{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":580805113,"defaultBranch":"main","name":"rules","ownerLogin":"falcosecurity","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-12-21T13:49:45.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/42391047?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1716465053.0","currentOid":""},"activityList":{"items":[{"before":"87c6d145960274efd5bb868957b224751e2107b4","after":null,"ref":"refs/heads/leogr-patch-1","pushedAt":"2024-05-22T09:42:21.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"}},{"before":"59bf03bf740b41b74c2dfad1e25179f2c30f92c0","after":"9e56293b55dac24c8f124b5b7aebfec07a6b4f5e","ref":"refs/heads/main","pushedAt":"2024-05-22T09:42:19.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"fix(.github/workflow): strict naming convention for changed rules files\n\nSigned-off-by: Leonardo Grasso <me@leonardograsso.com>","shortMessageHtmlLink":"fix(.github/workflow): strict naming convention for changed rules files"}},{"before":null,"after":"87c6d145960274efd5bb868957b224751e2107b4","ref":"refs/heads/leogr-patch-1","pushedAt":"2024-05-22T09:33:43.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"leogr","name":"Leonardo Grasso","path":"/leogr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3390997?s=80&v=4"},"commit":{"message":"fix(.github/workflow): strict naming convention for changed rules files\n\nSigned-off-by: Leonardo Grasso <me@leonardograsso.com>","shortMessageHtmlLink":"fix(.github/workflow): strict naming convention for changed rules files"}},{"before":"29c41c4eed4bbc51aaf5be0f3ea332a66ef54e31","after":"59bf03bf740b41b74c2dfad1e25179f2c30f92c0","ref":"refs/heads/main","pushedAt":"2024-05-20T11:39:10.000Z","pushType":"pr_merge","commitsCount":3,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"chore: bump engine version for incubating rules\n\nSigned-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>","shortMessageHtmlLink":"chore: bump engine version for incubating rules"}},{"before":"4f153f53aee76351b3f51438c8c3a28bba1b1210","after":"29c41c4eed4bbc51aaf5be0f3ea332a66ef54e31","ref":"refs/heads/main","pushedAt":"2024-05-14T09:13:45.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"fix: change CVE-2024-3094 to match liblzma contain instead of endswith\n\nSigned-off-by: Edgaras <edgaras@apsega.lt>","shortMessageHtmlLink":"fix: change <a title=\"CVE-2024-3094\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-rxwq-x6h5-x525/hovercard\" href=\"https://github.com/advisories/GHSA-rxwq-x6h5-x525\">CVE-2024-3094</a> to match liblzma contain instead of endswith"}},{"before":"e65f2518b06b6e439b49451a0738115f74d224e0","after":"4f153f53aee76351b3f51438c8c3a28bba1b1210","ref":"refs/heads/main","pushedAt":"2024-04-30T16:14:51.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"fix: add `\"\"` case for user.name\n\nSigned-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>","shortMessageHtmlLink":"fix: add <code>\"\"</code> case for user.name"}},{"before":"ec255e68f4cc05ce91d641e36f1855b4435556d5","after":"e65f2518b06b6e439b49451a0738115f74d224e0","ref":"refs/heads/main","pushedAt":"2024-04-23T09:02:17.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"rule(write_etc_common): Ignore writes by etckeeper under /etc/.git/\n\nEvery time etckeeper update the git history of the content in /etc/, it update\nfiles in /etc/.git/ (nd /etc/.etckeeper).  This trigger a warning from falco about\nwrites in /etc/ for every time the cron job or package update.  This change tell\nthe write_etc_common macro to ignore all writes under /etc/.git/ by a\nprocess whos anchestor is etckeeper and one of the scripts called by etckeeper\nto do the /etc/.git updates.