v0.22.3

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.3

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.3
• docker pull docker.io/aquasec/tracee:aarch64-0.22.3

v0.22.2

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.2

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.2
• docker pull docker.io/aquasec/tracee:aarch64-0.22.2

v0.22.1

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.1

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.1
• docker pull docker.io/aquasec/tracee:aarch64-0.22.1

v0.22.0

⚡️ Release notes and discussion: https://github.com/aquasecurity/tracee/discussions/4272 ⚡️

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.0

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.0
• docker pull docker.io/aquasec/tracee:aarch64-0.22.0

What's Changed

• Fix release action by @geyslan in #4136
• fix(ci): dev tag is the latest snapshot by @geyslan in #4137
• chore(ci): use dev tag for docker image building by @geyslan in #4138
• chore: install last version of golang by @rscampos in #4139
• chore: golang binary move to tmp by @rscampos in #4140
• fix(ci): make release rule to have prerequisites by @geyslan in #4141
• Create Makefile format-pr rule by @geyslan in #4142
• Bumps to fix cve-2024-24790 by @geyslan in #4143
• fix(build): mv gh release logic to release rule by @geyslan in #4145
• feat(events): add security_task_setrlimit by @OriGlassman in #4148
• fix(build): fix release build by @geyslan in #4150
• Added event containing full payload for all packets by @oshaked1 in #4122
• Fix Integration Tests by @geyslan in #4157
• chore(logger): safe guard before locking by @geyslan in #4160
• chore: rem logger and errfmt as deps from env pkg by @geyslan in #4129
• chore: make dependencies manager a singleton by @geyslan in #4161
• fix: generic kubernetes containerd path pattern by @NDStrahilevitz in #4155
• Tidying Policy Manager by @geyslan in #4165
• fix(events): ftrace_hook: address tabs in input lines by @OriGlassman in #4110
• fix(pipeline): add ebpf caps in stack addres query by @NDStrahilevitz in #4169
• fix(tests): remove named pipe if it exists by @geyslan in #4171
• feat(events): create tracee_info event by @rscampos in #4166
• Fix deps deadlock by @geyslan in #4173
• Policies tidying more by @geyslan in #4168
• Caps concurrency fix by @geyslan in #4175
• Fix(events): don't remove fork excess args by @rscampos in #4167
• fix(proctree): fix clock type differences by @rscampos in #4117
• feat(caps): base ebpf capabilities by @NDStrahilevitz in #4178
• chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 by @dependabot in #4180
• Packet capture context by @oshaked1 in #4072
• chore: introduce eventFlags to policy manager by @geyslan in #4179
• chore(cap): check if cap is supported before set/unset by @rscampos in #4185
• fix(build): add the include to 3rdparty libbpf during libbpfgo compilation by @rscampos in #4186
• chore(build): trigger tracee tests on Makefile changes by @rscampos in #4187
• chore: use libbpfgo to check bpf helper func by @rscampos in #4184
• chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 in /api by @dependabot in #4188
• fix: inner error inside check for ebpf func by @rscampos in #4189
• feat(ebpf): configurable pipeline channel size by @NDStrahilevitz in #4182
• chore(ebpf): optimize filldir64 program by @NDStrahilevitz in #4183
• fix(controlplane): filter unnecessary enriches by @NDStrahilevitz in #4193
• feat(ebpf): add security_settime64 by @OriGlassman in #4201
• fix: Ensure correct event dependency for process_execute_failed by @yanivagman in #4203
• fix: Prevent loading syscall-specific BPF programs for non-syscall events by @yanivagman in #4202
• feat(ebpf): add prev_comm for sched_process_exec by @OriGlassman in #4206
• chore: release bpf object memory by @rscampos in #4209
• chore(deps): bump github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible by @dependabot in #4215
• fix: necessary to Init engine before Start by @rscampos in #4222
• fix: TRACE_RET_FUNC macro by @yanivagman in #4216
• chore(parsers): optimize ParseMmapProt by @geyslan in #4200
• improve flag parsing performance by @geyslan in #4197
• fix: set engine to nil - sig benchmark by @rscampos in #4234
• chore(sig): define signature metadata statically by @rscampos in #4237
• chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible by @dependabot in #4240
• feat(ebpf): use bpf_task_pt_regs when available by @OriGlassman in #4238
• feat: add syscall helper macros by @yanivagman in #4243
• feat(ebpf): make security_socket_setsockopt not rely on sys_enter/exit by @OriGlassman in #4224
• remove e2e tests for kernels 5.4 and 4.18 on ARM by @OriGlassman in #4247
• fix(ebpf): use correct syscall id for compat by @OriGlassman in #4245
• feat(ebpf): make security_file_open not rely on sys_enter/exit by @OriGlassman in #4226
• feat(ebpf): remove sys_enter/exit dependency from security_socket_con… by @OriGlassman in #4220
• feat(ebpf): make security_socket_accept not rely on sys_enter/exit by @OriGlassman in #4213
• feat(ebpf): make mem_prot_alert not rely on sys_enter/exit by @OriGlassman in #4227
• feat(ebpf): make security_socket_bind not rely on sys_enter/exit by @OriGlassman in #4225
• feat(ebpf): make set_fs_pwd not rely on sys_enter/exit by @OriGlassman in #4228
• chore: pin go tools versions by @geyslan in #4251
• perf: benchmark improve sig GetMetadata by @rscampos in #4223
• chore: update AMI matrix images by @rscampos in #4250
• Improve save_args_to_submit_buf by @geyslan in #4217
• feat(ebpf): add path&ctime to module_load event by @OriGlassman in #4235
• fix(ebpf): fix compilation warning sockfd_addr by @OriGlassman in #4254
• process_execute_failed: don't rely on sys_enter by @oshaked1 in #4259
• Generic syscall kprobes by @yanivagman in #4256
• Proctree improvements (RSS/Performance) by @geyslan in #4261
• optimize parser options check by @geyslan in #4199
• Changelog optimization by @geyslan in #4242
• fix: improve performance of readStringVarFromBuff by @geyslan in #4194
• improve flag parsing performance continuation by @geyslan in #4198
• fix(build): parallel build (libbpf wise) by @geyslan in #4196
• Provide manual files in release image/archive by @geyslan in #4230
• fix(build): cyclic dependency in makefile by @geyslan in #4262
• chore: remove leftover from #4262 by @geyslan in #4265
• chore(k8s): prepare v0.22.0 release by @rscampos in #4267

