Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cilium/tetragon

eBPF-based Security Observability and Runtime Enforcement
https://github.com/cilium/tetragon

bpf ebpf kernel kubernetes security

Last synced: 10 days ago
JSON representation

eBPF-based Security Observability and Runtime Enforcement

Host: GitHub
URL: https://github.com/cilium/tetragon
Owner: cilium
License: apache-2.0
Created: 2022-03-23T10:25:36.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-10-29T09:11:59.000Z (11 days ago)
Last Synced: 2024-10-29T10:04:58.712Z (10 days ago)
Topics: bpf, ebpf, kernel, kubernetes, security
Language: Go
Homepage: https://tetragon.io
Size: 66.8 MB
Stars: 3,621
Watchers: 53
Forks: 359
Open Issues: 227
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md

Awesome Lists containing this project

awesome-github-repos - cilium/tetragon - eBPF-based Security Observability and Runtime Enforcement (Go)
awesome-repositories - cilium/tetragon - eBPF-based Security Observability and Runtime Enforcement (Go)
awesome-kubernetes-threat-detection - tetragon
awesome-cloud-native - Tetragon - Part of Cilium - Cilium’s new Tetragon component enables powerful realtime, eBPF-based Security Observability and Runtime Enforcement. (Observability and Monitoring 🛰️)

README

        

  

    

    

  



[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)

[![License](https://img.shields.io/badge/license-BSD-blue.svg)](https://opensource.org/license/bsd-2-clause/)

[![License](https://img.shields.io/badge/license-GPL-blue.svg)](https://opensource.org/license/gpl-2-0/)

---

Cilium’s new [Tetragon](https://tetragon.io) component enables powerful

real-time, eBPF-based Security Observability and Runtime Enforcement.

Tetragon detects and is able to react to security-significant events, such as

- Process execution events

- System call activity

- I/O activity including network & file access

When used in a Kubernetes environment, Tetragon is Kubernetes-aware - that is,

it understands Kubernetes identities such as namespaces, pods and so on - so

that security event detection can be configured in relation to individual

workloads.

[![Tetragon Overview Diagram](https://github.com/cilium/tetragon/blob/main/docs/static/images/smart_observability.png)](https://tetragon.io/docs/overview/)

See more about [how Tetragon is using eBPF](https://tetragon.io/docs/overview#functionality-overview).

## Getting started

Refer to the [official documentation of Tetragon](https://tetragon.io/docs/).

To get started with Tetragon, take a look at the [getting started

guides](https://tetragon.io/docs/getting-started/) to:

- [Try Tetragon on Kubernetes](https://tetragon.io/docs/getting-started/install-k8s/)

- [Try Tetragon on Linux](https://tetragon.io/docs/getting-started/install-docker/)

- [Deploy Tetragon](https://tetragon.io/docs/installation/)

- [Install the Tetra CLI](https://tetragon.io/docs/installation/tetra-cli/)

Tetragon is able to observe critical hooks in the kernel through its sensors

and generates events enriched with Linux and Kubernetes metadata:

1. **Process lifecycle**: generating `process_exec` and `process_exit` events

   by default, enabling full process lifecycle observability. Learn more about

   these events on the [process lifecycle use case page](https://tetragon.io/docs/use-cases/process-lifecycle/).

1. **Generic tracing**: generating `process_kprobe`, `process_tracepoint` and

   `process_uprobe` events for more advanced and custom use cases. Learn more

   about these events on the [TracingPolicy concept page](https://tetragon.io/docs/concepts/tracing-policy/)

   and discover [multiple use cases](https://tetragon.io/docs/use-cases/) like:

   - [🌏 network observability](https://tetragon.io/docs/use-cases/network-observability/)

   - [📂 filename access](https://tetragon.io/docs/use-cases/filename-access/)

   - [🔑 credentials monitoring](https://tetragon.io/docs/use-cases/linux-process-credentials/)

   - [🔓 privileged execution](https://tetragon.io/docs/use-cases/process-lifecycle/privileged-execution/)

See further resources:

- [Conference Talks, Books, Blog Posts, and Labs](https://tetragon.io/docs/resources/)

- [Frequently Asked Question](https://tetragon.io/docs/installation/faq/)

- [References](https://tetragon.io/docs/reference/)

## Join the community

Join the Tetragon [💬 Slack channel](https://slack.cilium.io) and the

[📅 Community Call](https://isogo.to/tetragon-meeting-notes) to chat with

developers, maintainers, and other users. This is a good first stop to ask

questions and share your experiences.

## How to Contribute

For getting started with local development, you can refer to the

[Contribution Guide](https://tetragon.io/docs/contribution-guide/). If

you plan to submit a PR, please ["sign-off"](https://tetragon.io/docs/contribution-guide/developer-certificate-of-origin/)

your commits.