\n\n/kind bug\n/kind design\n/kind feature\n/area rules\n\nSigned-off-by: Petter Reinholdtsen <pere@hungry.com>","shortMessageHtmlLink":"rule(write_etc_common): Ignore writes by etckeeper under /etc/.git/"}},{"before":"2b3267438fcd5ab3655a94f3d401eae9557d2015","after":null,"ref":"refs/heads/dependabot/github_actions/actions-36b0b72d20","pushedAt":"2024-04-17T08:37:53.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"}},{"before":"869c9a7f4d0607fe17df94f8da2f061d8ab3e9a9","after":"ec255e68f4cc05ce91d641e36f1855b4435556d5","ref":"refs/heads/main","pushedAt":"2024-04-17T08:37:52.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"build(deps): Bump sigstore/cosign-installer in the actions group\n\nBumps the actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer).\n\n\nUpdates `sigstore/cosign-installer` from 3.4.0 to 3.5.0\n- [Release notes](https://github.com/sigstore/cosign-installer/releases)\n- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0)\n\n---\nupdated-dependencies:\n- dependency-name: sigstore/cosign-installer\n  dependency-type: direct:production\n  update-type: version-update:semver-minor\n  dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"build(deps): Bump sigstore/cosign-installer in the actions group"}},{"before":null,"after":"2b3267438fcd5ab3655a94f3d401eae9557d2015","ref":"refs/heads/dependabot/github_actions/actions-36b0b72d20","pushedAt":"2024-04-11T09:38:47.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"build(deps): Bump sigstore/cosign-installer in the actions group\n\nBumps the actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer).\n\n\nUpdates `sigstore/cosign-installer` from 3.4.0 to 3.5.0\n- [Release notes](https://github.com/sigstore/cosign-installer/releases)\n- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0)\n\n---\nupdated-dependencies:\n- dependency-name: sigstore/cosign-installer\n  dependency-type: direct:production\n  update-type: version-update:semver-minor\n  dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"build(deps): Bump sigstore/cosign-installer in the actions group"}},{"before":"88a40c8d9c9af7985998689e9847f60a2a5de898","after":"869c9a7f4d0607fe17df94f8da2f061d8ab3e9a9","ref":"refs/heads/main","pushedAt":"2024-04-05T13:12:02.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"update(falco-incubating_tules.yaml): add Backdoored library loaded into SSHD rule\n\nSigned-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>","shortMessageHtmlLink":"update(falco-incubating_tules.yaml): add Backdoored library loaded in…"}},{"before":"172d2c283f9b432b5dc55239a4003dd19f237182","after":"88a40c8d9c9af7985998689e9847f60a2a5de898","ref":"refs/heads/main","pushedAt":"2024-03-22T15:52:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"update: add macro known_drop_and_execute_activities\n\nSigned-off-by: Sean Doughty <sean@render.com>","shortMessageHtmlLink":"update: add macro known_drop_and_execute_activities"}},{"before":"fbf0a4e8ce6b56a9c5ec4e6c4abadfaf14c9786b","after":"172d2c283f9b432b5dc55239a4003dd19f237182","ref":"refs/heads/main","pushedAt":"2024-03-22T14:37:53.000Z","pushType":"pr_merge","commitsCount":4,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"Update .github/workflows/yaml-lint.yaml\n\nCo-authored-by: Federico Di Pierro <nierro92@gmail.com>\nSigned-off-by: Kapil Sharma <ks3913688@gmail.com>\nSigned-off-by: h4l0gen <ks3913688@gmail.com>","shortMessageHtmlLink":"Update .github/workflows/yaml-lint.yaml"}},{"before":"d5fa8f82a6aaf008e08ede62519d27a69a7160ed","after":null,"ref":"refs/heads/cleanup/k8s-gcr-io","pushedAt":"2024-03-14T08:43:26.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"}},{"before":"44addef4f79d721f7e44ae2d51d91f684e9f7253","after":"fbf0a4e8ce6b56a9c5ec4e6c4abadfaf14c9786b","ref":"refs/heads/main","pushedAt":"2024-03-14T08:43:24.