Releases: aquasecurity/tracee
Releases ยท aquasecurity/tracee
v0.18.0
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.18.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.18.0
docker pull docker.io/aquasec/tracee:aarch64-0.18.0
What's Changed
- make: set LIBBPFGO_OSRELEASE_FILE default value by @geyslan in #3226
- chore: migrate to golang-lru v2 by @NDStrahilevitz in #3140
- (extensions) probes: create probe group, events: start work by @rafaeldtinoco in #3223
- flags: refactor FilterMap by @yanivagman in #3222
- go.mod: remove types replace by @NDStrahilevitz in #3236
- containers: trim mountpoint from stored paths by @NDStrahilevitz in #3231
- docs: remove old trace subcommand by @geyslan in #3238
- ebpf: pipeline: reduce iteration over policies by @geyslan in #3209
- engine: fix panic on waitgroup by @josedonizetti in #3233
- Update packaging.md for Ubuntu package building by @pimvh in #3243
- ebpf: fix socket_accept event by @NDStrahilevitz in #3240
- fix: fix container edge case in events pipeline by @geyslan in #3253
- tracee: skip golang plugin for static binaries by @josedonizetti in #3244
- Fix typo in Vagrantfile's comment by @64J0 in #3260
- tracee: signatures-dir accept multiple values by @josedonizetti in #3246
- change hooked_syscalls event so users can specify syscalls to check. by @AsafEitani in #3136
- events: hidden_kernel_module changes by @OriGlassman in #3255
- config: extract config structs to its own pkg by @geyslan in #3228
- eBPF control plane signals by @NDStrahilevitz in #3237
- build: remove signing from snapshot by @josedonizetti in #3271
- release: bump release tag to 0.16.0 by @josedonizetti in #3272
- fix: send init events to pipeline by @geyslan in #3270
- thread-safety issues fix by @rafaeldtinoco in #3265
- fix(pkg/events): fix tailcall dependencies race issues by @rafaeldtinoco in #3274
- build: remove release on tag push by @josedonizetti in #3273
- chore: move syscaller to dist by @geyslan in #3269
- fix(tests): fix input paths in parsecmd test by @rafaeldtinoco in #3275
- tracee: add analyze cmd by @josedonizetti in #3101
- policies: rename list fields to be plural by @josedonizetti in #3242
- fix(pkg/counter): finish making counter atomic by @rafaeldtinoco in #3276
- fix: derived event not triggering if base filtered by @josedonizetti in #3280
- enrich: fixes post control plane by @NDStrahilevitz in #3285
- docs: add analyze documentation by @josedonizetti in #3292
- doc: add tutorial to verify tracee signature by @josedonizetti in #3291
- fix: signature event not triggering if base filtered by @josedonizetti in #3281
- pipeline memory efficiency using pool by @geyslan in #3297
- events: update syscall_pathname for security_file_open by @OriGlassman in #3298
- Events and Scope flags by @geyslan in #3262
- pkg/containers: fix deadlock by @josedonizetti in #3311
- [v0.16.0] chore: bump k8s tag to 0.16.1 by @josedonizetti in #3316
- docs: updating link to tracee docs for search results by @AnaisUrlichs in #3317
- feature: remove policy actions by @josedonizetti in #3314
- fix(server): re-enable prometheus counters. by @rafaeldtinoco in #3304
- fix (cgroups): already dead edge case by @NDStrahilevitz in #3325
- docs: updating policies overview by @AnaisUrlichs in #3318
- chore bump 0.16.2 by @josedonizetti in #3331
- feature(k8s): policy k8s compatible by @josedonizetti in #3330
- chore: bump k8s tag to 0.17.0 by @josedonizetti in #3336
- fix(ebpf): size of mntns/pidns filters key holders by @geyslan in #3337
- fix: validate policy names are rfc 1123 by @josedonizetti in #3335
- remove help command, create flags markdown docs by @geyslan in #3321
- fix: data source registration after NewEngine by @NDStrahilevitz in #3342
- fix(build): btfhub's bpftool in alpine container by @geyslan in #3349
- chore(build): add LOGFROM flag to check-pr rule by @geyslan in #3348
- chore(build): change check-pr output format by @geyslan in #3351
