Docker Image
docker pull docker.io/aquasec/tracee:0.23.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.23.0docker pull docker.io/aquasec/tracee:aarch64-0.23.0
What's Changed
- chore(ci): update release amis by @geyslan in #4269
- fix(build): set
GOTOOLCHAIN="auto"for alpine by @geyslan in #4271 - fix: release snapshot target arch by @rscampos in #4274
- Process execute failed by @OriGlassman in #4233
- update go.sum and go.mod with grpc change by @OriGlassman in #4280
- fix: process_execute_failed use correct lru by @OriGlassman in #4283
- Remove irrelevant context from uprobe based events by @oshaked1 in #4284
- chore: use 6.2.0-1018-aws kernel by @geyslan in #4275
- update syscall table: lookup_dcookie is removed by @OriGlassman in #4286
- container enrichment fixes and improvements by @NDStrahilevitz in #4276
- chore(k8s): prepare v0.22.1 release by @rscampos in #4295
- chore!: rollback proctree to simple LRU by @geyslan in #4299
- Fix
timespec_targs not being submitted to userspace by @oshaked1 in #4301 - Events flags embedding by @geyslan in #4191
- feat(time)!: epoch timestamps as standard by @NDStrahilevitz in #4252
- sched_process_exec: don't drop event in capture exec by @OriGlassman in #4310
- chore: deactive performance gate by @NDStrahilevitz in #4309
- chore(deps): bump github.com/open-policy-agent/opa from 0.64.1 to 0.68.0 by @dependabot in #4315
- chore: sig helper clone metadata by @rscampos in #4317
- fix(tests): possible goroutine leak by @geyslan in #4306
- chore(tests): increase Tracee startup timeout by @geyslan in #4318
- Documentation patch by @ShohamBit in #4303
- Revert "chore: sig helper clone metadata" by @rscampos in #4319
- Revert "perf: benchmark improve sig GetMetadata" by @rscampos in #4320
- Revert "chore(sig): define signature metadata statically" by @rscampos in #4321
- chore(k8s): prepare v0.22.2 release by @rscampos in #4322
- change argv to args by @ShohamBit in #4304
- chore: remove deprecated debug-shell by @geyslan in #4308
- fix(proctree): possible sync.Once data race by @geyslan in #4307
- fix(ebpf): set pipeline chan size from config by @geyslan in #4329
- chore(ci): add possibility of ff merging via ui by @geyslan in #4333
- chore(types): add Zero field to ArgMeta by @geyslan in #4340
- Handle zero-value types for unavailable fields - ArgMeta by @geyslan in #4336
- remove policy and capture form docs by @ShohamBit in #4343
- Signatures helpers improvement by @geyslan in #4345
- feat: remove default usage of parse-arguments by @geyslan in #4331
- feat(events): add chmod_common event by @OriGlassman in #4339
- register normalizeTimeArg processor only when proctree is on by @geyslan in #4332
- Fix arg zero parse types and core typo by @geyslan in #4357
- fix: print err when parseArgument() fails by @geyslan in #4355
- feat(ebpf): restrict set_fs_pwd to (f)chdir syscall by @OriGlassman in #4359
- feat(events): change log level in hooked_syscall by @OriGlassman in #4366
- fix(events): check if init finished in hidden kernel module by @OriGlassman in #4367
- /proc parsing refactor by @geyslan in #4364
- changed process filter to scope filters by @ShohamBit in #4371
- fix(mount): reintroduce root path requirement by @NDStrahilevitz in #4328
- chore(k8s): prepare v0.22.3 release by @rscampos in #4374
- analyze: enable sigs consuming sigs by @NDStrahilevitz in #4327
- fix(engine): restrict finding feedback by @NDStrahilevitz in #4377
- fix(events): fix slice out of bounds in hidden_kernel_module by @OriGlassman in #4379
- chore(k8s): prepare v0.22.4 release by @geyslan in #4382
- Refactor filter matching by @yanivagman in #4376
- fix(epbf): fix behavior of
has_prefix()and addstrncmp()by @oshaked1 in #4394 - perf: remove sys_enter/exit dependency from default event set by @yanivagman in #4389
- feat(helpers): GetProtoHTTPRequestByName/GetProtoHTTPResponseByName by @rscampos in #4392
