Releases: aquasecurity/tracee
Releases Β· aquasecurity/tracee
v0.22.5
v0.22.4
Docker Image
docker pull docker.io/aquasec/tracee:0.22.4
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.22.4docker pull docker.io/aquasec/tracee:aarch64-0.22.4
v0.22.3
Docker Image
docker pull docker.io/aquasec/tracee:0.22.3
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.22.3docker pull docker.io/aquasec/tracee:aarch64-0.22.3
v0.22.2
Docker Image
docker pull docker.io/aquasec/tracee:0.22.2
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.22.2docker pull docker.io/aquasec/tracee:aarch64-0.22.2
v0.22.1
Docker Image
docker pull docker.io/aquasec/tracee:0.22.1
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.22.1docker pull docker.io/aquasec/tracee:aarch64-0.22.1
v0.22.0
β‘οΈ Release notes and discussion: https://github.com/aquasecurity/tracee/discussions/4272 β‘οΈ
Docker Image
docker pull docker.io/aquasec/tracee:0.22.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.22.0docker pull docker.io/aquasec/tracee:aarch64-0.22.0
What's Changed
- Fix release action by @geyslan in #4136
- fix(ci): dev tag is the latest snapshot by @geyslan in #4137
- chore(ci): use dev tag for docker image building by @geyslan in #4138
- chore: install last version of golang by @rscampos in #4139
- chore: golang binary move to tmp by @rscampos in #4140
- fix(ci): make release rule to have prerequisites by @geyslan in #4141
- Create Makefile format-pr rule by @geyslan in #4142
- Bumps to fix cve-2024-24790 by @geyslan in #4143
- fix(build): mv gh release logic to release rule by @geyslan in #4145
- feat(events): add security_task_setrlimit by @OriGlassman in #4148
- fix(build): fix release build by @geyslan in #4150
- Added event containing full payload for all packets by @oshaked1 in #4122
- Fix Integration Tests by @geyslan in #4157
- chore(logger): safe guard before locking by @geyslan in #4160
- chore: rem logger and errfmt as deps from env pkg by @geyslan in #4129
- chore: make dependencies manager a singleton by @geyslan in #4161
- fix: generic kubernetes containerd path pattern by @NDStrahilevitz in #4155
- Tidying Policy Manager by @geyslan in #4165
- fix(events): ftrace_hook: address tabs in input lines by @OriGlassman in #4110
- fix(pipeline): add ebpf caps in stack addres query by @NDStrahilevitz in #4169
- fix(tests): remove named pipe if it exists by @geyslan in #4171
- feat(events): create tracee_info event by @rscampos in #4166
- Fix deps deadlock by @geyslan in #4173
- Policies tidying more by @geyslan in #4168
- Caps concurrency fix by @geyslan in #4175
- Fix(events): don't remove fork excess args by @rscampos in #4167
- fix(proctree): fix clock type differences by @rscampos in #4117
- feat(caps): base ebpf capabilities by @NDStrahilevitz in #4178
- chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 by @dependabot in #4180
- Packet capture context by @oshaked1 in #4072
- chore: introduce eventFlags to policy manager by @geyslan in #4179
- chore(cap): check if cap is supported before set/unset by @rscampos in #4185
- fix(build): add the include to 3rdparty libbpf during libbpfgo compilation by @rscampos in #4186
- chore(build): trigger tracee tests on Makefile changes by @rscampos in #4187
- chore: use libbpfgo to check bpf helper func by @rscampos in #4184
- chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 in /api by @dependabot in #4188
- fix: inner error inside check for ebpf func by @rscampos in #4189
- feat(ebpf): configurable pipeline channel size by @NDStrahilevitz in #4182
- chore(ebpf): optimize filldir64 program by @NDStrahilevitz in #4183
- fix(controlplane): filter unnecessary enriches by @NDStrahilevitz in #4193
- feat(ebpf): add security_settime64 by @OriGlassman in #4201
- fix: Ensure correct event dependency for process_execute_failed by @yanivagman in #4203
- fix: Prevent loading syscall-specific BPF programs for non-syscall events by @yanivagman in #4202
- feat(ebpf): add prev_comm for sched_process_exec by @OriGlassman in #4206
- chore: release bpf object memory by @rscampos in #4209
- chore(deps): bump github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible by @dependabot in #4215
- fix: necessary to Init engine before Start by @rscampos in #4222
- fix: TRACE_RET_FUNC macro by @yanivagman in #4216
