github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-10 21:23:41 +00:00
Code Issues Projects Releases Wiki Activity
4,881 Commits 118 Branches 173 Tags 104 MiB
4c258afd9b
Commit Graph

4881 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Melissa Kilby
4c258afd9b clenaup(metrics): rename new restart_ts to reload_ts to reflect hot relaod conditions 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-27 10:07:10 +02:00
Melissa Kilby
aa67a0270a update(metrics): introduce restart ts metric to statistically inspect restart/hot_reload conditions 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-27 10:07:10 +02:00
Melissa Kilby
60721592e5 update(metrics): introduce immediate initial metrics msg (output_rule or output_file) upon start/restart/hot_reload 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-27 10:07:10 +02:00
Federico Di Pierro
9e67d90e19 update(cmake): bumped falcoctl to 0.11.1 and rules to 4.0.0. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-27 10:07:10 +02:00
Leonardo Grasso
afc4798d4c update(cmake/rules): bump to falco-rules-4.0.0-rc1 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-05-27 10:07:10 +02:00
Federico Di Pierro
6bcc73aeff cleanup(userspace/falco): drop unused libs_metrics_collector variable. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-27 10:07:10 +02:00
Luca Guerra
d4e7325c06 update(build): update container plugin to 0.2.4 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-26 13:06:04 +02:00
Federico Di Pierro
9fe7230d31 update(cmake): bump libs and driver to latest tagged releases. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-19 16:07:02 +02:00
poiana
145036e923 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-19 11:06:01 +02:00
Federico Di Pierro
4074148435 fix(build): fixed container custom_target sed command. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-15 18:27:41 +02:00
dependabot[bot]
1728a5febc chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `ae6ed41` to `4ccf111`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](ae6ed41a7a...4ccf111c36)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: 4ccf111c36ed910c7de6291db898bdb0225bcf18
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-15 18:22:42 +02:00
Tero Kauppinen
1533734fc4 There is an issue in building the bundled c-ares on certain 
distributions such as SLES. The cmake file for c-ares sets
'CARES_LIB' destination directory to '${CARES_SRC}/lib' but when the
bundled c-ares is compiled it produces a binary which is placed in
the '${CARES_SRC}/lib64' directory.

This is due to the fact that the bundled c-ares expands
${CMAKE_INSTALL_LIBDIR} to 'lib64' and not to 'lib' which is
expected by 'CARES_LIB'.

The fix is to enforce the building process of the bundled c-ares
to place the produced binary in 'lib'.

Signed-off-by: Tero Kauppinen <tero.kauppinen@est.tech>
 2025-05-15 14:36:40 +02:00
dependabot[bot]
f6c624a4e0 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `1d2c6b1` to `ae6ed41`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](1d2c6b1f0b...ae6ed41a7a)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: ae6ed41a7a6002367edfc358db4c0e99d8dc820e
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-14 09:26:34 +02:00
Federico Di Pierro
50bc0037e5 Revert "chore(deps): Bump submodules/falcosecurity-rules" 
This reverts commit 99b7215439.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-13 16:18:30 +02:00
Federico Di Pierro
b0ef64b449 update(userspace/engine): bump engine version and checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-12 12:01:22 +02:00
poiana
f4f7ccf777 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-12 12:01:22 +02:00
Luca Guerra
ae28be023e cleanup(engine): update docs for rule_files and -r option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-12 10:58:22 +02:00
Luca Guerra
28e7050f0f cleanup(engine): remove unreachable function engine::read_file 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-12 10:58:22 +02:00
Luca Guerra
910788850a cleanup(engine): only consider .yaml/.yml rule files 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-12 10:58:22 +02:00
Federico Di Pierro
a41e3df45d update(userspace/engine): bump engine checksum and version. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 15:03:44 +02:00
FedeDP
06c4133b90 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-06 15:03:44 +02:00
Kunal Singh
61d9383e8f using vet github url 
Signed-off-by: Kunal Singh <kunalsin9h@gmail.com>
 2025-05-06 15:02:45 +02:00
Kunal Singh
60d6368c08 Added SafeDep as Adopter. 
Signed-off-by: Kunal Singh <kunalsin9h@gmail.com>
 2025-05-06 15:02:45 +02:00
Federico Di Pierro
ff288f70b3 chore(userspace/falco): rework a bit -p cli option help message. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
Federico Di Pierro
fb292e6fbb fix(unit_tests): fixed extra format unit tests. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
Federico Di Pierro
6e4b7663ca cleanup(userspace/engine,userspace/falco): drop replace_container_info flag. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
Federico Di Pierro
0326210f49 cleanup(userspace/falco): deprecate -p option. 
Also, `-pc` and `-pk` won't do anything now.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
Federico Di Pierro
11f6fc5d14 cleanup(userspace/engine): deprecated %container.info. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
poiana
7badc31cb1 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-05 12:02:39 +02:00
FedeDP
11c7e23569 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-30 10:05:09 +02:00
Federico Di Pierro
08a00609a1 new(userspace,unit_tests): port merge-strategy to be a yaml map. 
Merge-strategy for included config files must now be
specified as yaml map of the form:
- path: foo
  strategy: bar

