github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-01 00:52:16 +00:00
Code Issues Projects Releases Wiki Activity
4,840 Commits 119 Branches 172 Tags 104 MiB
db178840d6
Commit Graph

4840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
poiana
db178840d6 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-14 11:28:32 +02:00
Federico Di Pierro
7c3c8eccc4 fix(ci): properly install rpm systemd-rpm-macro package on building packages pipeline. 
Refs #3503: we need it because rpm pre/post install/remove scripts
are evaluated at rpm package building time.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-11 10:49:11 +02:00
Leonardo Grasso
6e717daa95 update(userspace/engine): relax validation for values in exceptions 
Defining `exceptions` with empty `values` is a legitimate use case since the values can be added to another rules file. Even when values are not populated elsewhere, Falco can work without issues; that's the reason why the `values` field is not required. With this change, we avoid emitting useless validation warnings in situations where exceptions are just defined but not actually used because values are not being provided.

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-04-10 18:37:07 +02:00
Luca Guerra
d15cf450fc fix(build): compatibility with newer compilers 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-04-08 16:22:51 +02:00
Luca Guerra
f70b28bfb4 new(falco): add json_include_output_fields_property option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-04-08 16:22:51 +02:00
poiana
ca80e69baa update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-08 16:21:52 +02:00
poiana
d8c6af821d update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-01 12:27:06 +02:00
Federico Di Pierro
258d13a472 fix(build): properly configure a binary_dir falco.yaml. 
It automatically enables container plugin from the binary_dir located one.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-25 11:08:22 +01:00
poiana
6811ce6153 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-03-25 11:08:22 +01:00
Leonardo Grasso
283c645ea6 docs(README.md): cleanups and enhancements 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-03-19 16:49:21 +01:00
FedeDP
d4c211d492 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-03-18 14:24:15 +01:00
Federico Di Pierro
e300109624 update(cmake): bump libs and driver to latest libs master. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-17 13:20:09 +01:00
Federico Di Pierro
0cc18d7617 chore(falco.yaml): improve statement clarity 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-03-17 13:20:09 +01:00
Federico Di Pierro
8843a9ec2b chore(userspace/falco,falco.yaml): enable libs_logger with info severity by default. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-17 13:20:09 +01:00
Federico Di Pierro
7db05e5828 cleanup(falco.yaml): drop verbosity from container plugin init config. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-17 13:20:09 +01:00
dependabot[bot]
99b7215439 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `1d2c6b1` to `371e431`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](1d2c6b1f0b...371e43167e)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-12 14:52:43 +01:00
Federico Di Pierro
c67fadc92b chore(cmake): honor CMAKE_BUILD_TYPE when building cares. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-12 11:41:41 +01:00
FedeDP
028dd4c155 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-03-12 11:41:41 +01:00
Federico Di Pierro
9c84745cde fix(cmake): use CONTAINER_LIBRARY variable instead of custom path. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-27 14:50:32 +01:00
FedeDP
3366f1b40e update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-02-27 14:50:32 +01:00
Federico Di Pierro
9cbfdda21f fix(userspace/falco): when counting -M timeout, make sure that time diff is > 0. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 22:08:28 +01:00
Federico Di Pierro
79bed43862 cleanup(ci): drop test-packages static jobs. 
Container plugin cannot be dynamically loaded on musl build, therefore
some falcosecurity/testing tests are failing on it.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00
Federico Di Pierro
cfc221549a chore(userspace/engine): update engine checksum and version minor. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00
Federico Di Pierro
2752e0d60f chore(ci): cleanup unused fields. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00
Federico Di Pierro
9f1bc7d518 fix(userspace/engine): expand %container.info extra format to empty string. 
Also, remove `container_id container_name` fields from `-pc` output.
These fields are now automatically appended since the `container` plugin
marks them as suggested.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00
Federico Di Pierro
bb13702f0f chore(userspace/falco): drop container_engines config key. 
Also, default falco.yaml will only host container plugin configuration but won't enable the plugin.
