mod
+  # Maintain dependencies for go.mod main branch
   - package-ecosystem: "gomod"
     directory: "/"
+    commit-message:
+      include: scope
+      prefix: "main"
     groups:
       azure:
         patterns:
@@ -26,24 +29,83 @@ updates:
         patterns:
           - "github.com/aquasecurity/*"
     labels:
-      - "backport-v8.x"
       - "dependency"
+      - "backport-skip"
       - "go"
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 2
     # elastic/beats is using v7 in their go.mod, leading to automatic updates not working. Manual update is needed with
     # go get -u github.com/elastic/beats/v7@<commit sha>
     ignore:
       - dependency-name: "github.com/elastic/beats/v7"
     schedule:
       interval: "monthly"
 
+  # Maintain dependencies for go.mod 8.x branch
+  - package-ecosystem: "gomod"
+    target-branch: "8.x"
+    directory: "/"
+    commit-message:
+      include: scope
+      prefix: "8.x"
+    groups:
+      azure:
+        patterns:
+          - "github.com/Azure/*"
+      aws:
+        patterns:
+          - "github.com/aws/*"
+      google:
+        patterns:
+          - "cloud.google.com/*"
+          - "google.golang.org/api"
+      elastic:
+        patterns:
+          - "github.com/elastic/*"
+      k8s:
+        patterns:
+          - "k8s.io/*"
+      trivy:
+        patterns:
+          - "github.com/aquasecurity/*"
+    labels:
+      - "dependency"
+      - "backport-skip"
+      - "go"
+    open-pull-requests-limit: 2
+    # elastic/beats is using v7 in their go.mod, leading to automatic updates not working. Manual update is needed with
+    # go get -u github.com/elastic/beats/v7@<commit sha>
+    ignore:
+      - dependency-name: "github.com/elastic/beats/v7"
+    schedule:
+      interval: "monthly"
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: ".github/workflows"
+    schedule:
+      interval: "monthly"
+    labels:
+      - "dependency"
+      - "github_actions"
+    groups:
+      artifact:
+        patterns:
+        - "actions/download-artifact"
+        - "actions/upload-artifact"
+    ignore:
+        # Skip versions 4.x upload-artifact and download-artifact due to this issue: https://github.com/actions/upload-artifact/issues/478
+      - dependency-name: "actions/download-artifact"
+        versions: [">=4.0.0"]
+      - dependency-name: "actions/upload-artifact"
+        versions: [">=4.0.0"]
+
   # Maintain dependencies for GitHub Actions
   - package-ecosystem: "github-actions"
     directory: ".github/workflows"
+    target-branch: "8.x"
     schedule:
       interval: "monthly"
     labels:
-      - "backport-v8.x"
       - "dependency"
       - "github_actions"
     groups:

.github/workflows/updatecli.yml

@@ -43,22 +43,23 @@ env:
 
 jobs:
   updatecli:
-    name: Update ${{ matrix.pipeline-name }} dependencies
+    name: "[${{ matrix.git-branch }}] Update ${{ matrix.pipeline-name }} dependencies"
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         pipeline-name: [ beats, golang, hermit, mods ]
+        git-branch: [ main, 8.x ]
     steps:
       - uses: actions/checkout@v4
       - name: Init Hermit
         run: ./bin/hermit env -r >> $GITHUB_ENV
       - name: Install Updatecli in the runner
-        uses: updatecli/updatecli-action@92a13b95c2cd9f1c6742c965509203c6a5635ed7 # v0.76.1
+        uses: updatecli/updatecli-action@704a64517239e0993c5e3bf6749a063b8f950d9f # v0.76.1
       - name: Run Updatecli in Apply mode
         run: updatecli apply --config .ci/updatecli/updatecli.d/update-${{ matrix.pipeline-name }}.yml --values .ci/updatecli/values.yml
         env:
-          GIT_BRANCH: main
+          GIT_BRANCH: ${{ matrix.git-branch }}
           GIT_USER: "Cloud Security Machine"
           GITHUB_TOKEN: ${{ secrets.CLOUDSEC_MACHINE_TOKEN }}
 