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"update(rules): cleanup k8s.gcr.io\n\nSigned-off-by: Leonardo Grasso <me@leonardograsso.com>","shortMessageHtmlLink":"update(rules): cleanup k8s.gcr.io"}},{"before":null,"after":"d5fa8f82a6aaf008e08ede62519d27a69a7160ed","ref":"refs/heads/cleanup/k8s-gcr-io","pushedAt":"2024-03-14T08:32:15.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"leogr","name":"Leonardo Grasso","path":"/leogr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3390997?s=80&v=4"},"commit":{"message":"update(rules): cleanup k8s.gcr.io\n\nSigned-off-by: Leonardo Grasso <me@leonardograsso.com>","shortMessageHtmlLink":"update(rules): cleanup k8s.gcr.io"}},{"before":"dc7970d175a921aa01090d10461ce76974848022","after":"44addef4f79d721f7e44ae2d51d91f684e9f7253","ref":"refs/heads/main","pushedAt":"2024-03-08T10:12:03.000Z","pushType":"pr_merge","commitsCount":3,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"fix: authors and required engine version\n\nSigned-off-by: Louis Cailliot <louis.cailliot@thalesgroup.com>","shortMessageHtmlLink":"fix: authors and required engine version"}},{"before":"f88b991a7ff3b796a64d28810f2c15d250eb64ff","after":"dc7970d175a921aa01090d10461ce76974848022","ref":"refs/heads/main","pushedAt":"2024-03-01T18:24:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"update(sandbox): Added systemd to list of programs ignored when using BPF.\n\nOn Fedora 39, events like this is logged:\n\n  Notice BPF Program  Not Profiled (bpf_cmd=5 evt_type=bpf user=root\n  user_uid=0 user_loginuid=-1 process=systemd proc_exepath=/usr/lib/systemd/systemd\n  parent=<NA> command=systemd --switched-root --system --deserialize=36 rhgb terminal=0\n  exe_flags=<NA> container_id=host container_name=host)\n\nThis is just normal systemd behaviour, and not really interesting to log.  The provided\npatch include systemd in the list of processes allowed to use BPF without any event logged.\n\nSigned-off-by: Petter Reinholdtsen <pere@hungry.com>","shortMessageHtmlLink":"update(sandbox): Added systemd to list of programs ignored when using…"}},{"before":"a3e26fe9cbd71d75ef65b9f4a5aec59cbffbec41","after":null,"ref":"refs/heads/update/falco-versions","pushedAt":"2024-02-29T16:34:36.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"}},{"before":"2ded9e2613b011ad83621a3e6124cdf6b137aa25","after":"f88b991a7ff3b796a64d28810f2c15d250eb64ff","ref":"refs/heads/main","pushedAt":"2024-02-29T16:34:34.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"update(.github/FALCO_VERSIONS): unsupporting 0.37\n\nSigned-off-by: Leonardo Grasso <me@leonardograsso.com>","shortMessageHtmlLink":"update(.github/FALCO_VERSIONS): unsupporting 0.37"}},{"before":null,"after":"a3e26fe9cbd71d75ef65b9f4a5aec59cbffbec41","ref":"refs/heads/update/falco-versions","pushedAt":"2024-02-29T16:32:43.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"leogr","name":"Leonardo Grasso","path":"/leogr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3390997?s=80&v=4"},"commit":{"message":"update(.github/FALCO_VERSIONS): unsupporting 0.37\n\nSigned-off-by: Leonardo Grasso <me@leonardograsso.com>","shortMessageHtmlLink":"update(.github/FALCO_VERSIONS): unsupporting 0.37"}},{"before":"b499a1d0d02e1341845e06b1e743c87480ce9637","after":"2ded9e2613b011ad83621a3e6124cdf6b137aa25","ref":"refs/heads/main","pushedAt":"2024-02-29T16:31:34.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"update(sandbox): update required_engine_version\n\nSigned-off-by: RohithRaju <rohithraju488@gmail.com>","shortMessageHtmlLink":"update(sandbox): update required_engine_version"}},{"before":"719a6105b8d15d107c8d64f6762d7f702b2c0b6f","after":null,"ref":"refs/heads/dependabot/github_actions/actions-1fa2cb8593","pushedAt":"2024-02-23T10:36:10.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"}},{"before":"497e01189e29e4081bfe40d3e53636fe369edfcf","after":"b499a1d0d02e1341845e06b1e743c87480ce9637","ref":"refs/heads/main","pushedAt":"2024-02-23T10:36:08.