- Refactor: Restructure event and rename context by @yanivagman in #4390
- refactor: Rename event parameters to fields by @yanivagman in #4398
- Add
suspicious_syscall_sourceevent by @oshaked1 in #3953 - chore(api): bump grpc and protoc versions by @geyslan in #4405
- chore(grpc): bump api to latest 715b629 by @geyslan in #4407
- chore(api): add EventCounts to GetMetricsResponse by @geyslan in #4408
- Perf event writes metric by @geyslan in #4334
- fix(tests): possible out of range in integration by @geyslan in #4305
- feat(test): e2e integration test for new helpers by @rscampos in #4354
- Refactor policy by @yanivagman in #4400
- Analyze legacy output by @NDStrahilevitz in #4385
- fix(epbf): fix incorrect parsed syscall name by @oshaked1 in #4402
- fix(build): fix build checkers for goimports by @geyslan in #4417
- fix hidden_kernel_module history scan for kernels >6.2 by @OriGlassman in #4378
- fix: Remove unnecessary check for syscall wrapper in sys_enter tracepoint by @yanivagman in #4236
- chore(k8s): prepare v0.22.5 release by @geyslan in #4421
- Add security_path_notify test to PR workflow by @oshaked1 in #3926
- chore(GH): pin ubuntu (22.04) version for gh runners by @rscampos in #4428
- chore(deps): bump golang.org/x/crypto from 0.26.0 to 0.31.0 by @dependabot in #4429
- Data filter in kernel by @rscampos in #4324
- fix: optimize proctree memory consumption by @geyslan in #4384
- fix(ci): add runner type to release workflows by @geyslan in #4436
- chore: add kernel 6.8 and 6.10 in matrix images by @rscampos in #4434
- chore(ebpf): refactor reset_event_args_buf to mark entries as invalid by @rscampos in #4437
- fix(ci): set 2XLARGE runner type to x86_64 by @geyslan in #4438
- Refactor: Remove Rego signature support by @yanivagman in #4426
- fix release tarball static binaries & make daily building faster by @geyslan in #4444
- fix(ebpf): adjust inode struct to kernel v6.11 by @rscampos in #4457
- chore(test): use cat cmd to trigger magic_write event by @rscampos in #4454
- chore: pin ubuntu:latest for gh runners / trigger magic_write event by @rscampos in #4455
- Revert "feat(helpers): unparsed flag helpers" by @yanivagman in #4462
- Revert to using raw argument values in engine stage by @yanivagman in #4461
- chore: add kernel 6.11 and 6.12 in matrix images by @rscampos in #4441
- fix(ebpf): kernel data filter combine bitmap by @rscampos in #4468
- chore(ci): add codeQL as workflow file by @rscampos in #4458
- Bump controller-gen fixing panic on generation by @geyslan in #4471
- chore(deps): bump golang.org/x/net from 0.28.0 to 0.33.0 by @dependabot in #4479
- chore(deps): bump golang.org/x/net from 0.26.0 to 0.33.0 in /api by @dependabot in #4480
- chore(go.mod) bump api to 4cdea40 by @geyslan in #4483
- chore(ci): enable dependabot version updates by @geyslan in #4475
- chore(performance): update tracee dashboard by @geyslan in #4467
- chore(deps): bump docker/login-action from 3.1.0 to 3.3.0 by @dependabot in #4496
- chore(deps): bump golang from 1.22.7 to 1.23.4 in /builder by @dependabot in #4488
- fix empty arguments resolution by @ShohamBit in #4442
- feat(events): add stack_pivot event by @oshaked1 in #4403
- Update Contributing docs by @ShohamBit in #4424
- argument parsers improvements by @geyslan in #4279
- chore(ci): trigger pr workflow on release branches by @NDStrahilevitz in #4510
- chore(deps): bump actions/setup-python from 5.1.0 to 5.3.0 by @dependabot in #4506
- chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.7.0 by @dependabot in #4489
- chore(deps): bump squidfunk/mkdocs-material from 8.3.0 to 9.5.49 in /builder by @dependabot in #4490
- chore(deps): bump helm/kind-action from 1.9.0 to 1.12.0 by @dependabot in #4491
- chore(deps): bump tj-actions/changed-files from 44.0.0 to 45.0.6 by @dependabot in #4493
- chore(deps): bump toshimaru/auto-author-assign from 2.1.0 to 2.1.1 by @dependabot in #4494
