Releases: aquasecurity/tracee
v0.6.5
Changelog
2bdb16e fix help on output flags (#1205)
8f7c296 add type of stdin in sched_process_exec (#1214)
e1352f8 get file types from inode struct instead of file_operations (#1213)
83155b2 tracee-ebpf: fix pid 0 with CO-RE
9ab89fa chore: install docker in the Vagrant vm (#1197)
d9cfba2 tracee-ebpf: turn CO-RE v4.18 and beyond compatible
e22f05b tracee-ebpf: comments for co-re type flavors
fd5a64b tracee-ebpf: fix kernfs_node CORE access in RHEL8
d2a942d wait for tracee-ebpf to load
15deef4 support writing to existing files
3354b32 move readiness file out of library to main
6f3ceee docs: Re-add section for MacOS (#1194)
7e2186f add ctime to security_file_open and fix variable type (#1167)
060b554 Checking /proc/sys/kernel/ftrace_enabled (#1152)
7f9c2dc fix reading sockaddr_in struct
7a6c1af tracee-ebpf: keep deleted containers
bbc98ed tracee-ebpf: reformat fixes
1b52e96 tracee-ebpf: reformat suggestions for better readability
0c87b72 tracee-ebpf: remove unneeded asm_inline clang mitigation
7474fcc Upgrade dependencies (#1176)
ea58aba tracee-ebpf: rename co-re headers
e9b0ed6 Fix linux headers broken link in readme
74ad130 tracee-ebpf: single vmlinux header file for CO-RE
3bedc4f tracee-ebpf: remove unused VM_LINUX_H from Makefile
c1ff3f6 tracee-ebpf: clean up unused task_struct fields
c5c96c3 tracee-ebpf: get rid of BPF_NO_PRESERVE_ACCESS_INDEX ifdefs
2c2b008 tracee-ebpf: fix CO-RE sk_protocol access in 5.6 kernels
5e9ead9 vmlinux: introduce vmlinux-flavored.h to contain flavored types
d23987b tracee-ebpf: CO-RE shouldn't rely in LINUX_VERSION_CODE
a2703cf vmlinux: unify x86_64 and arm64 vmlinux CO-RE header files
0b4c9a3 vmlinux.h: remove full vmlinux.h files
439943c vmlinux: create vmlinux-core.h for arm64 builds
2a5eceb vmlinux: introduce vmlinux-core for x86_64
c82f547 makefile: fix ordering of -Wno-* flags
dbbd970 fix: use alpine:3.15 as base image to build tracee (#1173)
a38f518 docs: use mkdocs macros plugin to specify version of tracee release artifacts (#1164)
e9a2527 docs: update mkdocs version dependency (#1168)
729fe32 docs: add git_semver variable to mkdocs (#1166)
0893a08 fix: install the tini package in the tracee:slim container image (#1162)
9962191 refactor: tests for Go signatures (#1128)
c75bd90 docs: fix formatting on eBPF Compilation page (#1163)
1cb78ec docs: add cgroupns=host docker option
ea71755 tracee-ebpf: filter containers using cgroup id
5198ee0 fix wrong type assertion (#1153)
d421bb9 tracee-ebpf: use cgroup id for container id resolution (#1130)
90ed35e tracee-ebpf: don't parse pointers when parse-arguments is chosen
11915a6 tracee-ebpf: introduce MemProtAlert type in external package
a22531c add READ_USER (#1147)
7df0e9b fix: using exec-hash instead of exec-info (#1144)
Docker images
docker pull docker.io/aquasec/tracee:latest
docker pull docker.io/aquasec/tracee:0.6.5
docker pull docker.io/aquasec/tracee:slim
docker pull docker.io/aquasec/tracee:slim-0.6.5
v0.6.4
Changelog
f4788a5 tracee-ebpf: fix events sent in parallel to raw_sys_exit event
71f8ff2 use plain addr argument (#1141)
df364f3 add user namespace to slim_cred struct (#1137)
cd63e86 adding ctime to sched-process-exec event. Resolves: #1075
611c200 Update Readme.md (#1078)
dc6f3af Add option for raw arguments from various event flags (#1123)
95aa7af tracee.bpf: fix READ_KERN incompat ptr type discards
6d90e79 tracee-ebpf: fix arm64 build
74a14b5 test: even params formatter (#1100)
