github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-02-21 14:13:27 +00:00
Code Issues Projects Releases Wiki Activity
5,067 Commits 123 Branches 184 Tags
update/libs
Commit Graph

5067 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Julien Francoz
0b2724450f Reduce image size 
rm falcoctl in the same image layer, divides the image size by 2.

Signed-off-by: Julien Francoz <julien@les-tilleuls.coop>
 2025-12-05 12:33:35 +01:00
irozzo-1A
a9e8063e58 chore(build): attempt mitigation to rate-limiter issuo on ghcr.io 
Signed-off-by: irozzo-1A <iacopo@sysdig.com>
 2025-12-01 12:54:18 +01:00
irozzo-1A
5b53681d2f chore(engine): add deprecation warning for evt.latency when used in conditions 
Emit a deprecation warning when `evt.latency` is detected in a rule
condition.

Signed-off-by: irozzo-1A <iacopo@sysdig.com>
 2025-12-01 12:54:18 +01:00
Leonardo Grasso
2d9f1f1abc fix(.github): ghcr.io rate-limit mitigation 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-11-27 19:14:54 +01:00
Leonardo Grasso
df3beba2e4 fix(cmake): correct falcoctl.yaml path in debian conffiles 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-11-27 19:14:54 +01:00
Leonardo Grasso
ecbf70b354 fix(.github/workflow): upgrade (no more available) systemd-rpm-macros package 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-31 16:09:47 +01:00
Leonardo Grasso
01fe75b0fd chore: revert submodules/rules change 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-31 16:09:47 +01:00
Leonardo Di Giovanna
1b1b391724 docs(CHANGELOG.md): update changelog for 0.42.0 release 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-10-31 16:09:47 +01:00
Leonardo Di Giovanna
bf60a61c52 docs(RELEASE.md): specify target branch association upon release creation 
Signed-off-by: Leonardo Di Giovanna <41296180+ekoops@users.noreply.github.com>
 2025-10-23 15:56:50 +02:00
Leonardo Di Giovanna
6091fb18a0 docs(RELEASE.md): fix rn2md cmd generating changelogs 
Remove branch specification from `rn2md` command example for changelogs generation. This results in taking into account PR merged on the master branch.

Signed-off-by: Leonardo Di Giovanna <41296180+ekoops@users.noreply.github.com>
 2025-10-23 15:55:50 +02:00
Leonardo Di Giovanna
d79ed7b951 docs(RELEASE.md): fix PRs filtering expr for checking release notes 
Fix PRs filtering expression for checking the presence and the conformance of release notes.

Signed-off-by: Leonardo Di Giovanna <41296180+ekoops@users.noreply.github.com>
 2025-10-23 15:54:51 +02:00
Leonardo Di Giovanna
bda65653cc docs(RELEASE.md): fix PR filtering expression text 
Fix PR filtering expression to match the corresponding link expression

Signed-off-by: Leonardo Di Giovanna <41296180+ekoops@users.noreply.github.com>
 2025-10-23 15:53:50 +02:00
Leonardo Grasso
933fb7e823 fix(userspace/falco): correct default duration calculation 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-21 20:53:44 +02:00
Iacopo Rozzo
c9e920b1f7 chore(falcoctl): update falco rules to version 5 
Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
Co-authored-by: Leonardo Grasso <leonardo.grasso@sysdig.com>
Co-authored-by: Leonardo DiGiovanna <leonardo.digiovanna@sysdig.com>
 2025-10-21 15:05:42 +02:00
Iacopo Rozzo
9e188d75bc chore(build): update falco libs dependency to 0.22.1 
Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
 2025-10-20 14:59:34 +02:00
Iacopo Rozzo
5d6f6135ac chore(build): remove the compile option related to RTLD_DEEPBIND 
Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
 2025-10-20 14:59:34 +02:00
Iacopo Rozzo
9eacf5e58f chore(deps): bump libs version to 0.22.0 
Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
 2025-10-17 15:09:15 +02:00
Iacopo Rozzo
45ffa8e315 chore(deps): bump driver version to 9.0.0+driver 
Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
 2025-10-17 15:09:15 +02:00
dependabot[bot]
18e8e264a0 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `db9405d` to `d919107`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](db9405d6c2...d919107be6)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: d919107be667675a816ec4fb6b8fea6f39445e46
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:37:15 +02:00
Leonardo Grasso
d443201229 chore(cmake/modules): bump rules to v5.0.0 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-16 17:15:55 +02:00
Iacopo Rozzo
1717a98749 feat(engine): emit warning when a rule output uses deprecated "evt.dir" 
Emit a warning when a rule uses the deprecated "evt.dir" field in output.

Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
0.42.0-rc1 		2025-10-14 09:46:43 +02:00
Leonardo Grasso
9ca8268c55 chore(cmake/modules): update rules to 5.0.0-rc1 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-13 19:06:38 +02:00
Leonardo Di Giovanna
94cd97e701 chore(docker): use new ENV syntax in place of deprecated one 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-10-13 15:10:37 +02:00
Leonardo Grasso
b39f88167a update(cmake): update libs to latest 0.22 dev 
Adds some last-minute fixes.

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-13 12:32:37 +02:00
Leonardo Grasso
0c3ff11a62 fix(cmake/modules): add DISABLE_RTLD_DEEPBIND when USE_ASAN is On 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-13 12:32:37 +02:00
Leonardo Grasso
38be8ba5d2 update(cmake): update libs and driver to 0.22 dev 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-13 12:32:37 +02:00
poiana
e099dc73f9 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-10-13 12:32:37 +02:00
Iacopo Rozzo
8c4e5aa854 Use generic DEPRECATED_ITEM warning code 
Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
 2025-10-09 14:06:12 +02:00
Iacopo Rozzo
42085c9d7a feat(engine): emit warning when a condition uses deprecated "evt.dir" 
Emit a warning when a rule with a condition using "evt.dir" field is
encountered.
The direction have been deprecated in the scope of enter event
suppression initiative.

Signed-off-by: Iacopo Rozzo <iacopo.rozzo@iacopo.rozzo>
 2025-10-09 14:06:12 +02:00
Leonardo Grasso
aa16a0109e fix(cmake/modules): bump falcoctl to v0.11.4 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-09 12:33:12 +02:00
dependabot[bot]
ab91c52ca0 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `72cc635` to `db9405d`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](72cc635100...db9405d6c2)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: db9405d6c240515e00763731a84a70ec0d6d4b0d
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-09 12:32:11 +02:00
Leonardo Di Giovanna
82f09d045a docs(OWNERS): add ekoops(Leonardo Di Giovanna) as approver 
Signed-off-by: Leonardo Di Giovanna <41296180+ekoops@users.noreply.github.com>
 2025-10-09 11:54:11 +02:00
dependabot[bot]
ade529709e chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `be38001` to `72cc635`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](be3800132f...72cc635100)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: 72cc6351006eea5ccc58a8123236864ab895108b
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-03 18:12:33 +02:00
Leonardo Grasso
c830b5a0c2 docs(falco.yaml): enanche consistency and style 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-03 15:08:33 +02:00
Leonardo Grasso
63cb5fc1cd docs(falco.yaml): refactor config inline documentation 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-03 15:08:33 +02:00
Leonardo Grasso
573871955c chore(userspace/engine): bump Falco engine version to 0.56.0 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-09-30 18:52:12 +02:00
poiana
2c21e2c877 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-09-30 18:52:12 +02:00
Tero Kauppinen
eee4acc488 fix(userspace/falco): fix actions taken when events are dropped 
User can configure a list of actions that are taken when Falco
detects a threshold exceeding value in drop statistics.

However, the logic that handles the list of configured actions
is designed to process only a single action; it takes only the
first action of the list. This approach has the problem that the
order of the actions comes as the deciding factor in choosing
which action is taken in case there are more than one action.

This fix enables Falco to process all actions on the list.

Signed-off-by: Tero Kauppinen <tero.kauppinen@est.tech>
 2025-09-30 18:36:12 +02:00
Iacopo Rozzo
7fb9986e5a fix(prometheus): deprecate enter events drop stats 
Enter events are no longer tracked by the Falco libs, this change
deprecates the Prometheus metrics related to enter event drops.

Signed-off-by: Iacopo Rozzo <iacopo@sysdig.com>
 2025-09-23 10:37:08 +02:00
Leonardo Di Giovanna
4fa53452c3 fix(userspace/engine): fix logger date format 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-09-18 14:54:46 +02:00
Leonardo Di Giovanna
4d3b685c8b feat: make libs internal auto thread purging intervals configurable 
Make Falco's libs internal auto thread purging interval and timeout
configurable and set their default values to 5 minutes. This helps
controlling the memory impact of process exit events dropping and
events re-ordering.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-09-16 15:42:34 +02:00
Samuel Gaist
5faef4e65a fix(ci): install NSIS for building Windows package 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
7c7196f1f0 chore: pre-commit cleanup 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
e34caee3f8 Revert "refactor(userspace/falco): remove duplicate condition test" 
This reverts commit 0ae61528fb.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
909122a849 refactor(userspace/falco): remove duplicate condition test 
handled is test a second time for the same while it's already
part of the initial entry condition.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
e8c527f204 refactor(userspace/falco): comment out unused variable names 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
179234e08e refactor(userspace/falco): add missing override 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
d6fde4ac16 refactore(userspace/falco): use static_cast rather than c style cast 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
cdea5ad35f refactor(userspace/falco): correct variable scope 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00
Samuel Gaist
07438534e7 refactor(userspace/falco): add missing initial value 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-09-16 09:38:29 +02:00