v0.10.0

Release highlights and summary

👉 https://github.com/aquasecurity/tracee/discussions/2503

Full Changelog

• k8s: update tags to 0.9.3 by @josedonizetti in #2329
• doc: move kallsyms_lookup_name event doc to new doc path by @AlonZivony in #2333
• [MAINT] btfhub: adjust ol7 path after btfhub change by @rafaeldtinoco in #2341
• k8s: fix postee dependency by @josedonizetti in #2342
• docs: add tag to kubect apply by @josedonizetti in #2343
• pkg/ebpf: add syscalls arguments to security_file_mprotect by @AlonZivony in #2335
• feature: add stdin path to sched_process_exec by @roikol in #2216
• pkg/ebpf: fix multi use of string buf in seched_process_exec by @AlonZivony in #2345
• refactor: probes: move diff probe types to own files by @rafaeldtinoco in #2349
• refactor: pkg/cgroup and pkg/containers initial structure by @rafaeldtinoco in #2350
• [FEAT] Args syscall filter by @NDStrahilevitz in #2251
• [FIX] events_enrich: fix missing container_remove event by @NDStrahilevitz in #2357
• [FEAT] logger: debug output enrichment by @geyslan in #2254
• builder: increase alpine version to fix golang dependency by @rafaeldtinoco in #2373
• [REFACTOR] Cgroup Interface (cgroupv1 and cgroupv2 initialization) by @rafaeldtinoco in #2233
• pkg/ebpf: add arguments and doc to mem_prot_alert by @AlonZivony in #2339
• Feature/event context filter by @NDStrahilevitz in #2229
• pkg/ebpf: cancel event with missing symbols dependency by @AlonZivony in #2370
• pkg/ebpf: process existing mount ns upon initialization by @AlonZivony in #2283
• Fix capabilities initialization by @rafaeldtinoco in #2380
• pkg/events: add API to derive multiple events from single function by @AlonZivony in #2384
• pkg/procinfo: procfs errors are too frequent by @rafaeldtinoco in #2394
• [MAINT] workflows/pr: add kinetic60 and focal419 by @rafaeldtinoco in #2399
• pkg/ebpf/tracee: fix capabilities for procfs reads by @rafaeldtinoco in #2406
• types: add network protocol events types by @rafaeldtinoco in #2378
• types: add EventName to SignatureMetadata by @josedonizetti in #2408
• pkg/ebpf: change fork thread start time to be since epoch by @AlonZivony in #2387
• tracee-rules: extract getSignatures by @josedonizetti in #2413
• tracee-ebpf: extract logic into pkg/cmd by @josedonizetti in #2416
• [FEATURE] New network code with tests by @rafaeldtinoco in #2200
• tracee: add new binary by @josedonizetti in #2418
• pkg/utils/proc: log errors as debug only by @rafaeldtinoco in #2426
• tracee: make some perf buffers optional by @NDStrahilevitz in #2423
• pkg/counter: change Counter type by @geyslan in #2427
• signatures: add event name to golang sigs by @josedonizetti in #2412
• Embed test script and import environment variable by @grantseltzer in #2366
• [FEAT] Simple DNS events compatible with old ones by @rafaeldtinoco in #2425
• pkg/ebpf: reduce security_file_mprotect instructions by @AlonZivony in #2421
• printer: add container image to table printer by @NDStrahilevitz in #2232
• Streamline error logging by @NDStrahilevitz in #2403
• rules: refactor engine.New to receive sigs via Cfg by @josedonizetti in #2438
• Add AVD link from detection docs by @grantseltzer in #2326
• ebpf: fix process tree filter by @yanivagman in #2431
• rules: reenable dropped_executable by @josedonizetti in #2445
• Bugfix/rodata err 419 by @AlonZivony in #2447
• ebpf: fix error handling by @josedonizetti in #2354
• pkg/utils/sharedobjs: check open failure by @AlonZivony in #2450
• tracee: trim event name for table output by @josedonizetti in #2440
• derive: fix cgroupv1 hid false derives by @NDStrahilevitz in #2453
• rules: refactor signature name by @josedonizetti in #2455
• [FIX] network: do not run e2e-net-test for vanilla v4.19 by @rafaeldtinoco in #2456
• caps: log errors from caps Requested and cb func by @geyslan in #2459
• network: e2e-net-test v419 skip should return 0 by @rafaeldtinoco in #2461
• rules: add event name to rego signatures by @josedonizetti in #2457
• probes: fix lockup when nested raising privileges by @rafaeldtinoco in #2460
• build(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12 by @dependabot in #2452
• Feature/reduce sched exec instruction by @AlonZivony in #2434
• events_pipeline: run filters for derived events by @rafaeldtinoco in #2463
• Bump libbpfgo to v0.4.5-libbpf-1.0.1 by @rafaeldtinoco in #2472
• Add rules to the pipeline by @josedonizetti in #2439
• tracee: add flag to install new tracee by @josedonizetti in #2473
• sorting: add race condition checks for queues usage by @AlonZivony in #2465
• Quick start update & adding commands to create docs previous to Makefile by @AnaisUrlichs in #2478
• tracee.bpf: arm64: fix var warning for bpf-nocore by @rafaeldtinoco in #2480
• events: remove unused dependency by @yanivagman in #2464
• pkg/events/parse: use generic function to parse args by @AlonZivony in #2482
• Arg filter fixes by @rafaeldtinoco in #2488
• docs: add network events documentation to mkdocs by @rafaeldtinoco in #2494
• [FEAT] builder: add custom-rules arg opt to entrypoint.sh by @geyslan in #2493
• [FEAT] log ebpf errors by @geyslan in #2352
• k8s: bump tag to 0.10.0 by @josedonizetti in #2496
• docs: add everything is an event tutorial by @josedonizetti in #2495
• Binary filter by @yanivagman in #2385
• docs: fix typo by @josedonizetti in #2501
• network: add port arg to protocols TCP and UDP by @rafaeldtinoco in #2502