c999952 docs: fix formatting on prerequisites page (#1126)
a67b8cc init_module capture (#1122)
0fb7fca deploy: update postee manifest with tolerations and resource limits (#1060)
4389a4a add socket_dup (#1064)
25990c6 add security_kernel_post_read_file and capture kernel modules (#1080)
7b98707 add more process names to allowlist (#1118)
7ab6bf6 add cgroup release_agent modification signature (#1116)
cd216b8 removing '--security-alerts' flag. Resolves: #1106
409becc Only remove a process from the process tree filter map if it's a tgid (#1079)
340d04f tracee-ebpf: CO-RE: add GET_FIELD_ADDR macro
09476a0 tracee-ebpf: read exec arguments without a loop
f943d7f feat: Refactor clang version check and fix a panic (#1097)
cf3b4cc feat: Add tests for checkRequiredCapabilities() (#1088)
b029d07 Fix tracee-ebpf compilation on RHEL-likes (#1052)
020949d feat: Update tracee-rules base image to golang:1.17-buster (#1082)
aa6fa83 Add more tests for prepareCapture (#1087)
719d6ae tracee-ebpf: fix verifier issue on kernel 4.19
f878b19 Revert "tracee-ebpf: fix switch_task_ns verifier issue"
a8bca3e tracee-ebpf: use syscall_data_map to detect syscall
dee2e5e tracee-ebpf: fix switch_task_ns verifier issue
766ec87 tracee-ebpf: simplify syscall data saving
7e671f2 tracee-ebpf: fix commit_creds verifier issue
0b0ac4f Add etcd to exempted process list
cc7f8f0 fix type of security_kernel_read_file event
Docker images
docker pull docker.io/aquasec/tracee:latest
docker pull docker.io/aquasec/tracee:0.6.4
docker pull docker.io/aquasec/tracee:slim
docker pull docker.io/aquasec/tracee:slim-0.6.4
v0.6.3
Changelog
7a46f53 feat: Add list-events flag for listing events (#1071)
4262182 chore: adding to mkdocs missing links (#1070)
203a91f tracee-ebpf: simplify code
e942ffa tracee-ebpf: save correct argnum automatically
8ce15c8 tracee-ebpf: use event_data for buffer offset
79c28b2 fix missing decleration
48654aa fix sockaddr struct overflow and change error message
a9f774b Parse the version from module tags (#1062)
Docker images
docker pull docker.io/aquasec/tracee:latest
docker pull docker.io/aquasec/tracee:0.6.3
docker pull docker.io/aquasec/tracee:slim
docker pull docker.io/aquasec/tracee:slim-0.6.3
v0.6.2
Changelog
6b927a6 Revert: Disable WASM target (#1057)
c45a719 Add documentation for undocumented output options (#1056)
e6ecb4e Document new tracee-rules signatures (#1055)
97ac6ec Tracee end-to-end tests (#1033)
32c3e1c add postee in kubernetes install
9ffecdb tracee-ebpf: init event data once
fac8552 add footer to readme (#1050)
2276d7a Individual module git tags (#1034)
4382fd8 Add execution information flags to tracee-ebpf (#1041)
7e32ea7 chore(deploy): Add tolerations to K8s deployment descriptor (#1040)
72972b0 Improve error message of being unable to find kernel headers (#1046)
fccbca3 add bunch of k8s related signatures (#1031)
c8b18f5 fix(tracee-rules): Ignore order of elements in engine_test.go (#1042)
396ed0e tracee-ebpf: add exit code to sched_process_exit
968b07f tracee-ebpf: always delete from maps on exit
bbc6c44 tracee-ebpf: update exec maps in sched_process_exec
90eebe9 tracee-ebpf: remove save_args_from_regs
939e418 tracee-ebpf: init context once
97f87c1 tracee-ebpf: add support for unix socket in security_socket_* funcs
a23f325 tracee-ebpf: simplify saving to buf (#1016)
e55abba improve kubernetes docs (#1028)
e9c0165 tracee-rules: Upgrade external package dependency (#1024)
