Skip to main content

4.0.0

Resoto is now Fix Inventory. This wasn't originally planned, but an idea that Matthias came up with a few weeks ago.

We updated our GitHub README to list and explain the various components of Fix, and the list looked like this:

  • fixfrontend
  • fixbackend
  • resoto
  • fixcf
  • fixca
  • fixbackup
  • fixcloudutils

As you can see (and as Sesame Street has taught us), one of these things is not like the others.

Migration

We dislike breaking changes and are fans of backward compatibility, so will do our best to make the product rename as non-intrusive as possible and provide a smooth migration path.

(In fact, one reason why we didn't just remove Resoto UI and cut a new release is because we don't want people who have container images pinned to :latest to be surprised by its removal.)

  • Resoto 3.9 was the final release with Resoto UI, and also the last release named "Resoto."

    The Resoto website and documentation at resoto.com will be maintained for at least a couple of months.

  • The GitHub repository was renamed from resoto to fixinventory, and the first version of Fix Inventory is tagged 4.0.

    We have launched inventory.fix.security with documentation for Fix Inventory 4.0+ (separate and distinct from the Fix SaaS product website and documentation to avoid confusion).

To migrate to Fix Inventory, all you need to do is rename any container currently called resoto… to fix…. So, resotocore becomes fixcore, resotoworker will be fixworker, resotoshell will be fixshell, etc. Within Fix Inventory, we'll handle the heavy lifting for you, including data migrations and configuration updates.

Highlights

So, what new features does Fix Inventory 4.0 contain?

  • Microsoft Azure support: If you have a multi-cloud environment, you will now find all of your AWS, Google Cloud, and Azure resources inside a single inventory.

  • Updated AWS benchmarks: We have updated the CIS AWS Benchmark from version 1.5 to 2.0. We have also added the AWS Well-Architected Framework Security Pillar.

  • AWS Organizations: You will now see your Organization structure in the graph, right below the cloud level.

  • LoadLens: LoadLens enriches the graph with usage metrics, allowing you to view the minimum, maximum, and average CPU, memory, and disk usage of your compute and storage resources in a new /usage section. This enables the creation of dashboards that display comprehensive resource usage across your cloud infrastructure.

    The data for these metrics is sourced from AWS CloudWatch, Google Cloud Monitoring, and Azure Monitor. We adjust the period and granularity of the data retrieval to align with your configured collection interval, ensuring no metrics are overlooked.

For more details, see the changelog below.

Introducing Fix

We are also excited to announce Fix Security, our cloud asset inventory and CSPM system. Fix is a SaaS solution encompassing the inventory and security benchmarks components of Resoto, hosted by us.

Sign up today at https://fix.security and get one cloud account free, forever.

Open Source for Transparency

Like Resoto, Fix is fully open source. We strongly believe that if you trust us with your infrastructure data, you have a right to see exactly how we are collecting it and what we are doing with it.

We decided to open source every component of our SaaS, from the frontend and backend code to internal scripts that create database backups.

However—Fix is very opinionated, with many dependencies on third-party systems, payment interfaces, OAuth providers, infrastructure provisioning tools, etc.—so, while technically possible, this decision was not so much about offering an option to self-host but for transparency.

Dedicated Databases for Security

If you are familiar with Resoto, you know that we use ArangoDB to store infrastructure data.

Fix allocates a dedicated database instance to every customer, meaning your cloud infrastructure data is never commingled in a shared database with other Fix customer data.

This architecture not only segregates customer data (enhancing privacy), but also mitigates a range of security vulnerabilities associated with shared databases, such as SQL injection attacks.

Affordable Pricing

If you look at the current cloud security space, most commercial offerings target enterprise customers and come with steep six-figure price tags and multi-year contracts.

We firmly believe that every cloud user should be able to afford a secure cloud infrastructure.

Fix is priced fairly and competitively. Fix also doesn't require you to talk to a sales rep or have a solutions architect on-site for several days; anyone can sign up and try Fix before making a purchase decision.

Sunsetting Resoto UI

In the last four months, we've taken a good, hard look at Resoto. We analyzed the functionality people are using—what is there but rarely or never used, and what is missing despite being in the backlog for years.

One of the biggest pain points has always been the WebAssembly-based Resoto UI.

Developent Burden

We originally decided to use the Godot game engine to build Resoto UI because Godot compiles to Wasm and runs in the browser, comes with built-in UI elements, and has 2D and 3D acceleration (good for rendering the graph).

However, in practice, this decision turned out to be very problematic: the Wasm and WebGL browser support was not what we expected.