If `strategy` is omitted, or the old `string-only` form is used,
`append` strategy is enforced.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 16:17:06 +02:00
Federico Di Pierro
630167d9ad new(userspace,unit_tests)!: add a way to specify merge-strategy for config_files. 
By default we now use the `append` merge-strategy:
* existing sequence keys will be appended
* existing scalar keys will be overridden
* non-existing keys will be added

We also have an `override` merge-strategy:
* existing keys will be overridden
* non-existing keys will be added

Finally, there is an `add-only` merge-strategy:
* existing keys will be ignored
* non-existing keys will be added

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 16:17:06 +02:00
Federico Di Pierro
80d52963d6 fix(userspace): fixed engine openssl dep. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 13:50:04 +02:00
benierc
835ac52f4f Update userspace/falco/config_json_schema.h 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: benierc <clement.benier@iot.bzh>
 2025-04-29 11:52:05 +02:00
benierc
543734af3c Apply suggestions from code review 
Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
Signed-off-by: benierc <clement.benier@iot.bzh>
 2025-04-29 11:52:05 +02:00
Clément Bénier
186614dff4 fix(userspace/falco): fix outputs_http timeout 
libcurl timeout prevent to send alert through http
keep trying to send the alert

Signed-off-by: Clément Bénier <clement.benier@iot.bzh>
 2025-04-29 11:52:05 +02:00
Federico Di Pierro
52127d4c8a update(userspace/engine): bump engine checksum and version. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 09:48:03 +02:00
poiana
04c1a11136 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-29 09:48:03 +02:00
Federico Di Pierro
68465f6f2e fix(ci): use clang-19 to build modern_ebpf skeleton. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-23 16:36:26 +02:00
FedeDP
18f99582da update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-15 17:06:41 +02:00
Federico Di Pierro
e8a6f72bc9 chore(ci): install systemd rpm macros from centos9. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-14 11:28:32 +02:00
poiana
db178840d6 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-14 11:28:32 +02:00
Federico Di Pierro
7c3c8eccc4 fix(ci): properly install rpm systemd-rpm-macro package on building packages pipeline. 
Refs #3503: we need it because rpm pre/post install/remove scripts
are evaluated at rpm package building time.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-11 10:49:11 +02:00
Leonardo Grasso
6e717daa95 update(userspace/engine): relax validation for values in exceptions 
Defining `exceptions` with empty `values` is a legitimate use case since the values can be added to another rules file. Even when values are not populated elsewhere, Falco can work without issues; that's the reason why the `values` field is not required. With this change, we avoid emitting useless validation warnings in situations where exceptions are just defined but not actually used because values are not being provided.

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-04-10 18:37:07 +02:00
Luca Guerra
d15cf450fc fix(build): compatibility with newer compilers 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-04-08 16:22:51 +02:00
Luca Guerra
f70b28bfb4 new(falco): add json_include_output_fields_property option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-04-08 16:22:51 +02:00
poiana
ca80e69baa update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-08 16:21:52 +02:00
poiana
d8c6af821d update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-01 12:27:06 +02:00
Federico Di Pierro
258d13a472 fix(build): properly configure a binary_dir falco.yaml. 
It automatically enables container plugin from the binary_dir located one.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-25 11:08:22 +01:00
poiana
6811ce6153 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-03-25 11:08:22 +01:00