v0.24.1

Docker Image

• docker pull docker.io/aquasec/tracee:0.24.1

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.24.1
• docker pull docker.io/aquasec/tracee:aarch64-0.24.1

What's Changed

• [v0.24.1] backport: #5047, #5050, #5051 by @geyslan in #5057
• [v0.24.1] chore(k8s): prepare v0.24.1 release by @geyslan in #5064

Full Changelog: v0.24.0...v0.24.1

v0.24.0

Docker Image

• docker pull docker.io/aquasec/tracee:0.24.0

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.24.0
• docker pull docker.io/aquasec/tracee:aarch64-0.24.0

What's Changed

• chore(deps): bump github.com/spf13/viper from 1.18.2 to 1.19.0 by @dependabot[bot] in #4539
• chore(deps): bump github.com/docker/docker from 26.1.5+incompatible to 27.5.1+incompatible by @dependabot[bot] in #4549
• chore(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0 by @dependabot[bot] in #4576
• chore(deps): bump golang.org/x/sys from 0.28.0 to 0.30.0 by @dependabot[bot] in #4577
• chore(deps): bump tj-actions/changed-files from 45.0.6 to 45.0.7 by @dependabot[bot] in #4575
• chore(deps): bump squidfunk/mkdocs-material from 9.5.50 to 9.6.4 in /builder by @dependabot[bot] in #4584
• chore(deps): bump azure/setup-helm from 4.2.0 to 4.3.0 by @dependabot[bot] in #4596
• chore(deps): bump golang from 1.23.5 to 1.24.0 in /builder by @dependabot[bot] in #4587
• chore(deps): bump github.com/prometheus/client_golang from 1.20.2 to 1.21.0 by @dependabot[bot] in #4602
• chore(deps): bump squidfunk/mkdocs-material from 9.6.4 to 9.6.5 in /builder by @dependabot[bot] in #4608
• chore(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.5 in /api by @dependabot[bot] in #4613
• chore(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.5 by @dependabot[bot] in #4609
• chore(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 by @dependabot[bot] in #4612
• chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @dependabot[bot] in #4610
• fix(ci): CodeQL warning by @geyslan in #4617
• fix(ci): CodeQL warning (2) by @geyslan in #4618
• chore(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by @dependabot[bot] in #4619
• chore(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 in /api by @dependabot[bot] in #4620
• Bump lint tools versions by @geyslan in #4616
• chore(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by @dependabot[bot] in #4623
• chore(deps): bump github.com/IBM/fluent-forward-go from 0.2.2 to 0.3.0 by @dependabot[bot] in #4622
• fix: replace data filter for reset event by @rscampos in #4624
• feat(events): add open_file_ns and open_file_mount events by @oshaked1 in #4570
• Bump Go to 1.24 by @geyslan in #4615
• chore(go): bump go.mod to use latest pkgs by @geyslan in #4626
• chore(go): bump to use latest signatures/helpers by @geyslan in #4628
• chore(deps): bump k8s.io/cri-api from 0.30.1 to 0.32.2 by @dependabot[bot] in #4629
• fix(ebpf): profile only common events by @geyslan in #4631
• chore(api): rename event to zeroed_inode by @rscampos in #4636
• fix: filldir64 event by @rscampos in #4588
• chore(deps): bump github.com/containerd/containerd from 1.7.25 to 1.7.26 by @dependabot[bot] in #4632
• chore(deps): bump squidfunk/mkdocs-material from 9.6.5 to 9.6.7 in /builder by @dependabot[bot] in #4637
• chore(ci): diminish dependabot frequency... by @geyslan in #4647
• Add bear rule to Makefile by @geyslan in #4630
• refactor(containers): split cgroup to container map by @NDStrahilevitz in #4604
• chore(deps): bump golang.org/x/sys from 0.30.0 to 0.31.0 by @dependabot[bot] in #4651
• chore(deps): bump sigs.k8s.io/controller-runtime from 0.18.2 to 0.20.3 by @dependabot[bot] in #4652
• chore(api): add missing event ids by @NDStrahilevitz in #4654
• chore(ci): disable action by @geyslan in #4657
• chore(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 by @dependabot[bot] in #4653
• chore(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 in /api by @dependabot[bot] in #4658
• chore(deps): bump squidfunk/mkdocs-material from 9.6.7 to 9.6.9 in /builder by @dependabot[bot] in #4660
• chore(deps): bump docker/login-action from 3.3.0 to 3.4.0 by @dependabot[bot] in #4664
• chore(deps): bump github.com/grafana/pyroscope-go from 1.2.0 to 1.2.1 by @dependabot[bot] in #4661
• chore(deps): bump github.com/spf13/viper from 1.19.0 to 1.20.0 by @dependabot[bot] in #4663
• fix(tests): handle tracee pids correctly by @geyslan in #4666
• chore(deps): bump github.com/containerd/containerd from 1.7.26 to 1.7.27 by @dependabot[bot] in #4665
• Tidy documentation by @ShohamBit in #4639
• chore(grpc): update translation table by @NDStrahilevitz in #4668
• chore(api): add security_task_prctl event ID by @oshaked1 in #4669
• chore(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6 in /api by @dependabot[bot] in #4671
• chore(ci): dependabot gomod for sec updates only by @geyslan in #4680
• [dependabot][github-actions] - bump actions/setup-python from 5.4.0 to 5.5.0 by @dependabot[bot] in #4681
• chore(go): bump toolchain to go1.24.1 - 1st by @geyslan in #4685
• chore(go): bump toolchain to go1.24.1 - 2nd by @geyslan in #4686
• chore: bump toolchain to go1.24.1 - 3rd by @geyslan in #4687
• fix(libcap): bump libcap to v1.2.75 & libpsx to v1.2.76-rc1 by @geyslan in #4688
• [dependabot][docker] - Bump squidfunk/mkdocs-material from 9.6.9 to 9.6.10 in /builder by @dependabot[bot] in #4689
• Introduce evt trigger by @geyslan in #4414
• [dependabot][gomod-security] - Bump google.golang.org/grpc from 1.70.0 to 1.71.1 in /api by @dependabot[bot] in #4693
• [dependabot][gomod-security] - Bump google.golang.org/grpc from 1.70.0 to 1.71.1 by @dependabot[bot] in #4692
• chore(k8s): prepare v0.23.1 release by @geyslan in #4696
• add traceectl to tracee by @ShohamBit in #4396
• feat(trace): data field decoding types by @NDStrahilevitz in #4699
• feat!: separate data field decoding types by @NDStrahilevitz in #4353
• fix: add toolchain by @rscampos in #4705
• feat: add heartbeat event by @AshishNaware in #4650
• fix(ebpf): sockaddr_un length by @geyslan in #4634
• [dependabot][gomod-security] - Bump kernel.org/pub/linux/libs/security/libcap/cap from 1.2.75 to 1.2.76 by @dependabot[bot] in #4708
• [dependabot][gomod-security] - Bump golang.org/x/net from 0.36.0 to 0.38.0 in the golang group across 1 directory by @dependabot[bot] in #4712
• [dependabot][gomod-security] - Bump the golang group across 2 directories with 1 update by @dependabot[bot] in #4717
• [dependabot][docker] - Bump squidfunk/mkdocs-material from 9.6.10 to 9.6.12 in /builder by @dependabot[bot] in #4715
• [dependabot][docker] - Bump golang from 1.24.0 to 1.24.2 in /builder by @dependabot[bot] in #4701
• chore(deps): bump golang.org/x/net from 0.28.0 to 0.38.0 in /cmd/traceectl by @dependabot[bot] in #4711
• [dependabot][gomod-security] - Bump github.com/prometheus/client_golang from 1.21.0 to 1.22.0 by @dependabot[bot] in #4703
• [dependabot][gomod-security] - Bump github.com/mennanov/fmutils from 0.3.0 to 0.3.1 by @dependabot[bot] i...

v0.23.2

Docker Image

• docker pull docker.io/aquasec/tracee:0.23.2

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.23.2
• docker pull docker.io/aquasec/tracee:aarch64-0.23.2

What's Changed

• [v0.23.2] PR #4803: fix(engine): feedback deadlock issues by @NDStrahilevitz in #4804
• [v0.23.2] Picks from #4795 and #4801 by @geyslan in #4819
• Fix signature loading v0.23 by @yanivagman in #4826
• [v0.23.2] PR #4839: chore(k8s): prepare v0.23.2 release by @geyslan in #4838

Full Changelog: v0.23.1...v0.23.2

v0.23.1

Docker Image

• docker pull docker.io/aquasec/tracee:0.23.1

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.23.1
• docker pull docker.io/aquasec/tracee:aarch64-0.23.1

What's Changed

• [v0.23.1] Release v0.23.1 - 1 by @geyslan in #4694
• [v0.23.1] Release v0.23.1 - 2 by @geyslan in #4695
• [v0.23.1] PR #4696: chore(k8s): prepare v0.23.1 release by @geyslan in #4697

Full Changelog: v0.23.0...v0.23.1

v0.23.0

Docker Image

• docker pull docker.io/aquasec/tracee:0.23.0

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.23.0
• docker pull docker.io/aquasec/tracee:aarch64-0.23.0

What's Changed

• chore(ci): update release amis by @geyslan in #4269
• fix(build): set GOTOOLCHAIN="auto" for alpine by @geyslan in #4271
• fix: release snapshot target arch by @rscampos in #4274
• Process execute failed by @OriGlassman in #4233
• update go.sum and go.mod with grpc change by @OriGlassman in #4280
• fix: process_execute_failed use correct lru by @OriGlassman in #4283
• Remove irrelevant context from uprobe based events by @oshaked1 in #4284
• chore: use 6.2.0-1018-aws kernel by @geyslan in #4275
• update syscall table: lookup_dcookie is removed by @OriGlassman in #4286
• container enrichment fixes and improvements by @NDStrahilevitz in #4276
• chore(k8s): prepare v0.22.1 release by @rscampos in #4295
• chore!: rollback proctree to simple LRU by @geyslan in #4299
• Fix timespec_t args not being submitted to userspace by @oshaked1 in #4301
• Events flags embedding by @geyslan in #4191
• feat(time)!: epoch timestamps as standard by @NDStrahilevitz in #4252
• sched_process_exec: don't drop event in capture exec by @OriGlassman in #4310
• chore: deactive performance gate by @NDStrahilevitz in #4309
• chore(deps): bump github.com/open-policy-agent/opa from 0.64.1 to 0.68.0 by @dependabot in #4315
• chore: sig helper clone metadata by @rscampos in #4317
• fix(tests): possible goroutine leak by @geyslan in #4306
• chore(tests): increase Tracee startup timeout by @geyslan in #4318
• Documentation patch by @ShohamBit in #4303
• Revert "chore: sig helper clone metadata" by @rscampos in #4319
• Revert "perf: benchmark improve sig GetMetadata" by @rscampos in #4320
• Revert "chore(sig): define signature metadata statically" by @rscampos in #4321
• chore(k8s): prepare v0.22.2 release by @rscampos in #4322
• change argv to args by @ShohamBit in #4304
• chore: remove deprecated debug-shell by @geyslan in #4308
• fix(proctree): possible sync.Once data race by @geyslan in #4307
• fix(ebpf): set pipeline chan size from config by @geyslan in #4329
• chore(ci): add possibility of ff merging via ui by @geyslan in #4333
• chore(types): add Zero field to ArgMeta by @geyslan in #4340
• Handle zero-value types for unavailable fields - ArgMeta by @geyslan in #4336
• remove policy and capture form docs by @ShohamBit in #4343
• Signatures helpers improvement by @geyslan in #4345
• feat: remove default usage of parse-arguments by @geyslan in #4331
• feat(events): add chmod_common event by @OriGlassman in #4339
• register normalizeTimeArg processor only when proctree is on by @geyslan in #4332
• Fix arg zero parse types and core typo by @geyslan in #4357
• fix: print err when parseArgument() fails by @geyslan in #4355
• feat(ebpf): restrict set_fs_pwd to (f)chdir syscall by @OriGlassman in #4359
• feat(events): change log level in hooked_syscall by @OriGlassman in #4366
• fix(events): check if init finished in hidden kernel module by @OriGlassman in #4367
• /proc parsing refactor by @geyslan in #4364
• changed process filter to scope filters by @ShohamBit in #4371
• fix(mount): reintroduce root path requirement by @NDStrahilevitz in #4328
• chore(k8s): prepare v0.22.3 release by @rscampos in #4374
• analyze: enable sigs consuming sigs by @NDStrahilevitz in #4327
• fix(engine): restrict finding feedback by @NDStrahilevitz in #4377
• fix(events): fix slice out of bounds in hidden_kernel_module by @OriGlassman in #4379
• chore(k8s): prepare v0.22.4 release by @geyslan in #4382
• Refactor filter matching by @yanivagman in #4376
• fix(epbf): fix behavior of has_prefix() and add strncmp() by @oshaked1 in #4394
• perf: remove sys_enter/exit dependency from default event set by @yanivagman in #4389
• feat(helpers): GetProtoHTTPRequestByName/GetProtoHTTPResponseByName by @rscampos in #4392
• Refactor: Restructure event and rename context by @yanivagman in #4390
• refactor: Rename event parameters to fields by @yanivagman in #4398
• Add suspicious_syscall_source event by @oshaked1 in #3953
• chore(api): bump grpc and protoc versions by @geyslan in #4405
• chore(grpc): bump api to latest 715b629 by @geyslan in #4407
• chore(api): add EventCounts to GetMetricsResponse by @geyslan in #4408
• Perf event writes metric by @geyslan in #4334
• fix(tests): possible out of range in integration by @geyslan in #4305
• feat(test): e2e integration test for new helpers by @rscampos in #4354
• Refactor policy by @yanivagman in #4400
• Analyze legacy output by @NDStrahilevitz in #4385
• fix(epbf): fix incorrect parsed syscall name by @oshaked1 in #4402
• fix(build): fix build checkers for goimports by @geyslan in #4417
• fix hidden_kernel_module history scan for kernels >6.2 by @OriGlassman in #4378
• fix: Remove unnecessary check for syscall wrapper in sys_enter tracepoint by @yanivagman in #4236
• chore(k8s): prepare v0.22.5 release by @geyslan in #4421
• Add security_path_notify test to PR workflow by @oshaked1 in #3926
• chore(GH): pin ubuntu (22.04) version for gh runners by @rscampos in #4428
• chore(deps): bump golang.org/x/crypto from 0.26.0 to 0.31.0 by @dependabot in #4429
• Data filter in kernel by @rscampos in #4324
• fix: optimize proctree memory consumption by @geyslan in #4384
• fix(ci): add runner type to release workflows by @geyslan in #4436
• chore: add kernel 6.8 and 6.10 in matrix images by @rscampos in #4434
• chore(ebpf): refactor reset_event_args_buf to mark entries as invalid by @rscampos in #4437
• fix(ci): set 2XLARGE runner type to x86_64 by @geyslan in #4438
• Refactor: Remove Rego signature support by @yanivagman in #4426
• fix release tarball static binaries & make daily building faster by @geyslan in #4444
• fix(ebpf): adjust inode struct to kernel v6.11 by @rscampos in #4457
• chore(test): use cat cmd to trigger magic_write event by @rscampos in #4454
• chore: pin ubuntu:latest for gh runners / trigger magic_write event by @rscampos in #4455
• Revert "feat(helpers): unparsed flag helpers" by @yanivagman in #4462
• Revert to using raw argument values in engine stage by @y...

v0.22.6

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.6

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.6
• docker pull docker.io/aquasec/tracee:aarch64-0.22.6

What's Changed

• [v0.22.0] feat(time)!: epoch timestamps as standard by @NDStrahilevitz in #4507
• [v0.22.6] clock time fix and libbpf/libbpfgo bumps by @geyslan in #4595
• [v0.22.6] fix release tarball static binaries & make daily building faster by @geyslan in #4597
• [v0.22.6] chore(go.mod): bump api to latest 6968a8b by @geyslan in #4598
• [v0.22.6] fix(build): update Makefile.release by @geyslan in #4599

Full Changelog: v0.22.5...v0.22.6

v0.22.5

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.5

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.5
• docker pull docker.io/aquasec/tracee:aarch64-0.22.5

What's Changed

• [v0.22.5] Refactor: Restructure event and rename context by @geyslan in #4415
• [v0.22.5] bump api to latest 622ea3a & change api by @geyslan in #4418
• [v0.22.5] Perf event writes metric by @geyslan in #4420
• backport: fix(events): fix hidden_kernel_module history scan for kernels >6.2 by @OriGlassman in #4422
• [v0.22.5] chore(k8s): prepare v0.22.5 release by @geyslan in #4423

Full Changelog: v0.22.4...v0.22.5

v0.22.4

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.4

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.4
• docker pull docker.io/aquasec/tracee:aarch64-0.22.4

v0.22.3

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.3

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.3
• docker pull docker.io/aquasec/tracee:aarch64-0.22.3

v0.22.2

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.2

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.2
• docker pull docker.io/aquasec/tracee:aarch64-0.22.2