Companies often lag behind the latest browser versions, and many don't have dedicated graphics cards. Some browsers only supported WebGL 1.0, others 2.0 but not 1.0, and you can basically forget about mobile (especially on iOS, unless you enjoy interfaces moving at two frames per second).

The issues started with minor things like clipboard functionality (copy and paste) not working in all browsers. In those browsers that did offer support, users were presented with a security pop-up to allow Resoto UI clipboard access. There was also no abstraction for key combinations. Instead, Resoto UI received raw key presses and had to detect your operating system to support to Ctrl+C/V on Linux or Windows and Command+C/V on Mac—this sometimes worked but often didn't.

Then, we discovered that some graphics shaders worked on some browser versions and with some graphics card drivers but not others. Symptoms ranged from crashing a browser tab to locking up an entire M1-based Macbook.

Wasm also doesn't play nicely with certain browser extensions that capture key events, preventing our app from receiving them. Many features that would have been available out-of-the-box in the Web world required custom implementations and workarounds, adding to the development burden and increasing the complexity of Resoto UI.

Lack of Adoption

Looking at our PostHog metrics, we saw that hardly anyone continued to use Resoto UI after running the initial setup wizard—most work was done in Resoto's CLI. In hindsight, this is hardly surprising given the poor UX. We decided to drop support for Resoto UI in Fix Inventory.

Despite these challenges noted above, Godot is nevertheless a great engine; we simply used it for a purpose it wasn't built for. Godot's capabilities for game development are outstanding, and our experience shouldn't detract from its potential in its intended use cases.

And—before the rumor mill gets going, let's set the record straight: the decision to sunset the UI wasn't a sneaky move to push our SaaS. 😉 If you look at the Resoto UI GitHub repository, you will find that the last commit was over seven months ago, long before we began to build Fix Security.

What's Changed

Features

  • 93bfd686 azure Add new edges between resources (#1954)
  • 94d7f6a6 core Migrate existing resoto data and configs (#1962)
  • ced24bdf aws Adjust ec2 network metrics collection (#1940)
  • 111ed2af Introduce managed_kubernetes_cluster and clean up collect (#1939)
  • 36312474 azure AKS collecting (#1926)
  • 4011f205 resotocore introduce refine-resource-data command (#1937)

Fixes

  • 293b3e75 lib Make overrides backwards compatible (#1972)
  • 17098877 Ensure backwards compatibility (#1971)
  • 6aefe6f9 Use fixinventory instead of fix (#1970)
  • 7d348d65 Update core env prefix (#1969)
  • e7be81a9 ci Remove duplicate docker-compose up -d (#1968)
  • 1ddddd53 Correct Badges (#1966)
  • 44b5a6ee ci Bump peter-evans/create-pull-request to v6 (#1967)
  • 7066f4fb core Restore SVG (#1964)
  • 6ab2ad72 core Update logo (#1961)
  • bf9bf8b3 core Wait after stdout/stderr has been read (#1963)
  • 57a5a377 more typos (#1960)
  • 73f26fbe core Updated logo (#1959)
  • ab21ad73 Update Fix -> FixInventory (#1957)
  • debafe46 remove dist folder (#1956)
  • 782c8f5a Update Fix -> FixInventory (#1955)
  • d4a41734 Update runuser (#1950)
  • 9543c40d docker Outdated home path (#1948)
  • 7025a928 use correct secret name (#1947)
  • 3b081782 do not publish resoto images (#1946)
  • 35e9718e fix policy gen path (#1945)
  • a497b4ff fix policy gen requirements (#1944)

Chores

  • a618166b Bump 4.0.0 (#1973)
  • 09db99ca core Remove resoto-ui and show static HTML page instead. (#1965)
  • d9105fb0 Bump 4.0.0a4 (#1958)
  • f70de397 FixInventory -> Fix Inventory (#1952)
  • c37c3528 ci Update publish workflow (#1953)
  • d889d2e4 Remove graph view (#1951)
  • 81b7c881 Bump 4.0.0a3 (#1949)
  • 2393592c Rename Resoto -> Fix (#1943)
  • 8e306a10 Rename Docker components Resoto -> Fix Inventory (#1942)
  • 12024086 Bump 4.0.0 (#1935)
  • 593b5cc2 ci Bypass waits when publish workflow triggered manually (#1936)

Docker Images

  • somecr.io/someengineering/fixcore:4.0.0
  • somecr.io/someengineering/fixworker:4.0.0
  • somecr.io/someengineering/fixshell:4.0.0
  • somecr.io/someengineering/fixmetrics:4.0.0