Full Changelog: v0.21.0...v0.22.0

v0.21.0

⚡️ Release notes and discussion: https://github.com/aquasecurity/tracee/discussions/4147 ⚡️

Docker Image

• docker pull docker.io/aquasec/tracee:0.21.0

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.21.0
• docker pull docker.io/aquasec/tracee:aarch64-0.21.0

What's Changed

• fix: e2e-net-tests should use unified binary by @josedonizetti in #3842
• Docs: fixed the typo by @Tej-Singh-Rana in #3859
• GitHub actions chore by @geyslan in #3864
• chore: remove gob printer by @josedonizetti in #3841
• feat: allow webhook configuration via helm values by @ndegory in #3832
• grpc: add direction to packet metadata by @josedonizetti in #3861
• grpc: update packet metadata by @josedonizetti in #3862
• chore: bump opa to 0.61.0 by @josedonizetti in #3868
• Use EXECUTION_TYPE label for github self host runner by @sharon-amir in #3875
• fix(tests): unattended upgrades still running sometimes by @geyslan in #3877
• fix(docs): kubectl configmap command by @geyslan in #3880
• fix: bump opa to v0.61.0 by @josedonizetti in #3887
• chore: add labels for grpc and api by @josedonizetti in #3890
• fix(ebpf): fix hidden_kernel_module not found symbol by @OriGlassman in #3834
• fix: improve performance of magic_write event by @yanivagman in #3899
• fix(derive): keep symbols_collision state between events by @AlonZivony in #3894
• helm: config go template only if passed by @josedonizetti in #3884
• ebpf: don't send magic_write with zero bytes by @yanivagman in #3901
• fix(events): fix ftrace_hook by @OriGlassman in #3896
• chore: change github run id format by @geyslan in #3902
• fix(tests): e2e-install-deps.sh wait for unlock by @geyslan in #3910
• Fix proc info lru by @yanivagman in #3918
• chore: use map instead of stack to store task_info by @yanivagman in #3920
• Improve bpf policies config access by @geyslan in #3906
• Change inotify_watch event to security_path_notify by @oshaked1 in #3913
• chore(deps): bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible by @dependabot in #3925
• Concurrency issue at analyze by @rscampos in #3907
• Optimize init program by @yanivagman in #3923
• refactor: move to the new pyroscope package by @06kellyjac in #3927
• fix: make check-pr compliant with different shells by @geyslan in #3929
• chore: ensure unattended-upgrades killing by @geyslan in #3934
• chore!: remove gob support from tracee-rules by @geyslan in #3939
• fix(filters): handle syscall arg by @geyslan in #3893
• fix: preallocate ids for signatures upon load by @AlonZivony in #3941
• chore(deps): bump google.golang.org/protobuf to v1.33.0 by @hangrymuppet in #3946
• fix: security_socket_connect wrong fd by @yanivagman in #3951
• Invert Policies inner maps key pair by @geyslan in #3955
• Opa bump by @geyslan in #3957
• chore: set xtrace on e2e-install-deps.sh script by @geyslan in #3958
• Add ArgVal signature helper by @oshaked1 in #3954
• chore(policy): add policiesMapByName to Policies by @geyslan in #3956
• Dependencies tree manager by @AlonZivony in #3931
• chore: various co-re fixes by @yanivagman in #3952
• fix(dependencies): allow multiple removes of same event by @AlonZivony in #3961