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"build(deps): Bump the actions group with 1 update\n\nBumps the actions group with 1 update: [Ana06/get-changed-files](https://github.com/ana06/get-changed-files).\n\n\nUpdates `Ana06/get-changed-files` from 2.2.0 to 2.3.0\n- [Release notes](https://github.com/ana06/get-changed-files/releases)\n- [Commits](https://github.com/ana06/get-changed-files/compare/v2.2.0...v2.3.0)\n\n---\nupdated-dependencies:\n- dependency-name: Ana06/get-changed-files\n  dependency-type: direct:production\n  update-type: version-update:semver-minor\n  dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"build(deps): Bump the actions group with 1 update"}},{"before":null,"after":"719a6105b8d15d107c8d64f6762d7f702b2c0b6f","ref":"refs/heads/dependabot/github_actions/actions-1fa2cb8593","pushedAt":"2024-02-23T09:36:47.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"build(deps): Bump the actions group with 1 update\n\nBumps the actions group with 1 update: [Ana06/get-changed-files](https://github.com/ana06/get-changed-files).\n\n\nUpdates `Ana06/get-changed-files` from 2.2.0 to 2.3.0\n- [Release notes](https://github.com/ana06/get-changed-files/releases)\n- [Commits](https://github.com/ana06/get-changed-files/compare/v2.2.0...v2.3.0)\n\n---\nupdated-dependencies:\n- dependency-name: Ana06/get-changed-files\n  dependency-type: direct:production\n  update-type: version-update:semver-minor\n  dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"build(deps): Bump the actions group with 1 update"}},{"before":null,"after":"497e01189e29e4081bfe40d3e53636fe369edfcf","ref":"refs/heads/release/falco-rules-3.0.x","pushedAt":"2024-02-14T09:54:08.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"LucaGuerra","name":"Luca Guerra","path":"/LucaGuerra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/35580196?s=80&v=4"},"commit":{"message":"chore: add Github Pages badge\n\nSigned-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>","shortMessageHtmlLink":"chore: add Github Pages badge"}},{"before":"34bc909603d1afe796b54dadc74d9f9a1d78f78d","after":"497e01189e29e4081bfe40d3e53636fe369edfcf","ref":"refs/heads/main","pushedAt":"2024-02-13T16:22:23.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"chore: add Github Pages badge\n\nSigned-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>","shortMessageHtmlLink":"chore: add Github Pages badge"}},{"before":"6215b0793054c5c6e668597c73c80439c92eda27","after":null,"ref":"refs/heads/ci/falco_versions_0.37.1","pushedAt":"2024-02-13T13:28:24.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"}},{"before":"0f609769ef9f39815258d80113df40856aabd267","after":"34bc909603d1afe796b54dadc74d9f9a1d78f78d","ref":"refs/heads/main","pushedAt":"2024-02-13T13:28:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"poiana","name":"poiana","path":"/poiana","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/51138685?s=80&v=4"},"commit":{"message":"update(ci): add Falco 0.37.1 to FALCO_VERSIONS.\n\nSigned-off-by: Federico Di Pierro <nierro92@gmail.com>","shortMessageHtmlLink":"update(ci): add Falco 0.37.1 to FALCO_VERSIONS."}},{"before":null,"after":"6215b0793054c5c6e668597c73c80439c92eda27","ref":"refs/heads/ci/falco_versions_0.37.1","pushedAt":"2024-02-13T13:09:32.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"FedeDP","name":"Federico Di Pierro","path":"/FedeDP","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5837210?s=80&v=4"},"commit":{"message":"update(ci): add Falco 0.37.1 to FALCO_VERSIONS.\n\nSigned-off-by: Federico Di Pierro <nierro92@gmail.com>","shortMessageHtmlLink":"update(ci): add Falco 0.37.1 to FALCO_VERSIONS."}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEUMAOigA","startCursor":null,"endCursor":null}},"title":"Activity · falcosecurity/rules"}