f010325 tracee-rules: Bump up github.com/open-policy-agent/opa from v0.32.0 to v0.32.1 (#1025)
86de9c5 Set TINI_SUBREAPER env variable in dockerfile (#1021)
07969fa tracee-rules: Remove duplicated code for testing Rego signatures (#1020)
91dc323 tracee-ebpf: remove events pipeline (#1018)
71f266e chore: Add Vagrantfile to easily get started with tracee (#1017)
08cab83 tracee-ebpf: don't send argument type
1629071 tracee-rules: Allow compiling and evaluating all Rego signatures at once (#1015)
d685991 tracee-ebpf: show pathname on execve failed event
43581a4 Created new set of events IDs for user-mode events (#1013)
832d64a parse security_bpf cmd arg
41020e5 tracee-rules(test): rewrite tests for RegoSignature (#1007)
c3f9b36 tracee-ebpf: use argument index instead of tags
de793fe update docs
8856e75 Fix misspelled warning messages
d17a715 kconfig: only show non-fatal errors if debug flag is set
9d0792f libbpfgo: bump to 64a32fa because of helpers/kernel_config
11f1614 tracee/consts: CUSTOM_OPTION_START rename
6052623 docs/tracee-ebpf/override-os-needed-files: os files overrides
d285528 tracee: deal with possible kconfig option index error
8fee4eb add argument 'type' to security_kernel_read_file event (#998)
4904506 tracee-ebpf: move filters logic to a new file
b721b7d Fixed inconsistency in processes containerID value between startup and runtime
0ada16e tracee-ebpf: add sched_switch event
11e8451 Check os-release file for rhel or centos string (#1001)
cd26d25 Fix readlink
with relative softlinks
b608d60 feat: Add flag for Rego Target runtime (#980)
dcc153e change install/prerequisites relative path (#997)
65238c4 tracee-rules: add flag for partial evaluation (#979)
b475949 feat: Add flag for prepared events (#984)
ce65764 Add replace directive back (#992)
Docker images
docker pull docker.io/aquasec/tracee:latest
docker pull docker.io/aquasec/tracee:0.6.2
docker pull docker.io/aquasec/tracee:slim
docker pull docker.io/aquasec/tracee:slim-0.6.2
v0.6.1
Changelog
bcf7153 helpers/btfinfo: renamed to osinfo and improved, syncing (#981)
dfdb5d6 tracee-ebpf: move prepare_args() to argprinters file
e2f9f1b tracee-ebpf: add sched_process_exec to default set
b55da80 Use filepath.WalkDir()
to scan for signatures (#901)
90b7530 fix json unmarshaling nil
f9b4394 tracee-rules: add GetSelectedEvents
aad4c95 tracee-ebpf: fix process tree disabled
9d588c9 Implement process tree filter (#927)
e438abe Feature/fetch system info (#945)
7910a97 feat: Bump OPA to v0.32.0 (#978)
d4cdac0 tracee: move MissingKernelConfigOptions to libbpfgo helper
1aac441 tracee-ebpf: update to latestl libbpfgo due to kconfig changes
dd77f56 tracee-ebpf: fix sched_process_fork arg names
dcb26c2 add mknod lsm hooks (#970)
c02ae01 tracee-ebpf: simplify events pipeline
f184b9e handle param type int[2] (#969)
a4bac29 tracee-ebpf: mitigate deadcode optimization issue for 5.4 and less
b4181ca tracee-ebpf: linting: spellcheck, empty chars & statements
3f412c5 tracee-ebpf: fix sched_process_exec argument types
0177dae tracee-ebpf: add capture profile documentation
7f98f9b fix incorrect cli flags in docs example
5c85d2a tracee-ebpf: don't send stats in done channel
c81d975 fix unmarshaling of string arrays
c261897 tracee-ebpf: fix build error after libbpfgo linting fixes
5cfba33 tracee-ebpf: move printer to main package
1514fb5 tracee-ebpf: fix network capture with latest libbpf
4584f75 tracee-ebpf: add static build support for portability
b0eba9e tracee-ebpf: use replace for the external package (#949)