- chore(parsers): optimize ParseMmapProt by @geyslan in #4200
- improve flag parsing performance by @geyslan in #4197
- fix: set engine to nil - sig benchmark by @rscampos in #4234
- chore(sig): define signature metadata statically by @rscampos in #4237
- chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible by @dependabot in #4240
- feat(ebpf): use bpf_task_pt_regs when available by @OriGlassman in #4238
- feat: add syscall helper macros by @yanivagman in #4243
- feat(ebpf): make security_socket_setsockopt not rely on sys_enter/exit by @OriGlassman in #4224
- remove e2e tests for kernels 5.4 and 4.18 on ARM by @OriGlassman in #4247
- fix(ebpf): use correct syscall id for compat by @OriGlassman in #4245
- feat(ebpf): make security_file_open not rely on sys_enter/exit by @OriGlassman in #4226
- feat(ebpf): remove sys_enter/exit dependency from security_socket_con⦠by @OriGlassman in #4220
- feat(ebpf): make security_socket_accept not rely on sys_enter/exit by @OriGlassman in #4213
- feat(ebpf): make mem_prot_alert not rely on sys_enter/exit by @OriGlassman in #4227
- feat(ebpf): make security_socket_bind not rely on sys_enter/exit by @OriGlassman in #4225
- feat(ebpf): make set_fs_pwd not rely on sys_enter/exit by @OriGlassman in #4228
- chore: pin go tools versions by @geyslan in #4251
- perf: benchmark improve sig GetMetadata by @rscampos in #4223
- chore: update AMI matrix images by @rscampos in #4250
- Improve
save_args_to_submit_bufby @geyslan in #4217 - feat(ebpf): add path&ctime to module_load event by @OriGlassman in #4235
- fix(ebpf): fix compilation warning sockfd_addr by @OriGlassman in #4254
- process_execute_failed: don't rely on sys_enter by @oshaked1 in #4259
- Generic syscall kprobes by @yanivagman in #4256
- Proctree improvements (RSS/Performance) by @geyslan in #4261
- optimize parser options check by @geyslan in #4199
- Changelog optimization by @geyslan in #4242
- fix: improve performance of readStringVarFromBuff by @geyslan in #4194
- improve flag parsing performance continuation by @geyslan in #4198
- fix(build): parallel build (libbpf wise) by @geyslan in #4196
- Provide manual files in release image/archive by @geyslan in #4230
- fix(build): cyclic dependency in makefile by @geyslan in #4262
- chore: remove leftover from #4262 by @geyslan in #4265
- chore(k8s): prepare v0.22.0 release by @rscampos in #4267
Full Changelog: v0.21.0...v0.22.0
Contributors
rscampos, geyslan, and 5 other contributors
Assets 6
v0.21.0
β‘οΈ Release notes and discussion: https://github.com/aquasecurity/tracee/discussions/4147 β‘οΈ
Docker Image
docker pull docker.io/aquasec/tracee:0.21.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.21.0docker pull docker.io/aquasec/tracee:aarch64-0.21.0
What's Changed
- fix: e2e-net-tests should use unified binary by @josedonizetti in #3842
- Docs: fixed the typo by @Tej-Singh-Rana in #3859
- GitHub actions chore by @geyslan in #3864
- chore: remove gob printer by @josedonizetti in #3841
- feat: allow webhook configuration via helm values by @ndegory in #3832
- grpc: add direction to packet metadata by @josedonizetti in #3861
- grpc: update packet metadata by @josedonizetti in #3862
- chore: bump opa to 0.61.0 by @josedonizetti in #3868
- Use EXECUTION_TYPE label for github self host runner by @sharon-amir in #3875
- fix(tests): unattended upgrades still running sometimes by @geyslan in #3877
- fix(docs): kubectl configmap command by @geyslan in #3880
- fix: bump opa to v0.61.0 by @josedonizetti in #3887
- chore: add labels for grpc and api by @josedonizetti in #3890
- fix(ebpf): fix hidden_kernel_module not found symbol by @OriGlassman in #3834
- fix: improve performance of magic_write event by @yanivagman in #3899
- fix(derive): keep symbols_collision state between events by @AlonZivony in #3894
- helm: config go template only if passed by @josedonizetti in #3884
- ebpf: don't send magic_write with zero bytes by @yanivagman in #3901
- fix(events): fix ftrace_hook by @OriGlassman in #3896
- chore: change github run id format by @geyslan in #3902
- fix(tests): e2e-install-deps.sh wait for unlock by @geyslan in #3910
- Fix proc info lru by @yanivagman in #3918
- chore: use map instead of stack to store task_info by @yanivagman in #3920
