Add official gitlab EE docker image to list of known shell spawning images.

sysdig-CLA-1.0-signed-off-by: Daniel Kerwin <daniel@gini.net>
2025-09-17 15:28:18 +00:00 · 2017-09-05 13:41:05 +02:00
parent 240a8ffffa
commit 64145ba961
1 changed files with 2 additions and 1 deletions
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -512,7 +512,8 @@
 # as a packaging mechanism more than for a dedicated microservice.
 - macro: shell_spawning_containers
  condition: (container.image startswith jenkins or
-              container.image startswith gitlab/gitlab-ce)
+              container.image startswith gitlab/gitlab-ce or
+              container.image startswith gitlab/gitlab-ee)

 - rule: Launch Privileged Container
  desc: Detect the initial process started in a privileged container. Exceptions are made for known trusted images.