github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-03-18 18:58:41 +00:00
Code Issues Projects Releases Wiki Activity
5,029 Commits 122 Branches 184 Tags
ekoops-patch-1
Commit Graph

5029 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Iacopo Rozzo
7fb9986e5a fix(prometheus): deprecate enter events drop stats 
Enter events are no longer tracked by the Falco libs, this change
deprecates the Prometheus metrics related to enter event drops.

Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
 2025-09-23 10:37:08 +02:00
Leonardo Di Giovanna
4fa53452c3 fix(userspace/engine): fix logger date format 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-09-18 14:54:46 +02:00
Leonardo Di Giovanna
4d3b685c8b feat: make libs internal auto thread purging intervals configurable 
Make Falco's libs internal auto thread purging interval and timeout
configurable and set their default values to 5 minutes. This helps
controlling the memory impact of process exit events dropping and
events re-ordering.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-09-16 15:42:34 +02:00
Samuel Gaist
5faef4e65a fix(ci): install NSIS for building Windows package 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
7c7196f1f0 chore: pre-commit cleanup 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
e34caee3f8 Revert "refactor(userspace/falco): remove duplicate condition test" 
This reverts commit 0ae61528fb.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
909122a849 refactor(userspace/falco): remove duplicate condition test 
handled is test a second time for the same while it's already
part of the initial entry condition.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
e8c527f204 refactor(userspace/falco): comment out unused variable names 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
179234e08e refactor(userspace/falco): add missing override 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
d6fde4ac16 refactore(userspace/falco): use static_cast rather than c style cast 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
cdea5ad35f refactor(userspace/falco): correct variable scope 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
07438534e7 refactor(userspace/falco): add missing initial value 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
dadf81ed9d fix(userspace/falco): use correct qualifier for size_t in printf 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
3b91cb685f refactor(userspace/falco): const correctness 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
e5654849d4 refactor(userspace/engine): port from asctime to strftime 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
0cc39ac5e7 refactor(userspace/engine): make constructor explicit 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
d9f561cd7b refactor(userspace/engine): remove unused variable 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
668bbfc9de refactor(userpsace/engine): add missing override 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
4d03686999 refactor(userspace/engine): fix variable scope 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
2da40e798b refactor(userspace/engine): const correctness 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
01d2976b0a refactor(unit_tests): move initialization to initialization list 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
9a65ef220c refactor(unit_tests): remove unused variable 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
poiana
782a833795 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-08-18 17:32:18 +02:00
poiana
6adc54c92f update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-08-12 11:49:42 +02:00
Leonardo Grasso
1d3ac2871e docs(falco.yaml): update config index 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
fda1430afb fix(userspace/falco): smart pointer for sinsp_dumper 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
7cb23e0191 feat(unit_tests): add test for capture feature 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
97d88d12f1 chore(userspace/engine): initialize bool member for falco_rule 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
3af03998eb fix(userspace/falco): correct typo in type 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
aa501437a4 fix(userspace/engine): adding capture members to to the rule equility operator 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
504d52e694 fix(userspace/falco): address init ordering warning for falco_configuration 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
8dbd04816d fix(userspace/falco): add "capture" in config schema 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
63d27fbe1b chore: fix formatting 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
81f26b7e5d chore(userspace/falco): fix codespell 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
15e8a746cb new(userspace/falco): capture feature impl 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
a818d48806 new(userspace/falco): add file name generator helper for capture 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
1da5514012 new(userspapace/engine): add capture and capture_duration to the engine 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
21350a282c new(userspapace/engine): add capture and capture_duration to rules loader 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
e6cd74995c new(userspace/falco): config parsing 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
5ebfa1b05b new: add config options and docs for capture feature 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
José Carlos Chávez
bff2f619df fix: indentation 
Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
Signed-off-by: José Carlos Chávez <jcchavezs@gmail.com>
 2025-08-11 10:46:35 +02:00
José Carlos Chávez
845e998ab4 fix: moves falco version up as it is duplicated 
Signed-off-by: José Carlos Chávez <jcchavezs@gmail.com>
 2025-08-11 10:46:35 +02:00
José Carlos Chávez
801e8bdbff chore: adds labels to falco-debian, driver-loader and driver-loader-buster 
Signed-off-by: José Carlos Chávez <jcchavezs@gmail.com>
 2025-08-11 10:46:35 +02:00
José Carlos Chávez
1fb0c85b19 feat: includes sha on the image labels 
Signed-off-by: José Carlos Chávez <jcchavezs@gmail.com>
 2025-08-11 10:46:35 +02:00
Federico Di Pierro
539294595e update(userspace/engine): bump engine version and checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-08-04 17:12:50 +02:00
Federico Di Pierro
154cde354f fix(userspace/falco): use proper API to fetch event param[0] as uint32_t. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-08-04 17:12:50 +02:00
poiana
ce8a67a5f4 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-08-04 17:12:50 +02:00
Federico Di Pierro
ec24062b71 chore(userspace/falco): print plugin version info too at plugin loading. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-08-01 18:27:30 +02:00
Federico Di Pierro
08b9e0f065 chore(ci): disable mimalloc for master builds. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-07-28 11:31:05 +02:00
Federico Di Pierro
3dce2f030d fix(cmake,userspace): fix usage and build of mimalloc. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-07-25 16:58:43 +02:00