mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 11:29:26 +00:00
Instead of using container.image, that always reports the raw string used to spawn the container, switch to the more reliable container.image.{repository,tag}, since they are guaranteed to report the actual repository/tag of the container image. This also give a little performance improvement since a single 'in' predicate can now be used instead of a sequence of startswith.