github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-22 08:06:10 +00:00
Code Issues Projects Releases Wiki Activity
4,942 Commits 117 Branches 173 Tags 105 MiB
a462689561
Commit Graph

4942 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Leonardo Grasso
a462689561
update(userspace/engine): bump engine version to 0.55.0 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-28 10:21:59 +02:00
Leonardo Grasso
6b033ee701
docs(falco.yaml): update config index 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
8ff6f3c834
fix(userspace/falco): smart pointer for sinsp_dumper 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
1bebb21561
feat(unit_tests): add test for capture feature 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
0ff450956c
chore(userspace/engine): initialize bool member for falco_rule 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
a6790b4330
fix(userspace/falco): correct typo in type 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
7451fb8ed1
fix(userspace/engine): adding capture members to to the rule equility operator 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
d98c038c96
fix(userspace/falco): address init ordering warning for falco_configuration 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
cbc9158a1c
fix(userspace/falco): add "capture" in config schema 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
ad4707bfe5
chore: fix formatting 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
80f47e7f8a
chore(userspace/falco): fix codespell 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
9fa6be91a9
new(userspace/falco): capture feature impl 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
c9335f5429
new(userspace/falco): add file name generator helper for capture 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
8211458a5c
new(userspapace/engine): add capture and capture_duration to the engine 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
f33d5b43fe
new(userspapace/engine): add capture and capture_duration to rules loader 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
b6730db82c
new(userspace/falco): config parsing 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:06 +02:00
Leonardo Grasso
ef63df716c
new: add config options and docs for capture feature 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:08:00 +02:00
Leonardo Grasso
8dee7a075e docs(falco.yaml): avoid out-of-sync config options for container plugin 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:00:41 +02:00
Mariell Hoversholm
c3fc9e0d0f fix(restart_handler): disable if there is no work 
When there is no work to do, i.e. when all config watching is disabled,
there is no need to keep the restart_handler running. Disable it in this
case.

This is helpful to do on nodes where there is little to no headroom in
terms of open inotify watches (as per the inotify/max_user_instances
configuration), as can happen on nodes populated with other software
that also watch the filesystem for changes. If Falco is run on such a
node, it may fail to start due to functionality the app does not even
intend on using.

This has one change in terms of behaviour, however: the dry-run restarts
will no longer occur. As there is still never going to happen a real
restart, I understand it as unlikely for there to be a proper need for
dry-run restarts.

Signed-off-by: Mariell Hoversholm <mariell@grafana.com>
 2025-07-24 12:56:39 +02:00
Federico Di Pierro
5e2925bc95 update(cmake): bumped cpp-httplib dep to v0.23.1 (latest release). 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-07-22 14:32:28 +02:00
Leonardo Di Giovanna
ca291b0eaf update(userspace/engine): update falco engine version and checksum 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-07-22 14:30:29 +02:00
poiana
4deb2bdf31 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-07-22 11:40:29 +02:00
Leonardo Di Giovanna
8956279d47 build: fix debian:buster apt debian repo URL in driver-loader-buster 
As buster reached its EOL, the official debian repo URL doesn't
host anymore buster packages info. For this reason, change the URLs
to point to the `20250630T203427Z` snapshot, which still contains
them.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-07-18 12:02:10 +02:00
poiana
0c12b44bc6 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-07-02 17:22:29 +02:00
Leonardo Di Giovanna
33e6e1ef61 update(CHANGELOG.md): release 0.41.3 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-07-02 16:29:30 +02:00
dependabot[bot]
25be186548 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `4d51b18` to `1208816`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](4d51b1813f...120881647a)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: 120881647a359084f1a99439b33b7effadf62f45
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-02 12:22:28 +02:00
Federico Di Pierro
ea9e86d9e0 update(userspace): bump engine version and checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-30 14:25:18 +02:00
Federico Di Pierro
b2c76769cf fix(userspace/falco): enforce filtercheck overlap check for static fields too against plugin fields. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2025-06-30 14:25:18 +02:00
Federico Di Pierro
07266e1247 new(userspace/falco): append static filterchecks with static fields. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-30 14:25:18 +02:00
Federico Di Pierro
8d8ba5ba5c new(userspace/falco): add new static_fields config key + update schema. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-30 14:25:18 +02:00
Leonardo Di Giovanna
2ed1f0ffec docs(RELEASE.md): remove some unneeded old activities 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-06-18 15:38:05 +02:00
Leonardo Di Giovanna
f146204623 docs(RELEASE.md): fix falcosecurity/community repo link 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-06-18 15:38:05 +02:00
Leonardo Di Giovanna
56bf4933e7 docs(RELEASE.md): fix rn2md command documentation 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-06-18 15:38:05 +02:00
Leonardo Di Giovanna
d4e69e8c5a docs(RELEASE.md): fix release note checking procedure documentation 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-06-18 15:38:05 +02:00
poiana
a9386b37f2 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-06-17 16:22:45 +02:00
Leonardo Di Giovanna
25daddbf29 update(CHANGELOG.md): release 0.41.2 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-06-17 15:39:45 +02:00
Leonardo Grasso
720d3e61f2 chore(falco.yaml): clean up plugins config leftover 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-06-13 10:35:16 +02:00
Melissa Kilby
d55be4b29f doc(OWNERS): move incertum (Melissa Kilby) to emeritus_approvers 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-06-13 09:48:17 +02:00
dependabot[bot]
3d38e130fc chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `b4437c4` to `4d51b18`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](b4437c492f...4d51b1813f)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: 4d51b1813f4b6539cd3ccc0f82b668614b1059a3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-12 09:45:10 +02:00
Federico Di Pierro
4418bf2101 update(userspace/engine): bump engine version and checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-09 12:19:53 +02:00
poiana
43cd120030 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-06-09 12:19:53 +02:00
Denis Romanenko
5b1c6886e5 Fix alpine build 
Signed-off-by: Denis Romanenko <denis.romanenko@flant.com>
 2025-06-09 12:18:54 +02:00
Federico Di Pierro
f3b4f68ecd update(docs): bump CHANGELOG. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-05 14:48:30 +02:00
Federico Di Pierro
7a349a3e87 update(userspace/engine): bump engine version and checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-03 11:12:11 +02:00
FedeDP
0eb0b40c45 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-06-03 11:12:11 +02:00
Federico Di Pierro
9055811d79 fix(userspace/falco): when collecting metrics for stats_writer, create a libs_metrics_collector for each source. 
In case multiple sources are enabled, each source has its own `libs_metrics_collector`
with correct flags, so that it can retrieve all metrics.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-02 10:42:59 +02:00
Federico Di Pierro
2346a397f7 chore(userspace/falco): fix build for non linux minimal builds. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-30 19:05:38 +02:00
Federico Di Pierro
24f92dfdbc fix(userspace/falco): only enable prometheus metrics once all inspectors have been opened. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-30 19:05:38 +02:00
Federico Di Pierro
1d51203c29 update(docs): bumped changelog for release. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-29 11:12:24 +02:00
Federico Di Pierro
a7433e032b chore(userspace/falco): make re2 patterns statically lived. 
Moreover, rename `falco_metrics::` methods to better expose
they return prometheus metrics.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-05-28 09:47:16 +02:00