- chore(deps): bump github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.1 by @dependabot in #4495
- chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 by @dependabot in #4497
- chore(deps): bump google.golang.org/grpc from 1.66.0 to 1.69.4 by @dependabot in #4499
- chore(deps): bump github.com/containerd/containerd from 1.7.21 to 1.7.25 by @dependabot in #4500
- chore(deps): bump google.golang.org/protobuf from 1.34.2 to 1.36.3 by @dependabot in #4511
- chore(deps): bump google.golang.org/grpc from 1.64.1 to 1.69.4 in /api by @dependabot in #4501
- chore(deps): bump google.golang.org/protobuf from 1.34.1 to 1.36.3 in /api by @dependabot in #4512
- chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @dependabot in #4517
- chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.10.0 in /types by @dependabot in #4522
- chore(deps): bump actions/labeler from 4.3.0 to 5.0.0 by @dependabot in #4524
- chore(deps): bump kernel.org/pub/linux/libs/security/libcap/cap from 1.2.70 to 1.2.73 by @dependabot in #4518
- chore(deps): bump github.com/grafana/pyroscope-go from 1.1.1 to 1.2.0 by @dependabot in #4519
- chore(deps): bump github.com/urfave/cli/v2 from 2.27.2 to 2.27.5 by @dependabot in #4521
- chore(deps): bump azure/setup-helm from 4.1.0 to 4.2.0 by @dependabot in #4523
- chore(deps): bump golang from 1.23.4 to 1.23.5 in /builder by @dependabot in #4525
- chore: api/types bump by @geyslan in #4515
- fix(man): missing rebuild by @geyslan in #4516
- fix(ci): change labeler format to v5 by @geyslan in #4526
- Update codeql.yaml by @geyslan in #4527
- fix: clock time detection by @rscampos in #4513
- chore(deps): bump helm/chart-testing-action from 2.6.1 to 2.7.0 by @dependabot in #4531
- chore(deps): bump squidfunk/mkdocs-material from 9.5.49 to 9.5.50 in /builder by @dependabot in #4537
- chore: bump 3rdparty/libbpf to v1.5.0 by @geyslan in #4530
- fix(filters): int conversion without check by @geyslan in #4482
- legacy mode: align event field name in output by @OriGlassman in #4543
- feat(ksymbols): reimplement ksymbols by @oshaked1 in #4464
- feat(helpers): reapply: unparsed flag helpers by @geyslan in #4545
- feat: reapply: remove default usage of parse-arguments by @geyslan in #4544
- fix(ebpf): fix insufficiently accurate detection of golang heaps by @oshaked1 in #4550
- chore: improve e2e and pipeline for debuggability by @geyslan in #4552
- fix(events): fix incorrect handling of event parameters by @oshaked1 in #4548
- fix(ci): remove runners collision by @geyslan in #4559
- chore(deps): bump actions/setup-python from 5.3.0 to 5.4.0 by @dependabot in #4561
- Improve cpu/memory (proctree wise) by @geyslan in #4503
- fix(e2e): treat corner cases in ds_writer.go by @geyslan in #4554
- fix(epbf): fix handling of compat tasks in syscall checkers by @oshaked1 in #4562
- fix(ebpf): treat sched_process_exit corner case by @geyslan in #4557
- feat(events): convert syscall arg to name at processing stage by @oshaked1 in #4563
- fix(ebpf): correct value of exit and signal code for sched_process_exit by @rscampos in #4564
- fix(ebpf): revise thread stack identification logic by @oshaked1 in #4578
- fix(pipeline): fix stack-addresses not working by @oshaked1 in #4579
- Fix:
net_tcp_connectevent by @rscampos in #4573 - Procfs improvements by @geyslan in #4540
- Proctree improvements (cont) by @geyslan in #4572
- Add missing prctl options to parser by @oshaked1 in #4586
- Fix clang format by @geyslan in #4585
- chore(k8s): prepare v0.22.6 release by @geyslan in #4594
- fix(metrics): ignore bpf submit stats & gracefully stop tracee by @geyslan in #4592
- fix(build): libbpf output by @geyslan in #4589
- fix(build): update Makefile.release by @geyslan in #4600
- Fix ProcessTree rogue entries by @geyslan in #4582
- chore(k8s): prepare v0.23.0 release by @geyslan in #4603
New Contributors
- @ShohamBit made their first contribution in #4303
Full Changelog: v0.22.0...v0.23.0