Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cilium/tetragon
eBPF-based Security Observability and Runtime Enforcement
https://github.com/cilium/tetragon
bpf ebpf kernel kubernetes security
Last synced: 2 days ago
JSON representation
eBPF-based Security Observability and Runtime Enforcement
- Host: GitHub
- URL: https://github.com/cilium/tetragon
- Owner: cilium
- License: apache-2.0
- Created: 2022-03-23T10:25:36.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-11-19T15:22:31.000Z (23 days ago)
- Last Synced: 2024-11-19T17:11:58.536Z (23 days ago)
- Topics: bpf, ebpf, kernel, kubernetes, security
- Language: Go
- Homepage: https://tetragon.io
- Size: 65.1 MB
- Stars: 3,655
- Watchers: 53
- Forks: 369
- Open Issues: 235
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-github-repos - cilium/tetragon - eBPF-based Security Observability and Runtime Enforcement (Go)
- awesome-repositories - cilium/tetragon - eBPF-based Security Observability and Runtime Enforcement (Go)
- awesome-kubernetes-threat-detection - tetragon
- awesome-cloud-native - Tetragon - Part of Cilium - Ciliumβs new Tetragon component enables powerful realtime, eBPF-based Security Observability and Runtime Enforcement. (Observability and Monitoring π°οΈ)
README
[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![License](https://img.shields.io/badge/license-BSD-blue.svg)](https://opensource.org/license/bsd-2-clause/)
[![License](https://img.shields.io/badge/license-GPL-blue.svg)](https://opensource.org/license/gpl-2-0/)---
Ciliumβs new [Tetragon](https://tetragon.io) component enables powerful
real-time, eBPF-based Security Observability and Runtime Enforcement.Tetragon detects and is able to react to security-significant events, such as
- Process execution events
- System call activity
- I/O activity including network & file accessWhen used in a Kubernetes environment, Tetragon is Kubernetes-aware - that is,
it understands Kubernetes identities such as namespaces, pods and so on - so
that security event detection can be configured in relation to individual
workloads.[![Tetragon Overview Diagram](https://github.com/cilium/tetragon/blob/main/docs/static/images/smart_observability.png)](https://tetragon.io/docs/overview/)
See more about [how Tetragon is using eBPF](https://tetragon.io/docs/overview#functionality-overview).
## Getting started
Refer to the [official documentation of Tetragon](https://tetragon.io/docs/).
To get started with Tetragon, take a look at the [getting started
guides](https://tetragon.io/docs/getting-started/) to:
- [Try Tetragon on Kubernetes](https://tetragon.io/docs/getting-started/install-k8s/)
- [Try Tetragon on Linux](https://tetragon.io/docs/getting-started/install-docker/)
- [Deploy Tetragon](https://tetragon.io/docs/installation/)
- [Install the Tetra CLI](https://tetragon.io/docs/installation/tetra-cli/)Tetragon is able to observe critical hooks in the kernel through its sensors
and generates events enriched with Linux and Kubernetes metadata:
1. **Process lifecycle**: generating `process_exec` and `process_exit` events
by default, enabling full process lifecycle observability. Learn more about
these events on the [process lifecycle use case page](https://tetragon.io/docs/use-cases/process-lifecycle/).
1. **Generic tracing**: generating `process_kprobe`, `process_tracepoint` and
`process_uprobe` events for more advanced and custom use cases. Learn more
about these events on the [TracingPolicy concept page](https://tetragon.io/docs/concepts/tracing-policy/)
and discover [multiple use cases](https://tetragon.io/docs/use-cases/) like:
- [π network observability](https://tetragon.io/docs/use-cases/network-observability/)
- [π filename access](https://tetragon.io/docs/use-cases/filename-access/)
- [π credentials monitoring](https://tetragon.io/docs/use-cases/linux-process-credentials/)
- [π privileged execution](https://tetragon.io/docs/use-cases/process-lifecycle/privileged-execution/)See further resources:
- [Conference Talks, Books, Blog Posts, and Labs](https://tetragon.io/docs/resources/)
- [Frequently Asked Question](https://tetragon.io/docs/installation/faq/)
- [References](https://tetragon.io/docs/reference/)## Join the community
Join the Tetragon [π¬ Slack channel](https://slack.cilium.io) and the
[π Community Call](https://isogo.to/tetragon-meeting-notes) to chat with
developers, maintainers, and other users. This is a good first stop to ask
questions and share your experiences.## How to Contribute
For getting started with local development, you can refer to the
[Contribution Guide](https://tetragon.io/docs/contribution-guide/). If
you plan to submit a PR, please ["sign-off"](https://tetragon.io/docs/contribution-guide/developer-certificate-of-origin/)
your commits.