
Falco Weekly 47 - 2023
Another week, another load of improvements everywhere in the falcosecurity!
What happened in Falco this week?
Let's go through the major changes that happened in various repositories under the falcosecurity organization.
Libs
The anticipated 0.14.0 libs tag (and its driver counterpart) are a bit late, unfortunately.
Anyway, spring cleaning went on this week!
- removed stopwatchimplementation, now unused: https://github.com/falcosecurity/libs/pull/1493
- removed unused sinsp_test.cppfile: https://github.com/falcosecurity/libs/pull/1499
- removed jqdep: https://github.com/falcosecurity/libs/pull/1500
Moreover, some fixes on the recently introduced async event queue class happened: https://github.com/falcosecurity/libs/pull/1490, https://github.com/falcosecurity/libs/pull/1504. Finally, some fixes around the stats code: https://github.com/falcosecurity/libs/pull/1505, https://github.com/falcosecurity/libs/pull/1506.
Rumors have it coming next week:
- New big cleanup: deprecation of tracers: https://github.com/falcosecurity/libs/pull/1503
- ppc64lesupport for bpf and kmod + CI build jobs: https://github.com/falcosecurity/libs/pull/1497
- remove old metaevents implementation: https://github.com/falcosecurity/libs/pull/1495
- Small fix on top of ia32 work: https://github.com/falcosecurity/libs/pull/1501
Second part of an effort by Luca Guerra to clean up libsinsp from potential undefined behavior: https://github.com/falcosecurity/libs/pull/1502.
This is so important that deserved to be left alone :)
Falco
We have a new official adopter! Welcome to Thought Machine: https://github.com/falcosecurity/falco/pull/2919
Small cleanup to avoid Falco configuratiom to be inited twice: https://github.com/falcosecurity/falco/pull/2917
Falcoctl
The new driver command was merged! https://github.com/falcosecurity/falcoctl/pull/343
We are now in the process of adding tests and eventually fixing spotted bugs :)
Also, the new asset artifact type PR is being reviewed: https://github.com/falcosecurity/falcoctl/pull/309.
Others
Driverkit v0.16.0 was just released, and contains some fixes, a new local build processor and preliminary SLES support.
Let's meet 🤝
We meet every week in our community calls, if you want to know the latest and the greatest you should join us there!
If you have any questions
- Join the #falco channel on the Kubernetes Slack
- Join the Falco mailing list
Thanks to all the amazing contributors!
Cheers 🎊
Federico
