Skip to content

merge: upstream/main + recover wildcards/signing on projection-v1 #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
entlein wants to merge 51 commits into
base: main
Choose a base branch
from
Open

merge: upstream/main + recover wildcards/signing on projection-v1 #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
51 commits
Select commit Hold shift + click to select a range
7c2c899
Replace AP and NN cache with CP (#788)
matthyx Apr 27, 2026
95c2862
feat: extract client CA file from kubelet config YAML and enhance ser…
matthyx Apr 27, 2026
6f9697e
add learning period label to TS CPs (#797)
matthyx Apr 27, 2026
dbe9a16
perf: switch to kubescape/syft v1.32.0-ks.2 + disable file catalogers…
slashben Apr 29, 2026
bfd6059
fix: record exec path symmetric with rule-side resolver (#800)
slashben May 4, 2026
11e632f
implement Rule-Aware Profile Projection (#799)
matthyx May 4, 2026
2d768cb
get services from API, removing sidecar requirement (#772)
matthyx May 6, 2026
9e85635
tests(resources): 20 NetworkNeighborhood fixtures for v0.0.2 wildcard…
May 10, 2026
b966200
feat(nn): rewire CEL functions to use storage networkmatch
May 10, 2026
efdae31
test(nn): fixture-walk parser + behaviour gate
May 10, 2026
f848fd3
chore: drop k8sstormcenter/storage from go.sum
May 10, 2026
8bddfc7
chore: gitignore .claude + pin storage to fork ref carrying networkmatch
May 10, 2026
f6d2c96
fix(nn): address CodeRabbit review on PR #41
May 10, 2026
07d4bc0
chore(deps): bump storage SHA to 0910dc3f (CR round 2)
May 10, 2026
bb5702a
chore(deps): bump storage SHA to 02c4438f (CR round 3)
May 10, 2026
f89fc80
fix(nn): address CodeRabbit round 2 on PR #41
May 10, 2026
4c90e22
test(nn): pin wildcard/CIDR semantics on deprecated IPAddress (CR rou…
May 10, 2026
cc59fa0
fix: improve logging for rules with missing profileDataRequired (#803)
matthyx May 12, 2026
93e6e1b
perf(nn): amortise CompileIP/CompileDNS via per-container matcher cache
May 13, 2026
419ebba
fix(matcher_cache): atomic-pointer lazy init + unconditional stalenes…
May 13, 2026
05ce6d9
test(matcher_cache): add start barrier to concurrency test (CR #42 ro…
May 13, 2026
9c28506
merge: upstream/main into feat/network-wildcards-matcher-cache
May 13, 2026
d714d21
feat: recover wildcards + exec-args matching on top of upstream proje…
May 13, 2026
f59cc69
fix: address CodeRabbit round 1 on PR #43
May 13, 2026
8a46346
fix: restore fork's .github and tests/chart from main (lost during up…
May 13, 2026
033eb2f
fix(parse): get_exec_path 3-arg overload — symmetric with recording
May 13, 2026
29a9de4
fix(exporters): expose exepath label in alertmanager alerts
May 13, 2026
e28dd10
fix(chart): bind 'Signed profile tampered' (R1016) so Test_31 fires
May 13, 2026
4f96f8c
fix(main): wire SetTamperAlertExporter so R1016 actually fires
May 13, 2026
31a3fb1
chore(review): address rabbit feedback on PR #43
May 14, 2026
54ab05f
ci(component-tests): restore Test_03/04/05/09 to the matrix
May 14, 2026
eff03ad
fix(profilecache): invoke tamper verification on user-overlay load (T…
May 14, 2026
a2ab272
test(component): rewrite Test_32 — isolate R0040 from R0001 conflation
May 14, 2026
c3b692e
test(component): Test_32 — enumerate bare-name path variants in profile
May 14, 2026
ac911cf
test(projection): pin user-overlay Execs → projected.Execs.Values con…
May 14, 2026
f80f349
fix(projection): fold user-overlay identity into SyncChecksum (Test_3…
May 14, 2026
290cb61
diag(exec): log Execs.Values keys on ap.was_executed miss (task #61)
May 14, 2026
9a6eb35
fix(exec-path): prefer absolute argv[0] over kernel exepath (symlink-…
May 14, 2026
656deb5
test(component): Test_32 — match profile to symlink-faithful argv[0]
May 14, 2026
12cfea6
fix(rules+test): non-blocking notifier fan-out + drop dead was_path_o…
May 14, 2026
246f961
test(component): Test_09 — also exclude R0006 SA-token from FP gate
May 14, 2026
f3e3d20
fix(rules+cache): five CodeRabbit findings on NA PR #43
May 15, 2026
8b34f59
fix(cache): propagate ctx through RBCache add/delete/modify helpers
May 15, 2026
1b8f4b8
chore(chart): restore profileDataRequired field in rules CRD schema
May 15, 2026
6371181
chore(chart): restore profileProjection runtime config block
May 15, 2026
8a63e3c
chore(chart): restore profileDataRequired on all 20 rules
May 15, 2026
007d760
chore(chart): restore state-block filters on R0006, R0008, R1009
May 15, 2026
2e2077b
fix(chart): revert R1006 profileDependency from 2 (NotRequired) to 1 …
May 15, 2026
92d3aca
restore: ap.was_path_opened_with_flags CEL helper
May 15, 2026
ea4e657
test(applicationprofile): restore was_path_opened_with_flags integrat…
May 15, 2026
6f45ec2
Revert "fix(cache): propagate ctx through RBCache add/delete/modify h…
May 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions .github/workflows/component-tests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,12 +224,13 @@ jobs:
test: [
Test_01_BasicAlertTest,
Test_02_AllAlertsFromMaliciousApp,
# Test_03_BasicLoadActivities,
# Test_04_MemoryLeak,
# Test_05_MemoryLeak_10K_Alerts,
Test_03_BasicLoadActivities,
Test_04_MemoryLeak,
Test_05_MemoryLeak_10K_Alerts,
Test_06_KillProcessInTheMiddle,
Test_07_RuleBindingApplyTest,
Test_08_ApplicationProfilePatching,
Test_09_FalsePositiveTest,
Test_10_MalwareDetectionTest,
Test_11_EndpointTest,
Test_12_MergingProfilesTest,
Expand Down Expand Up @@ -313,7 +314,7 @@ jobs:
- name: Set up Go
env:
CGO_ENABLED: 0
uses: actions/setup-go@7b8cf10d4e4a01d4992d18a89f4d7dc5a3e6d6f4 # v4
uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
with:
go-version: "1.25"
- name: Set unlimited memlock limit
Expand Down
3 changes: 2 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,5 @@ resources/ebpf/falco/*
node-agent
__pycache__
tracers.tar
vendor
vendor
.claude/
6 changes: 6 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -344,6 +344,12 @@ spec:
- **Crypto Rules**: Mining activity detection via RandomX
- **Container Rules**: Escape attempts, namespace manipulation