• fix: add missing nodeSelector and tolerations to tracee-operator by @ndegory in #3944
• Add Iterator generic interface, debut it in Policies by @geyslan in #3963
• Run x86_64 & aarch64 builds in parallel by @hangrymuppet in #3962
• chore(ci): run x86_64 & aarch64 builds in parallel by @geyslan in #3968
• chore: make Cloner generic by @geyslan in #3966
• fix: capture io by @yanivagman in #3972
• chore: remove OPT_PROCESS_INFO by @yanivagman in #3975
• fix: update vagrant file to download kubectl by @rscampos in #3977
• chore(ci): bump actions versions by @geyslan in #3969
• Fix Policies Cloning by @geyslan in #3971
• Add timestamp docker tag for dev image by @hangrymuppet in #3959
• chore(ci): labeler v5.0.0 is inconsistent by @geyslan in #3978
• Libbpfgo bump by @geyslan in #3970
• fix: show argv on failed execve events by @yanivagman in #3922
• fix(analyze): bind flags with viper by @AlonZivony in #3981
• fix: wrong print_mem_dump errors about args filter by @AlonZivony in #3895
• Fix helm install option webhook by @rscampos in #3984
• fix(ebpf): use debug error level instead of error by @geyslan in #3985
• refactor: Improve API used by ebpf programs by @yanivagman in #3982
• fix: vagrantfile url for opa download by @rscampos in #3990
• chore(deps): bump golang.org/x/net from 0.17.0 to 0.23.0 in /api by @dependabot in #3991
• chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #3992
• fix(ebpf): check if engineOutput is closed by @geyslan in #3994
• chore: refactor equality computation by @geyslan in #3997
• Chore at large by @geyslan in #3979
• Wait for apt locks by @geyslan in #4000
• Rename context filters to scope filters by @yanivagman in #3995
• Helm webhook custom templates by @ndegory in #3942
• fix: proper fragment delimiters in webhook URL by @ndegory in #3943
• fix event definitions api by @josedonizetti in #4004
• grpc: update definitions api by @josedonizetti in #4006
• chore(k8s): prepare v0.21.0 release by @geyslan in #4007
• [v0.21.0] fix(events): fix process_execute_failed missing symbol for new kernels by @geyslan in #4011
• fix(events): hidden_kernel_module - change history scan behaviour by @OriGlassman in #4020
• feat(proctree): control procfs query by config by @AlonZivony in #4022
• [v0.21.0] capture: fixes and tests by @NDStrahilevitz in #4023
• [v0.21.0] fix: network event context by @NDStrahilevitz in #4029
• fix(ebpf): use kprobes for execute_finished by @AlonZivony in #4030
• fix: avoid logging warnings for non-ELF so loading by @AlonZivony in #4037
• v0.21.0:chore(events): decrease SO loader error log level to debug by @AlonZivony in #4041
• fix: remove invalid "format" event from docs by @yanivagman in #4042
• 0.21.0/fix(tests): fix goroutines leakage in integration tests by @AlonZivony in #4052
• [v0.21.0] Revert "chore(k8s): prepare v0.21.0 release (#4007)" by @geyslan in #4055
• chore(helm): rename helm field config file (#4018) by @geyslan ...

v0.20.0

⚡️ Release notes and discussion: https://github.com/aquasecurity/tracee/discussions/3869 ⚡️

Docker Image

• docker pull docker.io/aquasec/tracee:0.20.0

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.20.0
• docker pull docker.io/aquasec/tracee:aarch64-0.20.0

