aquasecurity/tracee v0.18.0

on GitHub

Docker Image (x86_64 only)

• docker pull docker.io/aquasec/tracee:0.18.0

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.18.0
• docker pull docker.io/aquasec/tracee:aarch64-0.18.0

What's Changed

• make: set LIBBPFGO_OSRELEASE_FILE default value by @geyslan in #3226
• chore: migrate to golang-lru v2 by @NDStrahilevitz in #3140
• (extensions) probes: create probe group, events: start work by @rafaeldtinoco in #3223
• flags: refactor FilterMap by @yanivagman in #3222
• go.mod: remove types replace by @NDStrahilevitz in #3236
• containers: trim mountpoint from stored paths by @NDStrahilevitz in #3231
• docs: remove old trace subcommand by @geyslan in #3238
• ebpf: pipeline: reduce iteration over policies by @geyslan in #3209
• engine: fix panic on waitgroup by @josedonizetti in #3233
• Update packaging.md for Ubuntu package building by @pimvh in #3243
• ebpf: fix socket_accept event by @NDStrahilevitz in #3240
• fix: fix container edge case in events pipeline by @geyslan in #3253
• tracee: skip golang plugin for static binaries by @josedonizetti in #3244
• Fix typo in Vagrantfile's comment by @64J0 in #3260
• tracee: signatures-dir accept multiple values by @josedonizetti in #3246
• change hooked_syscalls event so users can specify syscalls to check. by @AsafEitani in #3136
• events: hidden_kernel_module changes by @OriGlassman in #3255
• config: extract config structs to its own pkg by @geyslan in #3228
• eBPF control plane signals by @NDStrahilevitz in #3237
• build: remove signing from snapshot by @josedonizetti in #3271
• release: bump release tag to 0.16.0 by @josedonizetti in #3272
• fix: send init events to pipeline by @geyslan in #3270
• thread-safety issues fix by @rafaeldtinoco in #3265
• fix(pkg/events): fix tailcall dependencies race issues by @rafaeldtinoco in #3274
• build: remove release on tag push by @josedonizetti in #3273
• chore: move syscaller to dist by @geyslan in #3269
• fix(tests): fix input paths in parsecmd test by @rafaeldtinoco in #3275
• tracee: add analyze cmd by @josedonizetti in #3101
• policies: rename list fields to be plural by @josedonizetti in #3242
• fix(pkg/counter): finish making counter atomic by @rafaeldtinoco in #3276
• fix: derived event not triggering if base filtered by @josedonizetti in #3280
• enrich: fixes post control plane by @NDStrahilevitz in #3285
• docs: add analyze documentation by @josedonizetti in #3292
• doc: add tutorial to verify tracee signature by @josedonizetti in #3291
• fix: signature event not triggering if base filtered by @josedonizetti in #3281
• pipeline memory efficiency using pool by @geyslan in #3297
• events: update syscall_pathname for security_file_open by @OriGlassman in #3298
• Events and Scope flags by @geyslan in #3262
• pkg/containers: fix deadlock by @josedonizetti in #3311
• [v0.16.0] chore: bump k8s tag to 0.16.1 by @josedonizetti in #3316
• docs: updating link to tracee docs for search results by @AnaisUrlichs in #3317
• feature: remove policy actions by @josedonizetti in #3314
• fix(server): re-enable prometheus counters. by @rafaeldtinoco in #3304
• fix (cgroups): already dead edge case by @NDStrahilevitz in #3325
• docs: updating policies overview by @AnaisUrlichs in #3318
• chore bump 0.16.2 by @josedonizetti in #3331
• feature(k8s): policy k8s compatible by @josedonizetti in #3330
• chore: bump k8s tag to 0.17.0 by @josedonizetti in #3336
• fix(ebpf): size of mntns/pidns filters key holders by @geyslan in #3337
• fix: validate policy names are rfc 1123 by @josedonizetti in #3335
• remove help command, create flags markdown docs by @geyslan in #3321
• fix: data source registration after NewEngine by @NDStrahilevitz in #3342
• fix(build): btfhub's bpftool in alpine container by @geyslan in #3349
• chore(build): add LOGFROM flag to check-pr rule by @geyslan in #3348
• chore(build): change check-pr output format by @geyslan in #3351
• refactor(events): new event definitions (mutable vs immutable data) by @rafaeldtinoco in #3340
• fix(filter): remove unneeded workaround by @rafaeldtinoco in #3352
• events: adjust hidden kernel module event to v6.4 by @OriGlassman in #3360
• fix(config): loading config file by @josedonizetti in #3370
• Update the URL as the old one did not lead to the grafana tutorial an… by @AnaisUrlichs in #3371
• chore(docs): add note for quote yaml value by @geyslan in #3367
• chore: bump k8s tags to 0.17.1 by @josedonizetti in #3374
• bugfix(capture): remove CONFIG_KALLSYMS_ALL dependency by @AlonZivony in #3381
• docs: additional resources for the docs by @AnaisUrlichs in #3379
• feat: add tracee rpc service by @josedonizetti in #3389
• feat: add loggers atomic level by @josedonizetti in #3391
• Add grpc server by @josedonizetti in #3390
• --help flag parsing by @geyslan in #3393
• feat: add diagnostic rpc by @josedonizetti in #3395
• Add grpc diagnostic by @josedonizetti in #3394
• fix: k8s policies tutorial by @josedonizetti in #3373
• chore(flags): change scope/event flag parsers by @geyslan in #3343