@@ -84,7 +85,7 @@ jobs:
 
           echo "GIT_BRANCH=$branchName" >> $GITHUB_ENV
       - name: Install Updatecli in the runner
-        uses: updatecli/updatecli-action@92a13b95c2cd9f1c6742c965509203c6a5635ed7 # v0.76.1
+        uses: updatecli/updatecli-action@704a64517239e0993c5e3bf6749a063b8f950d9f # v0.76.1
       - name: Run Updatecli in Apply mode
         run: updatecli apply --config .ci/updatecli/updatecli.d/update-${{ matrix.pipeline-name }}.yml --values .ci/updatecli/values.yml
         env:

.go-version

@@ -1 +1 @@
-1.23.2
+1.23.3

.pre-commit-config.yaml

@@ -77,7 +77,7 @@ repos:
         files: deploy/cloudformation/.*yml
 
   - repo: https://github.com/aws-cloudformation/cfn-lint
-    rev: v1.18.4
+    rev: v1.19.0
     hooks:
       - id: cfn-python-lint
         files: deploy/cloudformation/.*.yml
@@ -184,7 +184,7 @@ repos:
         files: security-policies/.*\.(md|markdown)$
 
   - repo: https://github.com/StyraInc/regal
-    rev: v0.28.0
+    rev: v0.29.0
     hooks:
       - id: regal-lint
         args: [security-policies/bundle]

bin/aws

@@ -1 +1 @@
-.awscli-2.19.4.pkg
+.awscli-2.20.0.pkg

bin/aws_completer

@@ -1 +1 @@
-.awscli-2.19.4.pkg
+.awscli-2.20.0.pkg

bin/bq

@@ -1 +1 @@
-.gcloud-500.0.0.pkg
+.gcloud-501.0.0.pkg

bin/docker-credential-gcloud

@@ -1 +1 @@
-.gcloud-500.0.0.pkg
+.gcloud-501.0.0.pkg

bin/elastic-package

@@ -1 +1 @@
-.elastic-package-0.106.0.pkg
+.elastic-package-0.107.0.pkg

bin/gcloud

@@ -1 +1 @@
-.gcloud-500.0.0.pkg
+.gcloud-501.0.0.pkg

bin/git-credential-gcloud.sh

@@ -1 +1 @@
-.gcloud-500.0.0.pkg
+.gcloud-501.0.0.pkg

bin/go

@@ -1 +1 @@
-.go-1.23.2.pkg
+.go-1.23.3.pkg

bin/gofmt

@@ -1 +1 @@
-.go-1.23.2.pkg
+.go-1.23.3.pkg

bin/gsutil

@@ -1 +1 @@
-.gcloud-500.0.0.pkg
+.gcloud-501.0.0.pkg

bin/regal

@@ -1 +1 @@
-.regal-0.28.0.pkg
+.regal-0.29.0.pkg

docs/version.asciidoc

@@ -1,6 +1,6 @@
 // doc-branch can be: master, 8.1, 8.2, etc.
 :doc-branch: master
-:go-version: 1.23.2
+:go-version: 1.23.3
 :python: 3.7
 :docker: 1.12
 :docker-compose: 1.11