What's Changed

• docs(mkdocs): rename crs to cri in menu by @rafaeldtinoco in #3671
• Add verify-docs job by @geyslan in #3672
• rebase of #3638 by @rafaeldtinoco in #3683
• Fix readme by @rafaeldtinoco in #3686
• chore(container): same default events as k8s deployment by @rafaeldtinoco in #3687
• fix(ebpf): use ts as fd_arg_path_map key by @geyslan in #3674
• fix(finding): add missing fields by @NDStrahilevitz in #3694
• refactor(engine): feed engine with signatures events by @AlonZivony in #3681
• feat(signatures): add simple proctree datasource envelope by @AlonZivony in #3692
• Make filtered aggregation possible by @geyslan in #3677
• feature(types): add packet metadata type by @NDStrahilevitz in #3708
• Packet direction flag by @NDStrahilevitz in #3706
• minor fix on top of #3707 by @rafaeldtinoco in #3709
• probes: improve probes by having specific getters by @rafaeldtinoco in #3710
• feat(types): time relevant info for proctree by @AlonZivony in #3712
• docs: add discussion template for adopters by @AnaisUrlichs in #3702
• Feature/proctree query time by @AlonZivony in #3691
• Feature: DNS Cache datasource by @NDStrahilevitz in #3679
• chore: rename Context to EventContext by @geyslan in #3716
• Pin pandoc version to 3.1.2 by @geyslan in #3720
• libbpfgo bump to v0.6.0-libbpf-1.3 by @geyslan in #3713
• make #3715 pass doc verification by @rafaeldtinoco in #3721
• chore(ci): bump changed-files to v40.2.0 by @geyslan in #3723
• bugfix(ebpf): avoid errors upon hash calc fail by @AlonZivony in #3733
• fix: webhook template should support sprig funcs by @josedonizetti in #3724
• feature: add ctime to containers data source by @NDStrahilevitz in #3728
• chore(release): use go1.20 for releasing by @rafaeldtinoco in #3740
• chore: fix typo by @josedonizetti in #3736
• fix(release): tracee-container alpine version to 3.18 by @rafaeldtinoco in #3744
• Network: add net_tcp_connect event with DNS support by @rafaeldtinoco in #3738
• chore: refer to man pages by @geyslan in #3749
• feature: pluggable datasources by @josedonizetti in #3737
• Bugfix/parse finding type correctly by @AlonZivony in #3760
• Writeable datasource types by @NDStrahilevitz in #3759
• feature(api): add data source grpc service by @NDStrahilevitz in #3761
• chore(api): fix typo by @NDStrahilevitz in #3762
• chore(makefile): fix doube-quoted version string by @rafaeldtinoco in #3764
• feat(ebpf): optimize sendmsg/recvmsg kprobes by @NDStrahilevitz in #3766
• feature(event): create net_flow_tcp_begin event by @rafaeldtinoco in #3750
• fix(network): fix http request/response events by @rafaeldtinoco in #3770
• chore: update proto types by @josedonizetti in #3772
• chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #3773
• fix(ebpf): adjust inode struct to kernel v6.6 by @NDStrahilevitz in #3769
• feat(types): improve datasource write api by @NDStrahilevitz in #3763
• fix: filter dispatching to signatures by @NDStrahilevitz in #3729
• feature: Add name and properties to Threat, and add Threat to Event definition. by @josedonizetti in #3742
• feature: writeable data source by @NDStrahilevitz in #3725
• Improve performance of exec-hash by @NDStrahilevitz in #3752
• fix: create pid file under install-path by @NDStrahilevitz in #3775
• feature: add signature name to event definition by @josedonizetti in #3743
• add Struct type and detect.FindingData by @josedonizetti in #3776
• Fix dynamic data arguments by @josedonizetti in #3777
• chore(derive/http): change log level when packets are malformed by @NDStrahilevitz in #3780
• Types protected finding by @NDStrahilevitz in #3782
• Protected finding data by @NDStrahilevitz in #3779
• chore(deps): bump tj-actions/changed-files from 40.2.0 to 41.0.0 in /.github/workflows by @dependabot in #3788
• fix: use thread safe wrapper for ksyms table by @NDStrahilevitz in #3786
• fix: triggeredBy should print event on table output by @josedonizetti in #3792
• fix(doc): contribution document link by @yasindce1998 in #3794
• Pin revive version by @geyslan in #3796
• fix(ebpf): fix hidden_kernel_module error in some kernels by @OriGlassman in #3797
• fix(events): restore dependency in hooked_syscall by @NDStrahilevitz in #3784
• Introduce Policies versioning (map of maps) by @geyslan in #3305
• Update Golang in all Project by @rafaeldtinoco in #3806
• chore(docs): specify distros and versions support by @rafaeldtinoco in #3808
• Remove BPF map macros by @geyslan in #3735
• Fix event data structure by @josedonizetti in #3812
• Fix symbol multi addrs by @rafaeldtinoco in #3802
• chore(ci): add mantic 6.6 AMIs by @geyslan in #3810
• fix(capture): restore absolute time in pcap frames by @AlonZivony in #3800
• Update api types by @josedonizetti in #3814
• feat(signatures): expose signatures helpers as Go module by @AlonZivony in #3765
• chore(deps): bump github.com/containerd/containerd from 1.7.0 to 1.7.11 by @dependabot in #3816
• Make policies config versioned by @geyslan in #3809
• chore: remove replace of signatures helpers by @AlonZivony in #3819
• grpc: fix nil arguments by @josedonizetti in #3823
• chore: remove clang march flag by @geyslan in #3831
• chore: increase vb resources by @geyslan in #3833
• fix: skip timestamp normalizing in derived events by @NDStrahilevitz in #3835
• fix: change missing probe log level by @josedonizetti in #3836
• chore(deps): bump github.com/opencontainers/runc from 1.1.7 to 1.1.12 by @dependabot in #3837
• Fix ArgsNum by @geyslan in #3839
• Fix typo in kubernetes install guide by @logicfox in #3846
• Various cgroup and mounting fixes and optimizations by @NDStrahilevitz in #3829
• fix(processors): change args values by name by @AlonZivony in #3838
• Set exec-hash default option by @geyslan in #3852
  ...

v0.19.0

Docker Image

• docker pull docker.io/aquasec/tracee:0.19.0

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.19.0
• docker pull docker.io/aquasec/tracee:aarch64-0.19.0

What's Changed

Release Notes: https://github.com/aquasecurity/tracee/discussions/3670
Full Changelog: v0.18.0-rc...v0.19.0-rc

v0.18.1

Docker Image

• docker pull docker.io/aquasec/tracee:0.18.1

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.18.1
• docker pull docker.io/aquasec/tracee:aarch64-0.18.1

v0.18.0

Docker Image (x86_64 only)

• docker pull docker.io/aquasec/tracee:0.18.0

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.18.0
• docker pull docker.io/aquasec/tracee:aarch64-0.18.0

What's Changed

• make: set LIBBPFGO_OSRELEASE_FILE default value by @geyslan in #3226
• chore: migrate to golang-lru v2 by @NDStrahilevitz in #3140
• (extensions) probes: create probe group, events: start work by @rafaeldtinoco in #3223
• flags: refactor FilterMap by @yanivagman in #3222
• go.mod: remove types replace by @NDStrahilevitz in #3236
• containers: trim mountpoint from stored paths by @NDStrahilevitz in #3231
• docs: remove old trace subcommand by @geyslan in #3238
• ebpf: pipeline: reduce iteration over policies by @geyslan in #3209
• engine: fix panic on waitgroup by @josedonizetti in #3233
• Update packaging.md for Ubuntu package building by @pimvh in #3243
• ebpf: fix socket_accept event by @NDStrahilevitz in #3240
• fix: fix container edge case in events pipeline by @geyslan in #3253
• tracee: skip golang plugin for static binaries by @josedonizetti in #3244
• Fix typo in Vagrantfile's comment by @64J0 in #3260
• tracee: signatures-dir accept multiple values by @josedonizetti in #3246
• change hooked_syscalls event so users can specify syscalls to check. by @AsafEitani in #3136
• events: hidden_kernel_module changes by @OriGlassman in #3255
• config: extract config structs to its own pkg by @geyslan in #3228
• eBPF control plane signals by @NDStrahilevitz in #3237
• build: remove signing from snapshot by @josedonizetti in #3271
• release: bump release tag to 0.16.0 by @josedonizetti in #3272
• fix: send init events to pipeline by @geyslan in #3270
• thread-safety issues fix by @rafaeldtinoco in #3265
• fix(pkg/events): fix tailcall dependencies race issues by @rafaeldtinoco in #3274
• build: remove release on tag push by @josedonizetti in #3273
• chore: move syscaller to dist by @geyslan in #3269
• fix(tests): fix input paths in parsecmd test by @rafaeldtinoco in #3275
• tracee: add analyze cmd by @josedonizetti in #3101
• policies: rename list fields to be plural by @josedonizetti in #3242
• fix(pkg/counter): finish making counter atomic by @rafaeldtinoco in #3276
• fix: derived event not triggering if base filtered by @josedonizetti in #3280
• enrich: fixes post control plane by @NDStrahilevitz in #3285
• docs: add analyze documentation by @josedonizetti in #3292
• doc: add tutorial to verify tracee signature by @josedonizetti in #3291
• fix: signature event not triggering if base filtered by @josedonizetti in #3281
• pipeline memory efficiency using pool by @geyslan in #3297
• events: update syscall_pathname for security_file_open by @OriGlassman in #3298
• Events and Scope flags by @geyslan in #3262
• pkg/containers: fix deadlock by @josedonizetti in #3311
• [v0.16.0] chore: bump k8s tag to 0.16.1 by @josedonizetti in #3316
