mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 11:29:26 +00:00
19327e0e85
* Skip incomplete container info for container start In the container_started macro, ensure that the container metadata is complete after either the container event (very unlikely) or after the exec of the first process into the container (very likely now that container metadata fetches are async). When using these rules with older falco versions, this macro will still work as the synchronous container metadata fetch will result in a repository that isn't "incomplete". * Update test traces to have full container info Some test trace files used for regression tests didn't have full container info, and once we started looking for those fields, the tests stopped working. So update the traces, and event counts to match.