tetragon

module

v1.0.3 Latest Latest Go to latest Published: Apr 8, 2024 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cilium/tetragon

Links

Open Source Insights

README ¶

Cilium’s new Tetragon component enables powerful real-time, eBPF-based Security Observability and Runtime Enforcement.

Tetragon detects and is able to react to security-significant events, such as

Process execution events
System call activity
I/O activity including network & file access

When used in a Kubernetes environment, Tetragon is Kubernetes-aware - that is, it understands Kubernetes identities such as namespaces, pods and so on - so that security event detection can be configured in relation to individual workloads.

See more about how Tetragon is using eBPF.

Getting started

Refer to the official documentation of Tetragon.

To get started with Tetragon, take a look at the getting started guides to:

Tetragon is able to observe critical hooks in the kernel through its sensors and generates events enriched with Linux and Kubernetes metadata:

Process lifecycle: generating process_exec and process_exit events by default, enabling full process lifecycle observability. Learn more about these events on the process lifecycle use case page.
Generic tracing: generating process_kprobe, process_tracepoint and process_uprobe events for more advanced and custom use cases. Learn more about these events on the TracingPolicy concept page and discover multiple use cases like:

See further resources:

Join the community

Join the Tetragon Slack channel to chat with developers, maintainers, and other users. This is a good first stop to ask questions and share your experiences.

How to Contribute

For getting started with local development, you can refer to the Contribution Guide. If you plan to submit a PR, please "sign-off" your commits.