• docs: updating link to tracee docs for search results by @AnaisUrlichs in #3317
• feature: remove policy actions by @josedonizetti in #3314
• fix(server): re-enable prometheus counters. by @rafaeldtinoco in #3304
• fix (cgroups): already dead edge case by @NDStrahilevitz in #3325
• docs: updating policies overview by @AnaisUrlichs in #3318
• chore bump 0.16.2 by @josedonizetti in #3331
• feature(k8s): policy k8s compatible by @josedonizetti in #3330
• chore: bump k8s tag to 0.17.0 by @josedonizetti in #3336
• fix(ebpf): size of mntns/pidns filters key holders by @geyslan in #3337
• fix: validate policy names are rfc 1123 by @josedonizetti in #3335
• remove help command, create flags markdown docs by @geyslan in #3321
• fix: data source registration after NewEngine by @NDStrahilevitz in #3342
• fix(build): btfhub's bpftool in alpine container by @geyslan in #3349
• chore(build): add LOGFROM flag to check-pr rule by @geyslan in #3348
• chore(build): change check-pr output format by @geyslan in #3351
• refactor(events): new event definitions (mutable vs immutable data) by @rafaeldtinoco in #3340
• fix(filter): remove unneeded workaround by @rafaeldtinoco in #3352
• events: adjust hidden kernel module event to v6.4 by @OriGlassman in #3360
• fix(config): loading config file by @josedonizetti in #3370
• Update the URL as the old one did not lead to the grafana tutorial an… by @AnaisUrlichs in #3371
• chore(docs): add note for quote yaml value by @geyslan in #3367
• chore: bump k8s tags to 0.17.1 by @josedonizetti in #3374
• bugfix(capture): remove CONFIG_KALLSYMS_ALL dependency by @AlonZivony in #3381
• docs: additional resources for the docs by @AnaisUrlichs in #3379
• feat: add tracee rpc service by @josedonizetti in #3389
• feat: add loggers atomic level by @josedonizetti in #3391
• Add grpc server by @josedonizetti in #3390
• --help flag parsing by @geyslan in #3393
• feat: add diagnostic rpc by @josedonizetti in #3395
• Add grpc diagnostic by @josedonizetti in #3394
• fix: k8s policies tutorial by @josedonizetti in #3373
• chore(flags): change scope/event flag parsers by @geyslan in #3343
• fix: log level should match zap log priority by @josedonizetti in #3409
• fix: ignore error for cgroups that doesn't exist by @josedonizetti in #3410
• refactor: getStackAddresses doesn't return an err by @josedonizetti in #3414
• chore(revive): mitigate redundant warning by @rafaeldtinoco in #3417
• fix: committing typo by @testwill in #3418
• feature(types): add task identifier by @rafaeldtinoco in #3425
• fix(flags): use scope flag parser for policy by @geyslan in #3429
• fix: capture of writev by @roikol in #3413
• fix: fix section name for vfs_readv by @AlonZivony in #3421
• feat: filter file capture by ELF type by @AlonZivony in #3361
• docs: modifying readme by @AnaisUrlichs in #3378
• Fix(capture): fix verifier issue with elf capture by @AlonZivony in #3433
• fix: print_mem_dump fails on missing symbol by @NDStrahilevitz in #3384
• Revert "fix: print_mem_dump fails on missing symbol (#3384)" by @AlonZivony in #3436
• fix(definitions): ksymbols dependencies handled wrongly by @rafaeldtinoco in #3443
• feat: add streams by @josedonizetti in https://github.com/aquasecurity/tracee...

v0.17.1

Docker Image (x86_64 only)

• docker pull docker.io/aquasec/tracee:0.17.1

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.17.1
• docker pull docker.io/aquasec/tracee:aarch64-0.17.1