Merge pull request #270 from dkerwin/add_gitlab_ee

Add official gitlab EE docker image to list of known shell spawning images
2025-08-31 22:28:22 +00:00 · 2017-09-22 17:19:14 -07:00
parent 2d0963e97c 64145ba961
commit 1666d03afc
1 changed files with 2 additions and 1 deletions
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -512,7 +512,8 @@
 # as a packaging mechanism more than for a dedicated microservice.
 - macro: shell_spawning_containers
  condition: (container.image startswith jenkins or
-              container.image startswith gitlab/gitlab-ce)
+              container.image startswith gitlab/gitlab-ce or
+              container.image startswith gitlab/gitlab-ee)

 - rule: Launch Privileged Container
  desc: Detect the initial process started in a privileged container. Exceptions are made for known trusted images.