- refactor(events): new event definitions (mutable vs immutable data) by @rafaeldtinoco in #3340
- fix(filter): remove unneeded workaround by @rafaeldtinoco in #3352
- events: adjust hidden kernel module event to v6.4 by @OriGlassman in #3360
- fix(config): loading config file by @josedonizetti in #3370
- Update the URL as the old one did not lead to the grafana tutorial anโฆ by @AnaisUrlichs in #3371
- chore(docs): add note for quote yaml value by @geyslan in #3367
- chore: bump k8s tags to 0.17.1 by @josedonizetti in #3374
- bugfix(capture): remove CONFIG_KALLSYMS_ALL dependency by @AlonZivony in #3381
- docs: additional resources for the docs by @AnaisUrlichs in #3379
- feat: add tracee rpc service by @josedonizetti in #3389
- feat: add loggers atomic level by @josedonizetti in #3391
- Add grpc server by @josedonizetti in #3390
--help
flag parsing by @geyslan in #3393- feat: add diagnostic rpc by @josedonizetti in #3395
- Add grpc diagnostic by @josedonizetti in #3394
- fix: k8s policies tutorial by @josedonizetti in #3373
- chore(flags): change scope/event flag parsers by @geyslan in #3343
- fix: log level should match zap log priority by @josedonizetti in #3409
- fix: ignore error for cgroups that doesn't exist by @josedonizetti in #3410
- refactor: getStackAddresses doesn't return an err by @josedonizetti in #3414
- chore(revive): mitigate redundant warning by @rafaeldtinoco in #3417
- fix: committing typo by @testwill in #3418
- feature(types): add task identifier by @rafaeldtinoco in #3425
- fix(flags): use scope flag parser for policy by @geyslan in #3429
- fix: capture of writev by @roikol in #3413
- fix: fix section name for vfs_readv by @AlonZivony in #3421
- feat: filter file capture by ELF type by @AlonZivony in #3361
- docs: modifying readme by @AnaisUrlichs in #3378
- Fix(capture): fix verifier issue with elf capture by @AlonZivony in #3433
- fix: print_mem_dump fails on missing symbol by @NDStrahilevitz in #3384
- Revert "fix: print_mem_dump fails on missing symbol (#3384)" by @AlonZivony in #3436
- fix(definitions): ksymbols dependencies handled wrongly by @rafaeldtinoco in #3443
- feat: add streams by @josedonizetti in https://github.com/aquasecurity/tracee...
v0.17.1
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.17.1
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.17.1
docker pull docker.io/aquasec/tracee:aarch64-0.17.1
v0.17.0
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.17.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.17.0
docker pull docker.io/aquasec/tracee:aarch64-0.17.0
v0.16.2
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.16.2
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.16.2
docker pull docker.io/aquasec/tracee:aarch64-0.16.2
What's Changed
- [v0.16.0] backport: dead cgroups fix by @NDStrahilevitz in #3326
Full Changelog: v0.16.1...v0.16.2
v0.16.1
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.16.1
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.16.1
docker pull docker.io/aquasec/tracee:aarch64-0.16.1
What's Changed
- pkg/containers: fix deadlock @josedonizetti in #3311
v0.16.0
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.16.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.16.0
docker pull docker.io/aquasec/tracee:aarch64-0.16.0
What's Changed
- make: set LIBBPFGO_OSRELEASE_FILE default value by @geyslan in #3226
- chore: migrate to golang-lru v2 by @NDStrahilevitz in #3140
- (extensions) probes: create probe group, events: start work by @rafaeldtinoco in #3223
- flags: refactor FilterMap by @yanivagman in #3222
- go.mod: remove types replace by @NDStrahilevitz in #3236
- containers: trim mountpoint from stored paths by @NDStrahilevitz in #3231
- docs: remove old trace subcommand by @geyslan in #3238
- ebpf: pipeline: reduce iteration over policies by @geyslan in #3209
- engine: fix panic on waitgroup by @josedonizetti in #3233
- Update packaging.md for Ubuntu package building by @pimvh in #3243
- ebpf: fix socket_accept event by @NDStrahilevitz in #3240