go.mod

@@ -36,9 +36,9 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.28.4
 	github.com/aws/aws-sdk-go-v2/service/iam v1.37.4
 	github.com/aws/aws-sdk-go-v2/service/kms v1.37.5
-	github.com/aws/aws-sdk-go-v2/service/lambda v1.65.0
+	github.com/aws/aws-sdk-go-v2/service/lambda v1.66.0
 	github.com/aws/aws-sdk-go-v2/service/organizations v1.34.5
-	github.com/aws/aws-sdk-go-v2/service/rds v1.89.1
+	github.com/aws/aws-sdk-go-v2/service/rds v1.89.2
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.66.3
 	github.com/aws/aws-sdk-go-v2/service/s3control v1.50.0
 	github.com/aws/aws-sdk-go-v2/service/securityhub v1.54.6
@@ -47,7 +47,7 @@ require (
 	github.com/aws/smithy-go v1.22.0
 	github.com/dgraph-io/ristretto v1.0.0
 	github.com/djherbis/times v1.6.0
-	github.com/elastic/beats/v7 v7.0.0-alpha2.0.20241108132703-bfaa70fa9ae8
+	github.com/elastic/beats/v7 v7.0.0-alpha2.0.20241112152748-ce4a17b3a960
 	github.com/elastic/e2e-testing v1.2.3
 	github.com/elastic/elastic-agent-autodiscover v0.9.0
 	github.com/elastic/elastic-agent-client/v7 v7.16.0
@@ -62,6 +62,9 @@ require (
 	github.com/huandu/xstrings v1.5.0
 	github.com/magefile/mage v1.15.0
 	github.com/masahiro331/go-xfs-filesystem v0.0.0-20231205045356-1b22259a6c44
+	github.com/microsoft/kiota-abstractions-go v1.7.0
+	github.com/microsoftgraph/msgraph-sdk-go v1.51.0
+	github.com/microsoftgraph/msgraph-sdk-go-core v1.2.1
 	github.com/mikefarah/yq/v4 v4.44.3
 	github.com/mitchellh/gox v1.0.1
 	github.com/mitchellh/mapstructure v1.5.0
@@ -75,7 +78,7 @@ require (
 	go.uber.org/goleak v1.3.0
 	go.uber.org/zap v1.27.0
 	go.uber.org/zap/exp v0.3.0
-	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
+	golang.org/x/lint v0.0.0-20241112194109-818c5a804067
 	golang.org/x/oauth2 v0.24.0
 	google.golang.org/api v0.205.0
 	gopkg.in/yaml.v2 v2.4.0
@@ -103,6 +106,7 @@ require (
 	github.com/bitnami/go-version v0.0.0-20231130084017-bb00604d650c // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
+	github.com/cjlapao/common-go v0.0.41 // indirect
 	github.com/containerd/cgroups/v3 v3.0.2 // indirect
 	github.com/containerd/containerd/api v1.7.19 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
@@ -130,6 +134,12 @@ require (
 	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
 	github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
 	github.com/mattn/go-shellwords v1.0.12 // indirect
+	github.com/microsoft/kiota-authentication-azure-go v1.1.0 // indirect
+	github.com/microsoft/kiota-http-go v1.4.5 // indirect
+	github.com/microsoft/kiota-serialization-form-go v1.0.0 // indirect
+	github.com/microsoft/kiota-serialization-json-go v1.0.8 // indirect
+	github.com/microsoft/kiota-serialization-multipart-go v1.0.0 // indirect
+	github.com/microsoft/kiota-serialization-text-go v1.0.0 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/sys/user v0.3.0 // indirect
 	github.com/moby/sys/userns v0.1.0 // indirect
@@ -143,11 +153,13 @@ require (
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect
 	github.com/sassoftware/go-rpmutils v0.4.0 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
+	github.com/shirou/gopsutil/v4 v4.24.7 // indirect
 	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/sigstore/cosign/v2 v2.2.4 // indirect
 	github.com/sigstore/sigstore v1.8.3 // indirect
 	github.com/sigstore/timestamp-authority v1.2.2 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/std-uritemplate/std-uritemplate/go v1.0.6 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
 	github.com/theupdateframework/go-tuf v0.7.0 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
@@ -287,7 +299,7 @@ require (
 	github.com/eapache/go-resiliency v1.2.0 // indirect
 	github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21 // indirect
 	github.com/eapache/queue v1.1.0 // indirect
-	github.com/elastic/elastic-agent-system-metrics v0.11.1 // indirect
+	github.com/elastic/elastic-agent-system-metrics v0.11.4 // indirect
 	github.com/elastic/go-concert v0.3.0 // indirect
 	github.com/elastic/go-lumber v0.1.2-0.20220819171948-335fde24ea0f // indirect
 	github.com/elastic/go-seccomp-bpf v1.4.0 // indirect
@@ -324,7 +336,7 @@ require (
 	github.com/go-sourcemap/sourcemap v2.1.3+incompatible // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
-	github.com/goccy/go-yaml v1.13.7 // indirect
+	github.com/goccy/go-yaml v1.14.0 // indirect
 	github.com/gofrs/flock v0.12.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
@@ -342,7 +354,7 @@ require (
 	github.com/google/licenseclassifier/v2 v2.0.0 // indirect
 	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.6.0 // indirect
+	github.com/google/uuid v1.6.0
 	github.com/google/wire v0.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect