Today we announce the summer release of Falco 0.29.0 🌱
This version brings a lot of new features and fixes!
Let's now review some of the new things Falco 0.29.0 brings.
New libraries repository!
New libs version!
- support for tracing the userfaultd system calls
- improvements to how
libsinspgathers Kubernetes pod resources limits and pod IP from the container runtime
- improvement in
libsinspon pod metadata and namespace retrieval for large cluster scenarios, by getting them directly from container labels which is more efficient and use the K8s API server as a fallback
- fixes to the issues reported by many users on Falco where you can't have a working BPF probe when compiling with Clang >= 10.0.0
- fixes to correctly read, when loading the eBPF probe, the license from the BPF binary instead of always reading it from the libscap loader
Improvements on building system
As usual, we keep improving the existing rules and we added new ones, like removing false positives when detecting non-sudo and non-root setuid calls.
Other false positives has been removed by ignoring additional known Kubernetes service account when watching for service accounts creted in
Improvements have been made also for anti-miner detection, by adding additional domains to be detected.
For a complete list please visit the changelog.
On the future
Now that the libscap, libsinsp, and the two Falco drivers have been contributed to the CNCF, we're moving in the direction of enabling people to benefit from those libraries by using them directly in their OSS projects, as now done by Falco.
As usual, in case you just want to try out the stable Falco 0.29.0, you can install its packages following the process outlined in the docs:
Do you rather prefer using the container images? No problem at all! 🐳
You can read more about running Falco with Docker in the docs.
Notice that thanks to Jonah, one of our Falco Open Infra maintainers, you can find also the Falcosecurity container images on the public AWS ECR gallery:
This makes part of an effort to publish Falco container images on other registries that began while cooking up Falco 0.27.0.
Let's meet 🤝
As always, we meet every week in our community calls, if you want to know the latest and the greatest you should join us there!
If you have any questions
Thanks to all the amazing contributors! Falco reached 100 contributors, but also all the other Falco projects are receiving a vital amount of contributions every day.
Keep up the good work!