a3c2d51 tracee-rules: update dependency Masterminds/sprig (#938)
b644fe8 tracee-rules: refactor non used code (#939)
61dfcd8 tracee-ebpf: add stats to external
fef7e8a tracee-ebpf: support network capture from multiple interfaces
c1ce717 tracee-ebpf: remove gob printer errEnc
5627299 tracee-ebpf: fix error printing to be always text
05daef9 tracee-ebpf: fix gob test (#941)
ce2b75e tracee-ebpf: restructure and split files
5a0eb2d tracee-ebpf: improve Containers object
5032dc4 tracee.go: initialize pid_to_cont_id_map during startup
e176bdc tracee: support external BTF files
7380f08 tracee-ebpf: update to libbpfgo with initial btfinfo
b700761 tracee-ebpf: Change libbpfgo map methods to new prototype
ed0f4a2 tracee-ebpf: update libbpf to sync with libbpfgo
25ffccd tracee-ebpf: update to libbpfgo v0.2.0-libbpf_0.4.0
5ae1610 tracee-ebpf: add syscall_nr to security_file_open
a3e048b tracee-ebpf: fix get syscall id from regs
3baa952 tracee-ebpf: fix regression - program too large in kernel 4.19
8a43404 tracee-rules: fix rego signature loading
cbc56c9 add flags support for make test (#879)
329154e tracee-ebpf: add --output ignore (#882)
4ad02de tracee-ebpf: print help for invalid arguments
2bae871 tracee-ebpf: remove '--capture all'
8462b71 tracee-ebpf: don't filter security_file_open for open/openat
9cd6bb5 tracee-ebpf: don't send zero-sized chunks
e277be2 tracee-ebpf: simplify save_xxx_to_buf logic
ceece80 tracee-rules: improve error logging
0770dc4 add close on fileread finish
ad2596a remove unneeded var
1bc09c3 change invoked_from_kernel detection method
fb605fe Fix CO:RE support for RHEL and RHEL derivatives
cb836e1 fix rule name partially cropped in error message (#867)
82a1289 tracee-ebpf: add support to custom rego helpers
147f6de tracee-ebpf: fix capabilities minimum requirements
9f917a1 tracee-ebpf: turn MAX_PATH_COMPONENTS down to 48 (#889)
282bcbd tracee-ebpf: fix help flag to print to stdout
26a9eb2 tracee: add tini tracee docker image (#883)
aee7e8f tracee-ebpf: add output validate test (#881)
76a932f tracee-rules: enable pprof endpoints (#860)
3bca7ea tracee-ebpf: improve argprinters test coverage (#877)
f641d42 tracee-rules: fix minimum requirements link
5ce9ff4 tracee-ebpf: refactor to avoid two strings.Split (#859)
4c99a2a Change quickstart one liner to just make note of mounting config
Docker images
docker pull docker.io/aquasec/tracee:latest
docker pull docker.io/aquasec/tracee:0.6.1
docker pull docker.io/aquasec/tracee:slim
docker pull docker.io/aquasec/tracee:slim-0.6.1
v0.6.0
Release highlights and discussion
Changelog
703a7a9 add security_kernel_read_file lsm hook (#869)
c40c82c Update docs to be more targeted at users, rather than developers (#870)
238cc6e Update docs to take into account CO:RE default (#868)
fa7feae use tcp_connect kprobe to get tcp handshake packets (#861)
6df0969 Feature/event origin signature filter (#856)
c27e914 add lsm hooks to event sets (#863)
4c78ac3 tracee-ebpf: security_sb_mount: send exact argnum
5c84d60 tracee-ebpf: add SIGTERM support (#858)
2d2845f tracee-rules: evaluate parsed input with OPA (#829)
de4f865 tracee-ebpf: extend magic_write bytes (#853)
8684eea tracee-ebpf: fix 4th syscall param value
7aa2964 tracee-ebpf: add inode and dev to magic_write event
6a58448 tracee-ebpf: update external module
bbe411a tracee-ebpf: update timestamp in external func ToUnstructured()
f17c1d1 tracee-ebpf: Adjust MAX_PATH_COMPONENTS limit for kernels >= 5.2
