aquasecurity/tracee v0.20.0 on GitHub

Docker Image

docker pull docker.io/aquasec/tracee:0.20.0

Docker Images (per architecture)

docker pull docker.io/aquasec/tracee:x86_64-0.20.0
docker pull docker.io/aquasec/tracee:aarch64-0.20.0

What's Changed

docs(mkdocs): rename crs to cri in menu by @rafaeldtinoco in #3671
Add verify-docs job by @geyslan in #3672
rebase of #3638 by @rafaeldtinoco in #3683
Fix readme by @rafaeldtinoco in #3686
chore(container): same default events as k8s deployment by @rafaeldtinoco in #3687
fix(ebpf): use ts as fd_arg_path_map key by @geyslan in #3674
fix(finding): add missing fields by @NDStrahilevitz in #3694
refactor(engine): feed engine with signatures events by @AlonZivony in #3681
feat(signatures): add simple proctree datasource envelope by @AlonZivony in #3692
Make filtered aggregation possible by @geyslan in #3677
feature(types): add packet metadata type by @NDStrahilevitz in #3708
Packet direction flag by @NDStrahilevitz in #3706
minor fix on top of #3707 by @rafaeldtinoco in #3709
probes: improve probes by having specific getters by @rafaeldtinoco in #3710
feat(types): time relevant info for proctree by @AlonZivony in #3712
docs: add discussion template for adopters by @AnaisUrlichs in #3702
Feature/proctree query time by @AlonZivony in #3691
Feature: DNS Cache datasource by @NDStrahilevitz in #3679
chore: rename Context to EventContext by @geyslan in #3716
Pin pandoc version to 3.1.2 by @geyslan in #3720
libbpfgo bump to v0.6.0-libbpf-1.3 by @geyslan in #3713
make #3715 pass doc verification by @rafaeldtinoco in #3721
chore(ci): bump changed-files to v40.2.0 by @geyslan in #3723
bugfix(ebpf): avoid errors upon hash calc fail by @AlonZivony in #3733
fix: webhook template should support sprig funcs by @josedonizetti in #3724
feature: add ctime to containers data source by @NDStrahilevitz in #3728
chore(release): use go1.20 for releasing by @rafaeldtinoco in #3740
chore: fix typo by @josedonizetti in #3736
fix(release): tracee-container alpine version to 3.18 by @rafaeldtinoco in #3744
Network: add net_tcp_connect event with DNS support by @rafaeldtinoco in #3738
chore: refer to man pages by @geyslan in #3749
feature: pluggable datasources by @josedonizetti in #3737
Bugfix/parse finding type correctly by @AlonZivony in #3760
Writeable datasource types by @NDStrahilevitz in #3759
feature(api): add data source grpc service by @NDStrahilevitz in #3761
chore(api): fix typo by @NDStrahilevitz in #3762
chore(makefile): fix doube-quoted version string by @rafaeldtinoco in #3764
feat(ebpf): optimize sendmsg/recvmsg kprobes by @NDStrahilevitz in #3766
feature(event): create net_flow_tcp_begin event by @rafaeldtinoco in #3750
fix(network): fix http request/response events by @rafaeldtinoco in #3770
chore: update proto types by @josedonizetti in #3772
chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #3773
fix(ebpf): adjust inode struct to kernel v6.6 by @NDStrahilevitz in #3769
feat(types): improve datasource write api by @NDStrahilevitz in #3763
fix: filter dispatching to signatures by @NDStrahilevitz in #3729
feature: Add name and properties to Threat, and add Threat to Event definition. by @josedonizetti in #3742
feature: writeable data source by @NDStrahilevitz in #3725
Improve performance of exec-hash by @NDStrahilevitz in #3752
fix: create pid file under install-path by @NDStrahilevitz in #3775
feature: add signature name to event definition by @josedonizetti in #3743
add Struct type and detect.FindingData by @josedonizetti in #3776
Fix dynamic data arguments by @josedonizetti in #3777
chore(derive/http): change log level when packets are malformed by @NDStrahilevitz in #3780
Types protected finding by @NDStrahilevitz in #3782
Protected finding data by @NDStrahilevitz in #3779
chore(deps): bump tj-actions/changed-files from 40.2.0 to 41.0.0 in /.github/workflows by @dependabot in #3788
fix: use thread safe wrapper for ksyms table by @NDStrahilevitz in #3786
fix: triggeredBy should print event on table output by @josedonizetti in #3792
fix(doc): contribution document link by @yasindce1998 in #3794
Pin revive version by @geyslan in #3796
fix(ebpf): fix hidden_kernel_module error in some kernels by @OriGlassman in #3797
fix(events): restore dependency in hooked_syscall by @NDStrahilevitz in #3784
Introduce Policies versioning (map of maps) by @geyslan in #3305
Update Golang in all Project by @rafaeldtinoco in #3806
chore(docs): specify distros and versions support by @rafaeldtinoco in #3808
Remove BPF map macros by @geyslan in #3735
Fix event data structure by @josedonizetti in #3812
Fix symbol multi addrs by @rafaeldtinoco in #3802
chore(ci): add mantic 6.6 AMIs by @geyslan in #3810
fix(capture): restore absolute time in pcap frames by @AlonZivony in #3800
Update api types by @josedonizetti in #3814
feat(signatures): expose signatures helpers as Go module by @AlonZivony in #3765
chore(deps): bump github.com/containerd/containerd from 1.7.0 to 1.7.11 by @dependabot in #3816
Make policies config versioned by @geyslan in #3809
chore: remove replace of signatures helpers by @AlonZivony in #3819
grpc: fix nil arguments by @josedonizetti in #3823
chore: remove clang march flag by @geyslan in #3831
chore: increase vb resources by @geyslan in #3833
fix: skip timestamp normalizing in derived events by @NDStrahilevitz in #3835
fix: change missing probe log level by @josedonizetti in #3836
chore(deps): bump github.com/opencontainers/runc from 1.1.7 to 1.1.12 by @dependabot in #3837
Fix ArgsNum by @geyslan in #3839
Fix typo in kubernetes install guide by @logicfox in #3846
Various cgroup and mounting fixes and optimizations by @NDStrahilevitz in #3829
fix(processors): change args values by name by @AlonZivony in #3838
Set exec-hash default option by @geyslan in #3852
chore(k8s): prepare v0.20.0 release by @geyslan in #3853

New Contributors

@yasindce1998 made their first contribution in #3794
@logicfox made their first contribution in #3846

Full Changelog: v0.19.0...v0.20.0