Instead, a configuration override file will be installed only on linux non-musl deployments, enabled the plugin.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00
Federico Di Pierro
fafeddaf35 chore(userspace,unit_tests): include thread.h where needed. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00
Federico Di Pierro
1fd8a85b95 fix(userspace/falco): fixed bundled deps build. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00
Federico Di Pierro
a79b3b122c chore(build): install container plugin as part of Falco install target. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00
Federico Di Pierro
66cd160f1d new(cmake,userspace): port Falco to use new container plugin. 
It will be shipped by default hence it is present in default config.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00
dependabot[bot]
0b8979afec chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `d8415c1` to `1d2c6b1`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](d8415c1bc1...1d2c6b1f0b)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-26 11:01:26 +01:00
Leonardo Grasso
542960df6e docs(proposals): correct typo in example 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-02-19 15:20:44 +01:00
Federico Di Pierro
ad99ab514f fix(unit_tests): fixed unit tests after CLI options drop. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-19 14:24:43 +01:00
Federico Di Pierro
4c34457fa3 cleanup(userspace/falco): drop deprecated in 0.40.0 CLI flags. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-19 14:24:43 +01:00
Federico Di Pierro
ef5b45c05a chore(unit_tests): update Configuration.configuration_config_files_cmdline test to avoid future issues. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-13 13:21:10 +01:00
Federico Di Pierro
252eb5cd40 fix(userspace/falco): init cmdline options after loading all config files. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-13 13:21:10 +01:00
Federico Di Pierro
7c8bdf0c9e fix(docker): fixed entrypoints paths with new docker context. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-13 10:04:09 +01:00
Federico Di Pierro
cd81c52dde chore(docker,scripts): moved scripts/falco to config/ folder. 
Updated dockerignore to point to whole config folder.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-12 18:13:06 +01:00
Federico Di Pierro
a5a55fb101 chore(build): add a dockerignore file to ignore everything but docker and scripts/falco folders. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-02-12 18:13:06 +01:00
Federico Di Pierro
050431425f cleanup(scripts): drop unmaintained and useless script. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-12 18:13:06 +01:00
Federico Di Pierro
3d70a2cbd0 new(docker,scripts,ci): use an override config file to enable ISO 8601 output timeformat on docker images. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-12 18:13:06 +01:00
Nguyen Marc
c4081d7a6f fix(cmake): add support for 16K kernel page to jemalloc 
Signed-off-by: Nguyen Marc <nguyen_marc@live.fr>
 2025-02-11 15:40:59 +01:00
Leonardo Di Giovanna
9e2c22804c refactor(falco/app): apply early return pattern in actions code 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-02-10 18:20:53 +01:00
dependabot[bot]
31c94df10e chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `abf6637` to `d8415c1`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](abf6637e0a...d8415c1bc1)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-10 18:18:54 +01:00
Leonardo Di Giovanna
a8db99db5b feat(falco/app): move actions not using config before load_config 
Move actions not requiring config to be loaded before `load_config`
action. This avoid resource waste. Notably, `print_help` is
promoted as first execution action. Moreover, set actions lists to
constant expressions.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-02-10 10:44:52 +01:00
Daniel Bodky
ca0a2a34cf Add NETWAYS Web Services to ADOPTERS.md 
Signed-off-by: Daniel Bodky <daniel.bodky@netways.de>
 2025-02-07 13:13:39 +01:00
Federico Di Pierro
14a8ee0b08 fix(userspace/falco): fix jemalloc enabled in minimal build. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-06 13:30:36 +01:00
Federico Di Pierro
8ea272e7ed chore: add back Falco static package to the release template. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-01-29 10:01:37 +01:00
Federico Di Pierro
c804f6b3a4 chore(docs): updated changelog. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-01-28 15:52:34 +01:00
Aldo Lacuku
867a465e6e update(cmake): bump falcoctl to v0.11.0 
Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
 2025-01-27 13:24:32 +01:00