4d0b1c8 tracee-ebpf: add epoch timestamp
443955e feat: Add ToUnstructured method to Event (#830)
bb6be11 tracee-ebpf: fix core compilation warnings (#838)
2991701 Add embed directive to embed the compiled CORE bpf object into go binary (#818)
f5240ae tracee-ebpf: fix print of preamble and epilogue
6da6c9f tracee-ebpf: add capture network to docs
8c463c7 tracee-ebpf: add network debug events and context
6516b25 tracee-ebpf: capture network activity
3a25e74 tracee-ebpf: add args and env to sched_process_exec event
4276fba skip printing out if library mode
247ffc9 fix panic due to slice outbound
a291eae Replace external package with go module (#824)
59acd66 add external package as a module
b3b7346 tracee-ebpf: fix incomplete path (#812)
2df1177 fix go rules requirement
4575262 fix help message
faa5614 Update tracee logo (#809)
ad3b86b tracee-ebpf: record context timestamp at sys_enter
8d69f42 test: Describe benchmarks for tracee-rules
31f21b8 adding Close API to signature interface adding Load/UnloadSignature functions to tracee-rules Engine
1fbc090 tracee-ebpf: improve output flag help
b8937fd tracee-ebpf: fix container id issues
c827ae0 fix(benchmark): Unprotected global variable processMemFileRegexp in golang.codeInjection.Init()
ef95ded fix(benchmark): Use uniquely identifiable sigs in BenchmarkEngineWithNSignatures
5fc8a52 fix: Unsynchronized send and close operations on signature channels
f773f88 fix bugs that caused panic when tracee API used from third party app
662a668 test: Add wasm target to tracee-rules benchmarks (#790)
ae07c82 Adding exportable channel into Config struct. In this way a third party entity can read from the channel without any dependencies with the tracee printers.
ef8d4ee fix clean target
05c11bf test: Benchmark rules engine based on number of signatures (#792)
741e7bb fix broken link (#791)
acf1752 test: Benchmark tracee-rules (#785)
06851ee tracee-ebpf: fix compilation on ubuntu
4bf8ca6 Add initial CO:RE support (#759)
cca5fa9 fix error that caused bpf code not to be loaded
422e86e tracee-ebpf: fix instruction count on kernels < 5.2 (#779)
6166346 add sched_process_exec and fix
Docker images
docker pull docker.io/aquasec/tracee:latest
docker pull docker.io/aquasec/tracee:0.6.0
docker pull docker.io/aquasec/tracee:slim
docker pull docker.io/aquasec/tracee:slim-0.6.0
v0.5.4
Changelog
e68ecaa tracee-ebpf: move fork logic to sched_process_fork
9eb91fb tracee-ebpf: bump libbpfgo version
Docker images
docker pull docker.io/aquasec/tracee:latest
docker pull docker.io/aquasec/tracee:0.5.4
docker pull docker.io/aquasec/tracee:slim
docker pull docker.io/aquasec/tracee:slim-0.5.4
v0.5.3
Release highlights and discussion
Changelog
8c944cf tracee-ebpf: add container id to context
6129122 feat: Tracee Profiler Mode (#725)
1e0aba5 clarify license (#760)
5cc1e8c fix gob type declaration (#753)
09ef628 Optimize save_path_to_str_buf in tracee.bpf.c (#758)
9312e26 tracee-ebpf: fix bpf compilation error
c158069 tracee-ebpf: ignore kernel config check when init fails
f87e71f Update Prerequisites Link in READMe (#744)
58a120a tracee-ebpf: add security_bpf{,_map} events (#617) (#739)
Docker images
docker pull docker.io/aquasec/tracee:latest
docker pull docker.io/aquasec/tracee:0.5.3
docker pull docker.io/aquasec/tracee:slim
docker pull docker.io/aquasec/tracee:slim-0.5.3
v0.5.2
Release highlights and discussion
Changelog
2fb9a7e tracee-ebpf: commit_creds: submit more credentials
