github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-27 23:27:20 +00:00
Code Issues Projects Releases Wiki Activity
4,866 Commits 121 Branches 172 Tags 104 MiB
f4f7ccf777
Commit Graph

4866 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
poiana
f4f7ccf777 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-12 12:01:22 +02:00
Luca Guerra
ae28be023e cleanup(engine): update docs for rule_files and -r option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-12 10:58:22 +02:00
Luca Guerra
28e7050f0f cleanup(engine): remove unreachable function engine::read_file 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-12 10:58:22 +02:00
Luca Guerra
910788850a cleanup(engine): only consider .yaml/.yml rule files 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-12 10:58:22 +02:00
Federico Di Pierro
a41e3df45d update(userspace/engine): bump engine checksum and version. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 15:03:44 +02:00
FedeDP
06c4133b90 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-06 15:03:44 +02:00
Kunal Singh
61d9383e8f using vet github url 
Signed-off-by: Kunal Singh <kunalsin9h@gmail.com>
 2025-05-06 15:02:45 +02:00
Kunal Singh
60d6368c08 Added SafeDep as Adopter. 
Signed-off-by: Kunal Singh <kunalsin9h@gmail.com>
 2025-05-06 15:02:45 +02:00
Federico Di Pierro
ff288f70b3 chore(userspace/falco): rework a bit -p cli option help message. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
Federico Di Pierro
fb292e6fbb fix(unit_tests): fixed extra format unit tests. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
Federico Di Pierro
6e4b7663ca cleanup(userspace/engine,userspace/falco): drop replace_container_info flag. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
Federico Di Pierro
0326210f49 cleanup(userspace/falco): deprecate -p option. 
Also, `-pc` and `-pk` won't do anything now.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
Federico Di Pierro
11f6fc5d14 cleanup(userspace/engine): deprecated %container.info. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
poiana
7badc31cb1 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-05 12:02:39 +02:00
FedeDP
11c7e23569 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-30 10:05:09 +02:00
Federico Di Pierro
08a00609a1 new(userspace,unit_tests): port merge-strategy to be a yaml map. 
Merge-strategy for included config files must now be
specified as yaml map of the form:
- path: foo
  strategy: bar

If `strategy` is omitted, or the old `string-only` form is used,
`append` strategy is enforced.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 16:17:06 +02:00
Federico Di Pierro
630167d9ad new(userspace,unit_tests)!: add a way to specify merge-strategy for config_files. 
By default we now use the `append` merge-strategy:
* existing sequence keys will be appended
* existing scalar keys will be overridden
* non-existing keys will be added

We also have an `override` merge-strategy:
* existing keys will be overridden
* non-existing keys will be added

Finally, there is an `add-only` merge-strategy:
* existing keys will be ignored
* non-existing keys will be added

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 16:17:06 +02:00
Federico Di Pierro
80d52963d6 fix(userspace): fixed engine openssl dep. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 13:50:04 +02:00
benierc
835ac52f4f Update userspace/falco/config_json_schema.h 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: benierc <clement.benier@iot.bzh>
 2025-04-29 11:52:05 +02:00
benierc
543734af3c Apply suggestions from code review 
Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
Signed-off-by: benierc <clement.benier@iot.bzh>
 2025-04-29 11:52:05 +02:00
Clément Bénier
186614dff4 fix(userspace/falco): fix outputs_http timeout 
libcurl timeout prevent to send alert through http
keep trying to send the alert

Signed-off-by: Clément Bénier <clement.benier@iot.bzh>
 2025-04-29 11:52:05 +02:00
Federico Di Pierro
52127d4c8a update(userspace/engine): bump engine checksum and version. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 09:48:03 +02:00
poiana
04c1a11136 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-29 09:48:03 +02:00
Federico Di Pierro
68465f6f2e fix(ci): use clang-19 to build modern_ebpf skeleton. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-23 16:36:26 +02:00
FedeDP
18f99582da update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-15 17:06:41 +02:00
Federico Di Pierro
e8a6f72bc9 chore(ci): install systemd rpm macros from centos9. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-14 11:28:32 +02:00
poiana
db178840d6 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-14 11:28:32 +02:00
Federico Di Pierro
7c3c8eccc4 fix(ci): properly install rpm systemd-rpm-macro package on building packages pipeline. 
Refs #3503: we need it because rpm pre/post install/remove scripts
are evaluated at rpm package building time.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-11 10:49:11 +02:00
Leonardo Grasso
6e717daa95 update(userspace/engine): relax validation for values in exceptions 
Defining `exceptions` with empty `values` is a legitimate use case since the values can be added to another rules file. Even when values are not populated elsewhere, Falco can work without issues; that's the reason why the `values` field is not required. With this change, we avoid emitting useless validation warnings in situations where exceptions are just defined but not actually used because values are not being provided.

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-04-10 18:37:07 +02:00
Luca Guerra
d15cf450fc fix(build): compatibility with newer compilers 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-04-08 16:22:51 +02:00
Luca Guerra
f70b28bfb4 new(falco): add json_include_output_fields_property option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-04-08 16:22:51 +02:00
poiana
ca80e69baa update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-08 16:21:52 +02:00
poiana
d8c6af821d update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-01 12:27:06 +02:00
Federico Di Pierro
258d13a472 fix(build): properly configure a binary_dir falco.yaml. 
It automatically enables container plugin from the binary_dir located one.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-25 11:08:22 +01:00
poiana
6811ce6153 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-03-25 11:08:22 +01:00
Leonardo Grasso
283c645ea6 docs(README.md): cleanups and enhancements 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-03-19 16:49:21 +01:00
FedeDP
d4c211d492 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-03-18 14:24:15 +01:00
Federico Di Pierro
e300109624 update(cmake): bump libs and driver to latest libs master. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-17 13:20:09 +01:00
Federico Di Pierro
0cc18d7617 chore(falco.yaml): improve statement clarity 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-03-17 13:20:09 +01:00
Federico Di Pierro
8843a9ec2b chore(userspace/falco,falco.yaml): enable libs_logger with info severity by default. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-17 13:20:09 +01:00
Federico Di Pierro
7db05e5828 cleanup(falco.yaml): drop verbosity from container plugin init config. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-17 13:20:09 +01:00
dependabot[bot]
99b7215439 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `1d2c6b1` to `371e431`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](1d2c6b1f0b...371e43167e)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-12 14:52:43 +01:00
Federico Di Pierro
c67fadc92b chore(cmake): honor CMAKE_BUILD_TYPE when building cares. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-12 11:41:41 +01:00
FedeDP
028dd4c155 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-03-12 11:41:41 +01:00
Federico Di Pierro
9c84745cde fix(cmake): use CONTAINER_LIBRARY variable instead of custom path. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-27 14:50:32 +01:00
FedeDP
3366f1b40e update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-02-27 14:50:32 +01:00
Federico Di Pierro
9cbfdda21f fix(userspace/falco): when counting -M timeout, make sure that time diff is > 0. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 22:08:28 +01:00
Federico Di Pierro
79bed43862 cleanup(ci): drop test-packages static jobs. 
Container plugin cannot be dynamically loaded on musl build, therefore
some falcosecurity/testing tests are failing on it.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00
Federico Di Pierro
cfc221549a chore(userspace/engine): update engine checksum and version minor. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00
Federico Di Pierro
2752e0d60f chore(ci): cleanup unused fields. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00