github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-03-18 10:44:27 +00:00
Code Issues Projects Releases Wiki Activity
5,008 Commits 122 Branches 184 Tags
release/0.42.x
Commit Graph

5008 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Leonardo Grasso
4ea91437df fix(.github/workflow): upgrade (no more available) systemd-rpm-macros package 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
0.42.1 		2025-11-06 10:21:58 +01:00
Leonardo Grasso
cadf4120b0 chore(cmake/modules): upgrade libs to 0.22.2 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-11-06 10:21:58 +01:00
Leonardo Di Giovanna
4133280566 docs(CHANGELOG.md): update changelog for 0.42.0 release 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-10-22 14:31:45 +02:00
Leonardo Grasso
d8e430e352 fix(userspace/falco): correct default duration calculation 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
0.42.0 0.42.0-rc4 		2025-10-22 10:32:44 +02:00
Iacopo Rozzo
0d00bcc210 chore(falcoctl): update falco rules to version 5 
Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
Co-authored-by: Leonardo Grasso <leonardo.grasso@sysdig.com>
Co-authored-by: Leonardo DiGiovanna <leonardo.digiovanna@sysdig.com>
 2025-10-21 16:55:43 +02:00
Iacopo Rozzo
af7f9be9d6 chore(build): update falco libs dependency to 0.22.1 
Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
0.42.0-rc3 		2025-10-20 15:26:35 +02:00
Iacopo Rozzo
e806010af2 chore(build): remove the compile option related to RTLD_DEEPBIND 
Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
 2025-10-20 15:26:35 +02:00
Iacopo Rozzo
38a54b7c6b chore(deps): bump libs version to 0.22.0 
Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
0.42.0-rc2 		2025-10-17 16:33:16 +02:00
Iacopo Rozzo
dadcb3a9d0 chore(deps): bump driver version to 9.0.0+driver 
Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
 2025-10-17 16:33:16 +02:00
dependabot[bot]
5c39b224db chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `db9405d` to `d919107`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](db9405d6c2...d919107be6)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: d919107be667675a816ec4fb6b8fea6f39445e46
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 16:33:16 +02:00
Leonardo Grasso
c744d5de68 chore(cmake/modules): bump rules to v5.0.0 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-17 16:33:16 +02:00
Iacopo Rozzo
1717a98749 feat(engine): emit warning when a rule output uses deprecated "evt.dir" 
Emit a warning when a rule uses the deprecated "evt.dir" field in output.

Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
0.42.0-rc1 		2025-10-14 09:46:43 +02:00
Leonardo Grasso
9ca8268c55 chore(cmake/modules): update rules to 5.0.0-rc1 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-13 19:06:38 +02:00
Leonardo Di Giovanna
94cd97e701 chore(docker): use new ENV syntax in place of deprecated one 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-10-13 15:10:37 +02:00
Leonardo Grasso
b39f88167a update(cmake): update libs to latest 0.22 dev 
Adds some last-minute fixes.

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-13 12:32:37 +02:00
Leonardo Grasso
0c3ff11a62 fix(cmake/modules): add DISABLE_RTLD_DEEPBIND when USE_ASAN is On 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-13 12:32:37 +02:00
Leonardo Grasso
38be8ba5d2 update(cmake): update libs and driver to 0.22 dev 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-13 12:32:37 +02:00
poiana
e099dc73f9 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-10-13 12:32:37 +02:00
Iacopo Rozzo
8c4e5aa854 Use generic DEPRECATED_ITEM warning code 
Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
 2025-10-09 14:06:12 +02:00
Iacopo Rozzo
42085c9d7a feat(engine): emit warning when a condition uses deprecated "evt.dir" 
Emit a warning when a rule with a condition using "evt.dir" field is
encountered.
The direction have been deprecated in the scope of enter event
suppression initiative.

Signed-off-by: Iacopo Rozzo <iacopo.rozzo@iacopo.rozzo>
 2025-10-09 14:06:12 +02:00
Leonardo Grasso
aa16a0109e fix(cmake/modules): bump falcoctl to v0.11.4 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-09 12:33:12 +02:00
dependabot[bot]
ab91c52ca0 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `72cc635` to `db9405d`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](72cc635100...db9405d6c2)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: db9405d6c240515e00763731a84a70ec0d6d4b0d
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-09 12:32:11 +02:00
Leonardo Di Giovanna
82f09d045a docs(OWNERS): add ekoops(Leonardo Di Giovanna) as approver 
Signed-off-by: Leonardo Di Giovanna <41296180+ekoops@users.noreply.github.com>
 2025-10-09 11:54:11 +02:00
dependabot[bot]
ade529709e chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `be38001` to `72cc635`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](be3800132f...72cc635100)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: 72cc6351006eea5ccc58a8123236864ab895108b
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-03 18:12:33 +02:00
Leonardo Grasso
c830b5a0c2 docs(falco.yaml): enanche consistency and style 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-03 15:08:33 +02:00
Leonardo Grasso
63cb5fc1cd docs(falco.yaml): refactor config inline documentation 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-03 15:08:33 +02:00
Leonardo Grasso
573871955c chore(userspace/engine): bump Falco engine version to 0.56.0 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-09-30 18:52:12 +02:00
poiana
2c21e2c877 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-09-30 18:52:12 +02:00
Tero Kauppinen
eee4acc488 fix(userspace/falco): fix actions taken when events are dropped 
User can configure a list of actions that are taken when Falco
detects a threshold exceeding value in drop statistics.

However, the logic that handles the list of configured actions
is designed to process only a single action; it takes only the
first action of the list. This approach has the problem that the
order of the actions comes as the deciding factor in choosing
which action is taken in case there are more than one action.

This fix enables Falco to process all actions on the list.

Signed-off-by: Tero Kauppinen <tero.kauppinen@est.tech>
 2025-09-30 18:36:12 +02:00
Iacopo Rozzo
7fb9986e5a fix(prometheus): deprecate enter events drop stats 
Enter events are no longer tracked by the Falco libs, this change
deprecates the Prometheus metrics related to enter event drops.

Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
 2025-09-23 10:37:08 +02:00
Leonardo Di Giovanna
4fa53452c3 fix(userspace/engine): fix logger date format 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-09-18 14:54:46 +02:00
Leonardo Di Giovanna
4d3b685c8b feat: make libs internal auto thread purging intervals configurable 
Make Falco's libs internal auto thread purging interval and timeout
configurable and set their default values to 5 minutes. This helps
controlling the memory impact of process exit events dropping and
events re-ordering.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-09-16 15:42:34 +02:00
Samuel Gaist
5faef4e65a fix(ci): install NSIS for building Windows package 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
7c7196f1f0 chore: pre-commit cleanup 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
e34caee3f8 Revert "refactor(userspace/falco): remove duplicate condition test" 
This reverts commit 0ae61528fb.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
909122a849 refactor(userspace/falco): remove duplicate condition test 
handled is test a second time for the same while it's already
part of the initial entry condition.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
e8c527f204 refactor(userspace/falco): comment out unused variable names 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
179234e08e refactor(userspace/falco): add missing override 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
d6fde4ac16 refactore(userspace/falco): use static_cast rather than c style cast 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
cdea5ad35f refactor(userspace/falco): correct variable scope 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
07438534e7 refactor(userspace/falco): add missing initial value 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
dadf81ed9d fix(userspace/falco): use correct qualifier for size_t in printf 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
3b91cb685f refactor(userspace/falco): const correctness 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
e5654849d4 refactor(userspace/engine): port from asctime to strftime 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
0cc39ac5e7 refactor(userspace/engine): make constructor explicit 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
d9f561cd7b refactor(userspace/engine): remove unused variable 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
668bbfc9de refactor(userpsace/engine): add missing override 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
4d03686999 refactor(userspace/engine): fix variable scope 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
2da40e798b refactor(userspace/engine): const correctness 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
01d2976b0a refactor(unit_tests): move initialization to initialization list 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00