libs icon indicating copy to clipboard operation
libs copied to clipboard

Published 20 hours ago verified publisher icon falcosecurity

[LIBS PLUGINS] Make each and every libs filtercheck result accessible to syscalls plugins

Open incertum opened this issue 1 year ago • 1 comments

While working on the first iteration of the anomalydetection plugin https://github.com/falcosecurity/plugins/pull/419, it quickly became evident that a significant amount of sophisticated libs code needs to be duplicated. This process is not only tedious but also error-prone, placing additional burdens on developers who simply wish to leverage existing libs capabilities. I see this as complementary to issue https://github.com/falcosecurity/libs/issues/1944, as there will undoubtedly be cases where raw access to state table fields is still necessary.

But in cases where libs code is being copied exactly as-is, it might be worth discussing how we can improve the plugins API to avoid this kind of duplication. What do you think?

incertum avatar Aug 17 '24 05:08 incertum

/milestone TBD

/assign @jasondellaluce

incertum avatar Aug 17 '24 05:08 incertum

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana avatar Nov 15 '24 10:11 poiana

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

poiana avatar Dec 15 '24 10:12 poiana

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community. /close

poiana avatar Jan 14 '25 10:01 poiana

@poiana: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community. /close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

poiana avatar Jan 14 '25 10:01 poiana