- Improve bpf policies config access by @geyslan in #3906
- Change inotify_watch event to security_path_notify by @oshaked1 in #3913
- chore(deps): bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible by @dependabot in #3925
- Concurrency issue at analyze by @rscampos in #3907
- Optimize init program by @yanivagman in #3923
- refactor: move to the new pyroscope package by @06kellyjac in #3927
- fix: make check-pr compliant with different shells by @geyslan in #3929
- chore: ensure unattended-upgrades killing by @geyslan in #3934
- chore!: remove gob support from tracee-rules by @geyslan in #3939
- fix(filters): handle syscall arg by @geyslan in #3893
- fix: preallocate ids for signatures upon load by @AlonZivony in #3941
- chore(deps): bump google.golang.org/protobuf to v1.33.0 by @hangrymuppet in #3946
- fix: security_socket_connect wrong fd by @yanivagman in #3951
- Invert Policies inner maps key pair by @geyslan in #3955
- Opa bump by @geyslan in #3957
- chore: set xtrace on e2e-install-deps.sh script by @geyslan in #3958
- Add
ArgValsignature helper by @oshaked1 in #3954 - chore(policy): add policiesMapByName to Policies by @geyslan in #3956
- Dependencies tree manager by @AlonZivony in #3931
- chore: various co-re fixes by @yanivagman in #3952
- fix(dependencies): allow multiple removes of same event by @AlonZivony in #3961
- fix: add missing nodeSelector and tolerations to tracee-operator by @ndegory in #3944
- Add Iterator generic interface, debut it in Policies by @geyslan in #3963
- Run x86_64 & aarch64 builds in parallel by @hangrymuppet in #3962
- chore(ci): run x86_64 & aarch64 builds in parallel by @geyslan in #3968
- chore: make Cloner generic by @geyslan in #3966
- fix: capture io by @yanivagman in #3972
- chore: remove OPT_PROCESS_INFO by @yanivagman in #3975
- fix: update vagrant file to download kubectl by @rscampos in #3977
- chore(ci): bump actions versions by @geyslan in #3969
- Fix Policies Cloning by @geyslan in #3971
- Add timestamp docker tag for dev image by @hangrymuppet in #3959
- chore(ci): labeler v5.0.0 is inconsistent by @geyslan in #3978
- Libbpfgo bump by @geyslan in #3970
- fix: show argv on failed execve events by @yanivagman in #3922
- fix(analyze): bind flags with viper by @AlonZivony in #3981
- fix: wrong print_mem_dump errors about args filter by @AlonZivony in #3895
- Fix helm install option webhook by @rscampos in #3984
- fix(ebpf): use debug error level instead of error by @geyslan in #3985
- refactor: Improve API used by ebpf programs by @yanivagman in #3982
- fix: vagrantfile url for opa download by @rscampos in #3990
- chore(deps): bump golang.org/x/net from 0.17.0 to 0.23.0 in /api by @dependabot in #3991
- chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #3992
- fix(ebpf): check if engineOutput is closed by @geyslan in #3994
- chore: refactor equality computation by @geyslan in #3997
- Chore at large by @geyslan in #3979
- Wait for apt locks by @geyslan in #4000
- Rename context filters to scope filters by @yanivagman in #3995
- Helm webhook custom templates by @ndegory in #3942
- fix: proper fragment delimiters in webhook URL by @ndegory in #3943
- fix event definitions api by @josedonizetti in #4004
- grpc: update definitions api by @josedonizetti in #4006
- chore(k8s): prepare v0.21.0 release by @geyslan in #4007
- [v0.21.0] fix(events): fix process_execute_failed missing symbol for new kernels by @geyslan in #4011
- fix(events): hidden_kernel_module - change history scan behaviour by @OriGlassman in #4020
- feat(proctree): control procfs query by config by @AlonZivony in #4022
- [v0.21.0] capture: fixes and tests by @NDStrahilevitz in #4023
- [v0.21.0] fix: network event context by @NDStrahilevitz in #4029
- fix(ebpf): use kprobes for execute_finished by @AlonZivony in #4030
- fix: avoid logging warnings for non-ELF so loading by @AlonZivony in #4037
- v0.21.0:chore(events): decrease SO loader error log level to debug by @AlonZivony in #4041
- fix: remove invalid "format" event from docs by @yanivagman in #4042
- 0.21.0/fix(tests): fix goroutines leakage in integration tests by @AlonZivony in #4052
- [v0.21.0] Revert "chore(k8s): prepare v0.21.0 release (#4007)" by @geyslan in #4055
- chore(helm): rename helm field config file (#4018) by @geyslan ...
Contributors
josedonizetti, rscampos, and 12 other contributors
Assets 6
v0.20.0
β‘οΈ Release notes and discussion: https://github.com/aquasecurity/tracee/discussions/3869 β‘οΈ
Docker Image
docker pull docker.io/aquasec/tracee:0.20.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.20.0docker pull docker.io/aquasec/tracee:aarch64-0.20.0
What's Changed
- docs(mkdocs): rename crs to cri in menu by @rafaeldtinoco in #3671
- Add verify-docs job by @geyslan in #3672
- rebase of #3638 by @rafaeldtinoco in #3683
- Fix readme by @rafaeldtinoco in #3686
- chore(container): same default events as k8s deployment by @rafaeldtinoco in #3687
- fix(ebpf): use ts as fd_arg_path_map key by @geyslan in #3674
- fix(finding): add missing fields by @NDStrahilevitz in #3694
- refactor(engine): feed engine with signatures events by @AlonZivony in #3681
- feat(signatures): add simple proctree datasource envelope by @AlonZivony in #3692
- Make filtered aggregation possible by @geyslan in #3677
- feature(types): add packet metadata type by @NDStrahilevitz in #3708
- Packet direction flag by @NDStrahilevitz in #3706
- minor fix on top of #3707 by @rafaeldtinoco in #3709
- probes: improve probes by having specific getters by @rafaeldtinoco in #3710
- feat(types): time relevant info for proctree by @AlonZivony in #3712
- docs: add discussion template for adopters by @AnaisUrlichs in #3702
- Feature/proctree query time by @AlonZivony in #3691
- Feature: DNS Cache datasource by @NDStrahilevitz in #3679
- chore: rename Context to EventContext by @geyslan in #3716
- Pin pandoc version to 3.1.2 by @geyslan in #3720
- libbpfgo bump to v0.6.0-libbpf-1.3 by @geyslan in #3713
- make #3715 pass doc verification by @rafaeldtinoco in #3721
- chore(ci): bump changed-files to v40.2.0 by @geyslan in #3723
- bugfix(ebpf): avoid errors upon hash calc fail by @AlonZivony in #3733
- fix: webhook template should support sprig funcs by @josedonizetti in #3724
- feature: add ctime to containers data source by @NDStrahilevitz in #3728
- chore(release): use go1.20 for releasing by @rafaeldtinoco in #3740
- chore: fix typo by @josedonizetti in #3736
- fix(release): tracee-container alpine version to 3.18 by @rafaeldtinoco in #3744
- Network: add net_tcp_connect event with DNS support by @rafaeldtinoco in #3738
- chore: refer to man pages by @geyslan in #3749
- feature: pluggable datasources by @josedonizetti in #3737
- Bugfix/parse finding type correctly by @AlonZivony in #3760
- Writeable datasource types by @NDStrahilevitz in #3759
- feature(api): add data source grpc service by @NDStrahilevitz in #3761
- chore(api): fix typo by @NDStrahilevitz in #3762
- chore(makefile): fix doube-quoted version string by @rafaeldtinoco in #3764
- feat(ebpf): optimize sendmsg/recvmsg kprobes by @NDStrahilevitz in #3766
- feature(event): create net_flow_tcp_begin event by @rafaeldtinoco in #3750
- fix(network): fix http request/response events by @rafaeldtinoco in #3770
- chore: update proto types by @josedonizetti in #3772
- chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #3773
- fix(ebpf): adjust inode struct to kernel v6.6 by @NDStrahilevitz in #3769
- feat(types): improve datasource write api by @NDStrahilevitz in #3763
- fix: filter dispatching to signatures by @NDStrahilevitz in #3729
- feature: Add name and properties to Threat, and add Threat to Event definition. by @josedonizetti in #3742
- feature: writeable data source by @NDStrahilevitz in #3725
- Improve performance of exec-hash by @NDStrahilevitz in #3752
- fix: create pid file under install-path by @NDStrahilevitz in #3775
- feature: add signature name to event definition by @josedonizetti in #3743
- add Struct type and detect.FindingData by @josedonizetti in #3776
- Fix dynamic data arguments by @josedonizetti in #3777
- chore(derive/http): change log level when packets are malformed by @NDStrahilevitz in #3780
- Types protected finding by @NDStrahilevitz in #3782
- Protected finding data by @NDStrahilevitz in #3779
- chore(deps): bump tj-actions/changed-files from 40.2.0 to 41.0.0 in /.github/workflows by @dependabot in #3788
- fix: use thread safe wrapper for ksyms table by @NDStrahilevitz in #3786
- fix: triggeredBy should print event on table output by @josedonizetti in #3792
- fix(doc): contribution document link by @yasindce1998 in #3794
- Pin revive version by @geyslan in #3796
- fix(ebpf): fix hidden_kernel_module error in some kernels by @OriGlassman in #3797
- fix(events): restore dependency in hooked_syscall by @NDStrahilevitz in #3784
- Introduce Policies versioning (map of maps) by @geyslan in #3305
- Update Golang in all Project by @rafaeldtinoco in #3806
- chore(docs): specify distros and versions support by @rafaeldtinoco in #3808
- Remove BPF map macros by @geyslan in #3735
- Fix event data structure by @josedonizetti in #3812
- Fix symbol multi addrs by @rafaeldtinoco in #3802
- chore(ci): add mantic 6.6 AMIs by @geyslan in #3810
- fix(capture): restore absolute time in pcap frames by @AlonZivony in #3800
- Update api types by @josedonizetti in #3814
- feat(signatures): expose signatures helpers as Go module by @AlonZivony in #3765
- chore(deps): bump github.com/containerd/containerd from 1.7.0 to 1.7.11 by @dependabot in #3816
- Make policies config versioned by @geyslan in #3809
- chore: remove replace of signatures helpers by @AlonZivony in #3819
- grpc: fix nil arguments by @josedonizetti in #3823
- chore: remove clang march flag by @geyslan in #3831
- chore: increase vb resources by @geyslan in #3833
- fix: skip timestamp normalizing in derived events by @NDStrahilevitz in #3835
- fix: change missing probe log level by @josedonizetti in #3836
- chore(deps): bump github.com/opencontainers/runc from 1.1.7 to 1.1.12 by @dependabot in #3837
- Fix ArgsNum by @geyslan in #3839
- Fix typo in kubernetes install guide by @logicfox in #3846
- Various cgroup and mounting fixes and optimizations by @NDStrahilevitz in #3829
- fix(processors): change args values by name by @AlonZivony in #3838
- Set exec-hash default option by @geyslan in #3852
...
Contributors
josedonizetti, logicfox, and 8 other contributors
Assets 6
v0.19.0
Docker Image
docker pull docker.io/aquasec/tracee:0.19.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.19.0docker pull docker.io/aquasec/tracee:aarch64-0.19.0
What's Changed
Release Notes: https://github.com/aquasecurity/tracee/discussions/3670
Full Changelog: v0.18.0-rc...v0.19.0-rc
v0.18.1
Docker Image
docker pull docker.io/aquasec/tracee:0.18.1
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.18.1docker pull docker.io/aquasec/tracee:aarch64-0.18.1