6e1c370 add detection for writing into /etc/ld.so.preload (#733)
9387554 switch to libbpf v0.4 (#738)
83a869d fix: remove libbpfgo from this repo (#734)
9453072 libbpfgo: Add map iterator support (#728)
da4124a tracee-ebpf: close gracefully on error (#729)
242d721 libbpfgo: Check for ERR_PTR return values (#709)
94f33d0 work with new form of security_socket_connect
1960f31 libbpfgo: Add support for AttachPerfEvent
74b3c48 dont set essential events to network lsm hooks
6fb4c8a set network syscall events as essential events for their corresponding lsm hooks
b24f18c use kernel pid instead of tgid to avoid race condition between threads
2154848 set default sockfd to -1
d75a61f remove event_id from sockfd_map key, use tgid alone instead
32191ee fix sockfd_map comment
fcd8478 added sockfd arg to network lsm hooks
dccdd84 Add security_sb_mount lsm hook
38b402d tracee kubernetes deployment yamls (#680)
210d85b Add tracee video hub link in README (#714)
0344838 add manual parameter to docs workflow (#712)
25eb688 libbpfgo: Add AttachLSM() method
2bf844d Network lsm hooks (#697)
a6f33c3 Load kernel config into bpf hashmap (#670)
71b8876 Run libbpfgo self tests on self hosted github action runner (#693)
93809da add manual trigger to docs workflow
Docker images
docker pull docker.io/aquasec/tracee:latest
docker pull docker.io/aquasec/tracee:0.5.2
docker pull docker.io/aquasec/tracee:slim
docker pull docker.io/aquasec/tracee:slim-0.5.2
v0.5.1
Release highlights and discussion
Changelog
521b52b add build in docker to tracee-rules
24daa0e small typo fixed
8db13ca Fix minimum requirements link
d606972 fix: add check for empty bytes being written by file write channel fileWrChannel (#696)
2317a86 fix: trace-ebpf flag output (#632)
feb1677 feat: add testing envrionment matrix that includes self hosted runner (#692)
c3da07d Merge pull request #688 from grantseltzer/upgrade-libbpfgo-fix
e25ba71 Merge pull request #687 from yanivagman/fix_build
71d4c83 Fix build with libbpfgo
510aae7 integrate and document gotemplate
7b3c71b Merge pull request #682 from krol3/issue-681-dockerignore
ff03f7b Merge pull request #649 from eyakubovich/fix-chan-map-race
5052cb8 Merge pull request #678 from grantseltzer/upgrade-libbpf-v0.3
f37f3d3 feat: docker ignore for tracee
29b216c Merge pull request #672 from yanivagman/fix_type_mismatch
8d26642 Merge pull request #679 from yanivagman/fix_docs_link
4ef3eba fix documentation link in readme
96bdca8 improve docs
f11eced fix error handling
103ddbd tracee-ebpf: Fix type mismatch of event arguments
d1a0c00 fix: update libbpfgo go module to fix build for tracee-ebpf
c67295f fix: upgrade libbpfgo dependency to latest
3970f7f fix: upgrade libbpf dependency to v0.3 release
095336c Merge pull request #656 from eyakubovich/add-map-setters
7ace63b Add Resize() and GetMaxEntries() to BPFMap
7862e0e Merge pull request #645 from grantseltzer/feature-check-package
4f5af96 fix json output template
5c76627 add a quick video intro (#660)
2d62a69 fix: add some tests, fix error string
69b576e Merge pull request #657 from aquasecurity/docs-small-fixes
23597a0 Fix eventsChannels race
1092871 fix: broken links
8482773 fix: match document headers with navigation links
56ede7f fix: clarify local rules directory, add libbpf to dependencies
f68cea7 fix: move architecture diagram and images into docs directory, update usage accordingly
2e288fd fix: small typos and table formatting
50a6940 refactor: Remove falcosidekick specific code and reuse templating (#653)