Directories ¶

Path	Synopsis
api module
cmd
dump-syscalls-info SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
ksyms SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
tetra SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
tetra/bugtool
tetra/common
tetra/dump
tetra/getevents
tetra/policyfilter
tetra/rthooks
tetra/sensors
tetra/stacktracetree
tetra/status
tetra/tracingpolicy
tetra/tracingpolicy/generate
tetra/version
tetragon SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
tetragon-bench
tetragon-tester
tetragon-vmtests-run
contrib
rthooks
tester-progs/go/lseek-pipe
rthooks/tetragon-oci-hook Module
operator
cmd
cmd/common
cmd/serve
crd
option
podinfo
pkg
aggregator
alignchecker Package alignchecker is a thin wrapper around pkg/alignchecker to validate datapath object alignment.	Package alignchecker is a thin wrapper around pkg/alignchecker to validate datapath object alignment.
api SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
api/calltraceapi SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
api/confapi SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
api/dataapi
api/ops SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
api/processapi SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
api/readyapi SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
api/testapi SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
api/tracingapi
arch
bench
bpf
btf
bugtool
cgroups
cgroups/fsscan
checkprocfs
cilium
cmdref
defaults
encoder
eventcache
eventcheckertests/yamlhelpers
eventhandler
exporter
fieldfilters
fileutils SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
filters
ftrace
generictypes
grpc
grpc/exec SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
grpc/test SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
grpc/tracing SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
health
idtable
jsonchecker
kernels
ksyms
ktime SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
labels
lock
logger
matchers/bytesmatcher
matchers/durationmatcher
matchers/listmatcher
matchers/stringmatcher
matchers/timestampmatcher
metrics
metrics/consts
metrics/errormetrics
metrics/eventcachemetrics
metrics/eventmetrics
metrics/kprobemetrics
metrics/mapmetrics
metrics/metricsconfig
metrics/opcodemetrics
metrics/policyfiltermetrics
metrics/processexecmetrics
metrics/ratelimitmetrics
metrics/ringbufmetrics
metrics/ringbufqueuemetrics
metrics/syscallmetrics
metrics/watchermetrics
mountinfo
multiplexer This package provides a multiplexer for combine one or more gRPC event streams into a single stream.	This package provides a multiplexer for combine one or more gRPC event streams into a single stream.
observer
observer/observertesthelper
oldhubble/api/v1
oldhubble/cilium
oldhubble/cilium/client
oldhubble/filters
oldhubble/fqdncache
oldhubble/ipcache
oldhubble/k8s
oldhubble/parser/endpoint
oldhubble/parser/getters
oldhubble/servicecache
option Package option provides global singletons for storing configuration and variables used in Tetragon.	Package option provides global singletons for storing configuration and variables used in Tetragon.
podhooks SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
policyfilter nolint:revive // prevent unused-parameter alert, disabled method obviously don't use args	nolint:revive // prevent unused-parameter alert, disabled method obviously don't use args
policyfilter/rthooks
process SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
ratelimit
reader/bpf
reader/caps
reader/exec SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
reader/kernel SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
reader/ktime SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
reader/namespace
reader/network SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
reader/node SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
reader/notify
reader/path SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
reader/proc SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
rthooks Package rthooks contains code for managing run-time hooks Runtime hooks are hooks for (synchronously) notifying the agent for runtime events such as the creation of a container.	Package rthooks contains code for managing run-time hooks Runtime hooks are hooks for (synchronously) notifying the agent for runtime events such as the creation of a container.
selectors
sensors SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
sensors/base
sensors/cgroup/cgrouptrackmap
sensors/config/confmap
sensors/exec SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
sensors/exec/execvemap
sensors/exec/procevents
sensors/program SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
sensors/program/cgroup
sensors/test SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
sensors/tracing SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
sensors/unloader SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
server nolint:revive // ignore unused parameter alerts, dummy methods	nolint:revive // ignore unused parameter alerts, dummy methods
stacktracetree
strutils
stt
syscallinfo
testutils
testutils/perfring Package perfring provides utilities to do tests using the perf ringbuffer directly	Package perfring provides utilities to do tests using the perf ringbuffer directly
testutils/sensors
tgsyscall
timer
tracepoint
tracingpolicy
tracingpolicy/generate SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
unixlisten SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon	SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
version
vmtests Package vmtests includes utilities for running tetragon tests inside VMs.	Package vmtests includes utilities for running tetragon tests inside VMs.
vtuple helper functions to manage 5-tuples	helper functions to manage 5-tuples
vtuplefilter
watcher
watcher/conf
watcher/crd
k8s Module
tests
e2e/checker This package provides a Tetragon gRPC client multiplexer and an RPCChecker that wraps a MultiEventChecker and uses the gRPC multiplexer to get a stream of events from all Tetragon pods.	This package provides a Tetragon gRPC client multiplexer and an RPCChecker that wraps a MultiEventChecker and uses the gRPC multiplexer to get a stream of events from all Tetragon pods.
e2e/flags This package contains all the configuration flags for Tetragon e2e tests.	This package contains all the configuration flags for Tetragon e2e tests.
e2e/helpers This package contains various helper functions for writing Tetragon e2e tests, including many setup and feature functions.	This package contains various helper functions for writing Tetragon e2e tests, including many setup and feature functions.
e2e/helpers/gops Package gops is a simple gops client implementation to dump gops info from end-to-end tests.	Package gops is a simple gops client implementation to dump gops info from end-to-end tests.
e2e/helpers/grpc Package grpc provides some helpers for contacting with the gRPC tetragon service.	Package grpc provides some helpers for contacting with the gRPC tetragon service.
e2e/install/cilium This package contains and configuration options for installing Cilium.	This package contains and configuration options for installing Cilium.
e2e/install/tetragon This package contains and configuration options for installing Tetragon.	This package contains and configuration options for installing Tetragon.
e2e/runners This package contains helpers for configuring test runners that automate test setup/teardown.	This package contains helpers for configuring test runners that automate test setup/teardown.
e2e/state This package provides keys used to store state in the e2e tests' context.Context.	This package provides keys used to store state in the e2e tests' context.Context.
e2e/tests This package contains subpackages that define the individual Tetragon e2e tests.	This package contains subpackages that define the individual Tetragon e2e tests.
tools
protoc-gen-go-tetragon
protoc-gen-go-tetragon/common
protoc-gen-go-tetragon/eventchecker
protoc-gen-go-tetragon/generate
protoc-gen-go-tetragon/helpers
protoc-gen-go-tetragon/imports
protoc-gen-go-tetragon/types
split-tetragon-gotests

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL