Release 0.16.0 · falcosecurity/falco

Released 2019-07-16

Major Changes

Clean up error reporting to provide more meaningful error messages along with context when loading rules files. When run with -V, the results of the validation ("OK" or error message) are sent to standard output. [#708]
Improve rule loading performance by optimizing lua parsing paths to avoid expensive pattern matches. [#694]
Bump falco engine version to 4 to reflect new fields ka.useragent, others. [#710] [#681]
Add Catch2 as a unit testing framework. This will add additional coverage on top of the regression tests using Avocado. [#687]

Add SYSDIG_DIR Cmake option to specify location for sysdig source code when building falco. [#677] [#679] [#702]
New field ka.useragent reports the useragent from k8s audit events. [#709]
Add clang formatter for C++ syntax formatting. [#701] [#689]
Partial changes towards lua syntax formatting. No particular formatting enforced yet, though. [#718]
Partial changes towards yaml syntax formatting. No particular formatting enforced yet, though. [#714]
Add cmake syntax formatting. [#703]
Token bucket unit tests and redesign. [#692]
Update github PR template. [#699]
Fix PR template for kind/rule-*. [#697]

Allow k8s.gcr.io/kube-proxy image to run privileged. [#717]
Add runc to the list of possible container entrypoint parents. [#712]
Skip Source RFC 1918 addresses when considering outbound connections. [#685]
Add additional user_XXX placeholder macros to allow for easy customization of rule exceptions. [#685]
Let weaveworks programs change namespaces. [#685]
Add additional openshift images. [#685]
Add openshift as a k8s binary. [#678]
Add dzdo as a binary that can change users. [#678]
Allow azure/calico binaries to change namespaces. [#678]
Add back trusted_containers list for backport compatibility [#675]
Add mkdirat as a syscall for mkdir operations. [#667]
Add container id/repository to rules that can work with containers. [#667]