Skip to content

michi-covalent/tetragon

This branch is 1 commit ahead of, 2268 commits behind cilium/tetragon:main.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

f213c47 ยท Jan 11, 2025
Jan 11, 2025
Jan 11, 2025
Sep 28, 2023
Sep 21, 2023
Sep 28, 2023
Sep 28, 2023
Sep 13, 2023
Sep 22, 2023
Sep 27, 2023
Jan 11, 2025
Mar 13, 2023
Aug 8, 2023
Aug 28, 2023
Jan 11, 2025
Jul 7, 2023
Aug 10, 2022
Jun 1, 2023
Aug 28, 2023
Dec 22, 2022
Jul 26, 2023
Jan 11, 2025
Jul 17, 2023
Jul 10, 2023
Jun 14, 2023
Jan 11, 2025
Aug 25, 2023
Jan 11, 2025
Jan 25, 2023
Jan 11, 2025
May 20, 2022
Mar 3, 2023
Sep 21, 2023
Jan 11, 2025
Apr 5, 2023
Sep 13, 2023
May 13, 2022
Aug 17, 2022
Jan 11, 2025
Sep 28, 2023
Apr 7, 2023

Repository files navigation

License


Ciliumโ€™s new Tetragon component enables powerful real-time, eBPF-based Security Observability and Runtime Enforcement.

Tetragon detects and is able to react to security-significant events, such as

  • Process execution events
  • System call activity
  • I/O activity including network & file access

When used in a Kubernetes environment, Tetragon is Kubernetes-aware - that is, it understands Kubernetes identities such as namespaces, pods and so on - so that security event detection can be configured in relation to individual workloads.

Tetragon Overview Diagram

See more about how Tetragon is using eBPF.

Getting started

Refer to the official documentation of Tetragon.

To get started with Tetragon, take a look at the getting started guides to:

Tetragon is able to observe critical hooks in the kernel through its sensors and generates events enriched with Linux and Kubernetes metadata:

  1. Process lifecycle: generating process_exec and process_exit events by default, enabling full process lifecycle observability. Learn more about these events on the process lifecycle use case page.
  2. Generic tracing: generating process_kprobe, process_tracepoint and process_uprobe events for more advanced and custom use cases. Learn more about these events on the TracingPolicy concept page and discover multiple use cases like:

See further resources:

Join the community

Join the Tetragon Slack channel to chat with developers, maintainers, and other users. This is a good first stop to ask questions and share your experiences.

How to Contribute

For getting started with local development, you can refer to the Contribution Guide. If you plan to submit a PR, please "sign-off" your commits.

About

eBPF-based Security Observability and Runtime Enforcement

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 49.5%
  • Go 48.8%
  • Shell 0.7%
  • Makefile 0.6%
  • Dockerfile 0.2%
  • Smarty 0.1%
  • Python 0.1%