e868978 feat: Add high level overview to Readme (#650)
6acdf8c feat: add constants to use for kernel configuration options
996cbd2 revamp documentation
7ce5943 feat: add tests for proc gz config
cf01331 fix: libbpfgo module files
6474790 Merge pull request #638 from eyakubovich/fix-perf-buffer-stop
5e8cd40 feat: add functions to helper package for checking the kernel config options
ba273ac types.Finding interface update (#646)
e1263ed fix mkdocs generation (#644)
96a39dc Use Go templates for stdout (#630)
77cf435 Fix PerfBuffer shutdown
8b8045b add mkdocs documentation (#633)
42edaaf Group of small fixes (#643)
97d27e0 Merge pull request #629 from jan0ski/main
7bac7f5 feat: Add support for wildcard event suffixes
f8df7da Merge pull request #625 from krol3/labels-docker
d0d2670 fix relative link to quickstart-with-docker (#635)
1a31966 Merge pull request #631 from grantseltzer/use-helpers-package-in-tracee-ebpf
443994b Merge pull request #603 from grantseltzer/selftest-actions
5f4ab2d remove falcosidekick from container
656da9c Remove old helper functions from tracee-ebpf and update usage to new helpers package
25bfb2d fix: update imported gomodules so libbpfgo includes the newly added helper package
f66f7be Merge pull request #493 from mtcherni95/tracee-issue-485
8934c28 fix: copy argument parsing functions from traee-ebpf into libbpfgo
9753401 fix: move and document the signature helpers (#601)
284bb15 Add basic integration test framework (#606)
2e0edb2 Fix "make clean"
7492580 Adding labels Docker
ec34648 feat: Print loaded rules info at runtime
518d407 fix tracee-ebpf dockerfile for go 1.16
b995873 Merge pull request #620 from eyakubovich/fix-ringbuf-stop
09b2b47 Fix RingBuffer shutdown
1fd89c3 Merge pull request #616 from icarus-sparry/better_help
2aa71c7 Better help message for missing libbpf
cb4589f feat: add libbpfgo selftests to github actions
436c11d Merge pull request #598 from grantseltzer/improve-selftest
559ff36 improve readme with triggering a sig
f1f3c72 Remove debugfs mount
c22f59c feat: Use //go:embed to bundle artifacts (#596)
6b6a8d6 Adding version string to --list output (#602)
a6ceb2e feat: Add signature versioning (#597)
6486492 add tests for entrypoint
9c6d248 Webhook message formatting using go templates (#582)
8ab0254 fix: self test for ringbuffer should verify the integrity of the data sent from kernel space
228c6d3 tracee-ebpf: add magic_write event
0c581d0 tracee-ebpf: move capture write filter to tail
cc2a749 tracee-ebpf: add bytes argument type
9a25d02 Merge pull request #591 from grantseltzer/blocking-stop-channel-write
5ba8472 feat: Bump up to go1.16 (#589)
8d3c3d5 Merge pull request #483 from aquasecurity/gs/ringbuf-libbpfgo
809794b tracee-ebpf: remove validator workarounds
828f39e tracee-ebpf: fix docker builder (#587)
6eb7608 fix: rb.stopped should be set in the Stop method
42839aa feat: add support for ringbuffers in libbpfgo
d286732 feat: Add OPA tests to Github Actions (#535)
5dc1352 feat: Better formatted output for detected events. (#573)
28fbc66 feat: Add IDs to Signature Metadata. (#567)
05b0d91 tracee-ebpf: Fix readme for docker quickstart (#568)
097ce27 Added information how to run Tracee on Docker Mac
59312a1 tracee-ebpf: update minimal kernel version to 4.18
Docker images
docker pull docker.io/aquasec/tracee:latest
docker pull docker.io/aquasec/tracee:0.5.1
docker pull docker.io/aquasec/tracee:slim
docker pull docker.io/aquasec/tracee:slim-0.5.1