Release highlights and discussion
Changelog
2001ffe fix dynamic code loading sig
e5f25a7 fix release
24ea252 fix docker image contains glibc artifacts
1b9c59f fix release to fetch submodules
6c2b2e5 fix dependency resolution in tracee-rules
0575cb7 Revert "fix release as monorepo"
ef7e96a update import paths after restructure
f1f841d remove code injection sig from go
b4501be Fix stdio over socket (#552)
a7c47e9 fix release as monorepo
a750666 tracee-ebpf: add switch_task_ns event
c92b5c5 fix match for non af_inet sockets
5b2a740 Add signatures (#528)
3fcee47 update entrypoint to use security-alerts
6ea5773 tracee-ebpf: Add commit_creds event
4bd2e3c fix make release didn't build slim image
c34c10f fix: trace-ebpf: Fix typo in clang option (#526)
f0604fb Merge pull request #525 from grantseltzer/list-flag-output-fix
b1bf684 fix: Move example sigs into own dir and exclude from build. (#523)
fc53430 add tracee container
4255857 fix makefile
6d632e3 add option to make bpf from root
f474f44 Merge pull request #518 from grantseltzer/input-source-unit-tests
2e827a3 Fix: rename signatures and add spacing to printing of them with --list flag
a5e8040 start of unit tests for input source setup functions
f41c794 fix webhook panic when server returns error
b54cfda Merge pull request #500 from grantseltzer/gs/print-help-tracee-rules
dbc56af Update readme, fix default logic
8645c0a Update tracee-rules/input.go
86c0958 fix: Address a few typos
4d43dc1 rename tracee input parsing functions
eb8f7db rename help error
48bd0d3 Remove more references to EOT, set default values for tracee input (gob from stdin)
696053a Close on EOF, not on EOT
b2756e5 remove the eof/eot option
311e423 adress feedback about help being displayed
effd1f6 Remove old flags
9829d2b add minimal unit tests
8cc046f add invalid input checks
0e5c733 Refactor flags in tracee-rules
3590ef0 feat: Add tests for core engine functionality (#477)
8e4e7b3 Merge pull request #510 from aquasecurity/remove-eot-tracee-ebpf
0e61c18 Update contributing guidelines (aka team agreements)
9deb2ce Remove the notion of an EOT event signalling end of transmision
da310b0 refactor: tracee-rules use types from tracee-ebpf
775ac46 rename tracee execuable to tracee-ebpf
17d840f feat: add root level Makefile for release
5ac1db4 feat: mostlyclean target
b04facc fix: improve makefile targets
a95d52d fix: don't send context when building builder
062c7b1 fix: docker builder file creation and cleanup
d931f21 fix: make in docker without git
02900d9 fix: make in docker ignoring target
d28d4cc feat: convert anti_debugging sig to rego
5905ce4 feat: add rego tests
febd3de lint: Address a few idiomatic Go improvements (#427)
4fdcba8 Merge pull request #449 from aquasecurity/traceprint
dd1dbb1 Add tracee-rules pr workflow
a3d5748 Fix tracee-rules build
c43b1c3 Restructure repo as monorepo (#459)
5779705 fix: allow reading from stdin
5fc24f0 docs: add tracee-rules readme
bb3d227 fix sigs building
e6b431e fix regosig numeral handling
86c815c rego optimizations
07aa51f add support for rego signatures
9a8c836 simplify finding data
4025eff add code injection signature
de77008 add anti debugging signature and sigs tests infra
e12b1ce improve signature error handling
56fa897 tracee-rules rewrite
8841bc0 Rule engine initial commit
1d879fc write errors to stderr, and close file
4d721af feat: add TracePrint to libbpfgo
a87426a fix: default output format
fbdf5a6 fix: written files index relative to out dir
871c1db Add pin, unpin and setpin for maps in libbpfgo (#437)
Docker images
docker pull docker.io/aquasec/tracee:latestdocker pull docker.io/aquasec/tracee:0.5.0docker pull docker.io/aquasec/tracee:slimdocker pull docker.io/aquasec/tracee:slim-0.5.0