{"id":29553399,"url":"https://github.com/fededp/troublescope","last_synced_at":"2025-07-18T06:37:58.280Z","repository":{"id":267418598,"uuid":"901180185","full_name":"FedeDP/troublescope","owner":"FedeDP","description":"Falco proc tree diagnostic plugin","archived":false,"fork":false,"pushed_at":"2024-12-12T18:46:23.000Z","size":235,"stargazers_count":6,"open_issues_count":3,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-13T04:44:33.520Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FedeDP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-10T07:28:04.000Z","updated_at":"2024-12-13T12:22:57.000Z","dependencies_parsed_at":"2024-12-10T08:32:04.800Z","dependency_job_id":"f457317d-ffc7-43b6-b798-40decfbf2f82","html_url":"https://github.com/FedeDP/troublescope","commit_stats":null,"previous_names":["fededp/troublescope"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/FedeDP/troublescope","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FedeDP%2Ftroublescope","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FedeDP%2Ftroublescope/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FedeDP%2Ftroublescope/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FedeDP%2Ftroublescope/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FedeDP","download_url":"https://codeload.github.com/FedeDP/troublescope/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FedeDP%2Ftroublescope/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265711462,"owners_count":23815541,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-18T06:37:57.427Z","updated_at":"2025-07-18T06:37:58.271Z","avatar_url":"https://github.com/FedeDP.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TroubleScope\n\n![](brand/troublescope.png)\n\nTroubleScope is a Falco plugin that exposes Falco proc tree as a FuseFS.  \nIt can be useful to debug weird proc tree issues.\n\nAlso, a `diagnostic` event gets generated every time Falco proc tree diverges from real proc.\n\nThe plugin requires the `3.7.0` plugin API version.\n\n## Build\n\n```bash\n# Ubuntu\nsudo apt install fuse3 libfuse3-dev\ngit clone --recurse-submodules  git@github.com:FedeDP/troublescope.git\ncd troublescope\n# Do the following only if you don't have a system-wide vcpkg installation\nexport VCPKG_ROOT=./vcpkg\ncmake -S . -B build --preset linux-gcc\ncmake --build build --target troublescope\n```\n\n## Formatting\n\n```bash\npre-commit install --install-hooks --hook-type pre-commit --overwrite\n# or\npre-commit run --all-files\n```\n\n## Run it with Falco (stale do not use it)\n\n- Download falco master tar.gz\n- Modify the Falco config\n\n```yaml\nload_plugins: [troublescope]\n\n# Customize subsettings for each enabled plugin. These settings will only be\n# applied when the corresponding plugin is enabled using the `load_plugins`\n# option.\nplugins:\n  - name: troublescope\n    library_path: /home/andrea/personal/troublescope/libtroublescope.so\n    init_config: \"\"\n```\n\n```bash\nsudo ./usr/bin/falco -c ./etc/falco/falco.yaml -r ./etc/falco/falco_rules.yaml\n```\n\n## Run it with sinsp-example\n\nFrom libs master:\n\n```bash\nmkdir build \u0026\u0026 cd build\ncmake -DCMAKE_BUILD_TYPE=Release -DBUILD_DRIVER=ON -DBUILD_BPF=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DMODERN_BPF_DEBUG_MODE=ON -DUSE_BUNDLED_DEPS=ON -DMINIMAL_BUILD=ON ..\nmake sinsp-example -j2 \n```\n\nRun it:\n\n```bash\nsudo /home/andrea/personal/libs/build-sinsp-fast/libsinsp/examples/sinsp-example -p \"/home/andrea/personal/troublescope/build/libtroublescope.so|{\\\"fs_root\\\": \\\"/tmp/troublescope\\\"}\" -m -f \"evt.type in (open)\" \n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffededp%2Ftroublescope","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffededp%2Ftroublescope","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffededp%2Ftroublescope/lists"}