• fix: log level should match zap log priority by @josedonizetti in #3409
• fix: ignore error for cgroups that doesn't exist by @josedonizetti in #3410
• refactor: getStackAddresses doesn't return an err by @josedonizetti in #3414
• chore(revive): mitigate redundant warning by @rafaeldtinoco in #3417
• fix: committing typo by @testwill in #3418
• feature(types): add task identifier by @rafaeldtinoco in #3425
• fix(flags): use scope flag parser for policy by @geyslan in #3429
• fix: capture of writev by @roikol in #3413
• fix: fix section name for vfs_readv by @AlonZivony in #3421
• feat: filter file capture by ELF type by @AlonZivony in #3361
• docs: modifying readme by @AnaisUrlichs in #3378
• Fix(capture): fix verifier issue with elf capture by @AlonZivony in #3433
• fix: print_mem_dump fails on missing symbol by @NDStrahilevitz in #3384
• Revert "fix: print_mem_dump fails on missing symbol (#3384)" by @AlonZivony in #3436
• fix(definitions): ksymbols dependencies handled wrongly by @rafaeldtinoco in #3443
• feat: add streams by @josedonizetti in #3411
• Add definition proto by @josedonizetti in #3447
• feat: add argv to security_bprm_check by @AlonZivony in #3442
• Fix closed chan read 2 by @geyslan in #3438
• feat: add version proto by @josedonizetti in #3459
• feat: add version and description to definition by @josedonizetti in #3437
• Add enable/disable rule by @josedonizetti in #3431
• build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 by @dependabot in #3452
• Update Readme.md by @AnaisUrlichs in #3434
• chore(revive): disable unchecked-type-assertion by @geyslan in #3474
• Rename !container and binary scope filters by @geyslan in #3451
• Add definition grpc endpoint by @josedonizetti in #3450
• feat: add enable/disable event rpc by @josedonizetti in #3467
• docs: adding guidelines on contributing to the documentation by @AnaisUrlichs in #3415
• docs: changes to the policies documentation by @AnaisUrlichs in #3416
• feature(proctree): Introduce a process tree by @rafaeldtinoco in #3364
• chore(libbpfgo): bump to v0.5.0-libbpf-1.2 by @geyslan in #3482
• chore(ebpf): not fail if some ksymbol is not found by @geyslan in #3476
• chore(tests): comment out init sighup test by @geyslan in #3483
• fix: remove params from event definition proto by @josedonizetti in #3485
• feat: add event enable/disable by @josedonizetti in #3466
• feat: add enable/disable event grpc endpoint by @josedonizetti in #3487
• feat: Add new event structure by @josedonizetti in #3465
• fix: regenerate definition.pb.go by @josedonizetti in #3490
• feat: add StreamEvents rpc by @josedonizetti in #3491
• fix: GetEventDefinition doesn't have params by @josedonizetti in #3492
• fix: rename policy apiVersion and kind by @josedonizetti in #3484
• fix(proctree): include thread group leader in threads LRU map by @rafaeldtinoco in #3494
• fix(ebpf): fix symbol name on error by @geyslan in #3497
• fix: stackaddress needs to have symbol name by @josedonizetti in #3499
• Revert "fix(ebpf): fix symbol name on error" by @geyslan in #3501
• feat: add event_data to event proto by @josedonizetti in #3496
• Add streams endpoint by @josedonizetti in #3493
• fix(packaging): adjust ubuntu and fedora packaging by @rafaeldtinoco in #3502
• fix(ebpf): triggerMemDump check all filters by @geyslan in #3504
• Types change for #3503 by @rafaeldtinoco in #3506
• events: add ftrace_hook event by @OriGlassman in #3412
• fix: fix uint and string types by @josedonizetti in #3507
• feat(event): export thread, process and parent entity id by @AlonZivony in #3503
• feat(types): add proctree datasource by @AlonZivony in #3509
• fix: make types uniform with wrappers by @josedonizetti in #3512
• fix: fix tactic, and int32_array names by @josedonizetti in #3514
• Chore build by @rafaeldtinoco in #3513
• Log probe attachment error, continue running by @geyslan in #3495
• fix: convert []trace.Argument into map<string,EventData> by @josedonizetti in #3510
• fix: link cosign tutorial to mkdocs.yml by @josedonizetti in #3515
• fix(proctree): allow regular events to create proctree nodes by @rafaeldtinoco in #3498
• docs: Fix incorrect flags and usage documentation for unlinkat by @kdrag0n in #3306
• chore(vagrant): add support to arm64 architecture by @geyslan in #3464
• fix(Vagrantfile): wrong var reference by @geyslan in #3523
• docs: running tracee docker container on amd64 and arm64 by @AnaisUrlichs in #3456
• feat(proctree): create process tree data source by @rafaeldtinoco in #3522
• feat(types): add executable to event by @AlonZivony in #3524
• docs(contributing): update vagrant hypervisor info by @geyslan in #3525
• feature(proctree): enrich events with executable from proctree by @rafaeldtinoco in #3526
• chore(k8s): bump k8s tag to v0.18.0 by @rafaeldtinoco in #3527

New Contributors

• @pimvh made their first contribution in #3243
• @64J0 made their first contribution in #3260
• @testwill made their first contribution in #3418
• @kdrag0n made their first contribution in #3306

Full Changelog: v0.15.1...v0.18.0