- fix: fix container edge case in events pipeline by @geyslan in #3253
- tracee: skip golang plugin for static binaries by @josedonizetti in #3244
- Fix typo in Vagrantfile's comment by @64J0 in #3260
- tracee: signatures-dir accept multiple values by @josedonizetti in #3246
- change hooked_syscalls event so users can specify syscalls to check. by @AsafEitani in #3136
- events: hidden_kernel_module changes by @OriGlassman in #3255
- config: extract config structs to its own pkg by @geyslan in #3228
- eBPF control plane signals by @NDStrahilevitz in #3237
- build: remove signing from snapshot by @josedonizetti in #3271
- release: bump release tag to 0.16.0 by @josedonizetti in #3272
- fix: send init events to pipeline by @geyslan in #3270
- thread-safety issues fix by @rafaeldtinoco in #3265
- fix(pkg/events): fix tailcall dependencies race issues by @rafaeldtinoco in #3274
- build: remove release on tag push by @josedonizetti in #3273
- chore: move syscaller to dist by @geyslan in #3269
- fix(tests): fix input paths in parsecmd test by @rafaeldtinoco in #3275
- tracee: add analyze cmd by @josedonizetti in #3101
- policies: rename list fields to be plural by @josedonizetti in #3242
- [v0.16.0] fix(pkg/counter): finish making counter atomic (#3276) by @rafaeldtinoco in #3284
- [v0.16.0] fix: derived event not triggering if base filtered by @josedonizetti in #3287
- [v0.16.0] fix: enrich post control plane (#3285) by @NDStrahilevitz in #3289
New Contributors
Full Changelog: v0.15.1...v0.16.0
v0.15.1
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.15.1
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.15.1
docker pull docker.io/aquasec/tracee:aarch64-0.15.1
What's Changed
- workflow: fix cosign signing by @josedonizetti in #3212
- make integration tests more robust by @geyslan in #2688
- tests: fix event MatchedPoliciesUser check by @geyslan in #3220
- vagrant: clean up/fix provisioning script by @geyslan in #3216
- Create SECURITY.md by @itaysk in #3221
- ebpf: fix mem_prot_alert anonymous file info by @AlonZivony in #3225
- makefile: add check-pr rule by @geyslan in #3215
- tracee: fix panic when ctrl-c after the boot by @josedonizetti in #3188
- k8s: bump release tag to 0.15.1 by @josedonizetti in #3232
Full Changelog: v0.15.0...v0.15.1
v0.15.0
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.15.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.15.0
docker pull docker.io/aquasec/tracee:aarch64-0.15.0
What's Changed
- workflow: add cosign to release snapshot by @josedonizetti in #3102
- workflow: add cosign to release snapshot by @josedonizetti in #3104
- workflow: ignore cosign prompt by @josedonizetti in #3105
- workflow: sign aquasec/tracee:x86_64-dev by @josedonizetti in #3106
- k8s: enrichment enabled by default by @josedonizetti in #3096
- docs: remove classic-docs by @josedonizetti in #3099
- workflow: sign release images by @josedonizetti in #3107
- refactor: add broadcast printer by @josedonizetti in #3090
- k8s: remove postee denpedency by @josedonizetti in #3089
- policies: fix args filtering by @josedonizetti in #3115
- tracee: add ready callback by @josedonizetti in #3117
- Add k8s configmap by @josedonizetti in #3091
- fix: file_modification not triggered in newer kernels by @roikol in #3127
- docs: fix mkdocs by @josedonizetti in #3131
- k8s: add readiness probe by @josedonizetti in #3128
- refactor: move PolicyFile to policy pkg by @josedonizetti in #3125
- k8s: add default signatures policy by @josedonizetti in #3130
- k8s: fix helm installation by @josedonizetti in #3134
- k8s: fix k8s installation docs by @josedonizetti in #3139
- k8s: add helm test workflow by @josedonizetti in #3138
- types: add DataSource type for signatures by @rafaeldtinoco in #3141
- 3026 rebased by @rafaeldtinoco in #3142
- ebpf: create function prototypes in all headers by @rafaeldtinoco in #3133
- policy: fix validation of args and retval by @josedonizetti in #3144
- logger: flags: add filter and filter-out by @geyslan in #3137
- docs: examples: place examples files by kind by @geyslan in #3146
- Add policy printer by @josedonizetti in #3126
- bpf attach raw tracepoint support (rebase of #3060) by @rafaeldtinoco in #3148
- Feature/capture read by @AlonZivony in #2356
- events: improve hidden_kernel_module by @OriGlassman in #3001
- types: add ContainerID field back by @NDStrahilevitz in #3155
- chore: restore old ContainerID field by @NDStrahilevitz in #3154
- bpf: fix int truncation in address holder by @geyslan in #3159
- docs: add data sources by @NDStrahilevitz in #3164
- ebpf: events: set policies for init events by @geyslan in #3162
- policy: add not-equal operator parsing by @geyslan in #3168
- printer: fix policy printer by @josedonizetti in #3149
- docs: update docs for bpf_attach event by @roikol in #3178
- docs: add read capture and new filters docs by @AlonZivony in #3157
- Fix docs by @josedonizetti in #3175
- policy: actions printers configured with -output by @josedonizetti in #3176
- events: fix hidden_kernel_module trigger time by @OriGlassman in #3189
- tracee: clean up untraced signatures by @NDStrahilevitz in #3193
- Revert "tracee: clean up untraced signatures" by @josedonizetti in #3194
- policy: fix output options by @josedonizetti in #3192
- tracee: fix output configuration via configfile by @josedonizetti in #3187
- types: change Event fields by @geyslan in #3196
- ebpf: Pipeline and BPF Network policy matching by @geyslan in #3183
- ebpf: bitwise should_submit_net_event return by @geyslan in #3198
- Fix path check multiple pids by @josedonizetti in #3205
- k8s: bump release tag to 0.15.0 by @josedonizetti in #3204
- workflow: fix contents permissions by @josedonizetti in #3206
Full Changelog: v0.14.2...v0.15.0
v0.14.2
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.14.2
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.14.2
docker pull docker.io/aquasec/tracee:aarch64-0.14.2
What's Changed
- release: fix arm64 release file by @rafaeldtinoco in #3084
- release: fix arm64 releasing workflow by @rafaeldtinoco in #3085
- build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible by @dependabot in #3094
- btfhub: fix tracee container image with btfhub by @rafaeldtinoco in #3095
- btfhub: extract embedded BTF file correctly by @rafaeldtinoco in #3097
- Fix logger by @josedonizetti in #3092
Full Changelog: v0.14.1...v0.14.2
v0.14.1
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.14.1
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.14.1
docker pull docker.io/aquasec/tracee:aarch64-0.14.1
What's Changed (Bug Fix Release)
- feat: support running tracee from pid ns by @roikol in #3037
- libbpfgo: trim suffix newline from libbpf message by @geyslan in #3038
- cli: don't sort flags in help/usage messages by @yanivagman in #3042
- cmd: log only after tracee.Run() by @geyslan in #3048
- ebpf: use new libbpf syscall macros by @yanivagman in #3040
- workflow: move workflows to aqua infrastructure by @rafaeldtinoco in #3056
- tracee: move metrics register to tracee by @NDStrahilevitz in #3049
- cmd: cobra: fix parsing for multiple values by @geyslan in #3058
- add pid to memory capture and change the timestamp to epoch or relative by @AsafEitani in #3047
- v0.14.1 dependencies updates (security, ...) and an urfave quick fix by @rafaeldtinoco in #3067
- fix deadlocks triggered by cancelled ctx by @geyslan in #3059
- change mem_prot_alert alert from W+E to W by @AsafEitani in #3073
- change mem_prot_alert to detect W to E instead W+E to E. by @AsafEitani in #3062
- make print_mem_dump reprint on kernel module load by @AsafEitani in #3072
- fix for kernels v6.3 and mitigation for tracee.pid in tests by @rafaeldtinoco in #3076
- remove pid file on exit by @geyslan in #3075
- Bump libbpfgo to v0.4.8.1-libbpf-1.2.0 by @geyslan in #3080
- fix: correct list of bpf helpers by @roikol in #3064
- tracee: warn only if pidfile removal fails by @rafaeldtinoco in #3081
Full Changelog: v0.14.0...v0.14.1