### CEL Helper Limitations (v1)

| Helper | v1 Behaviour | Note |
|--------|-------------|------|
| `wasExecutedWithArgs(containerID, path, args)` | Equivalent to `wasExecuted(containerID, path)` — the `args` list is validated for type correctness but is **not** matched against the recorded argument list. Any execution of the given path returns `true` regardless of its arguments. | Full per-argument matching (`ExecArgsByPath`) will be added in a future version. |

Comment on lines +347 to +352
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix stale wasExecutedWithArgs behavior docs.

This table entry contradicts current behavior: argument matching is active (including wildcard-aware matching), not path-only. Keeping this text will mislead rule authors and can cause incorrect detections.

Suggested doc fix 
-| `wasExecutedWithArgs(containerID, path, args)` | Equivalent to `wasExecuted(containerID, path)` — the `args` list is validated for type correctness but is **not** matched against the recorded argument list. Any execution of the given path returns `true` regardless of its arguments. | Full per-argument matching (`ExecArgsByPath`) will be added in a future version. |
+| `wasExecutedWithArgs(containerID, path, args)` | Matches `path` **and** execution arguments against the projected profile. Argument matching supports anchored literal args and wildcard tokens used by the matcher. | Prefer this helper when argv constraints matter; use `wasExecuted` for path-only checks. |
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
### CEL Helper Limitations (v1)
| Helper | v1 Behaviour | Note |
|--------|-------------|------|
| `wasExecutedWithArgs(containerID, path, args)` | Equivalent to `wasExecuted(containerID, path)` — the `args` list is validated for type correctness but is **not** matched against the recorded argument list. Any execution of the given path returns `true` regardless of its arguments. | Full per-argument matching (`ExecArgsByPath`) will be added in a future version. |
### CEL Helper Limitations (v1)
| Helper | v1 Behaviour | Note |
|--------|-------------|------|
| `wasExecutedWithArgs(containerID, path, args)` | Matches `path` **and** execution arguments against the projected profile. Argument matching supports anchored literal args and wildcard tokens used by the matcher. | Prefer this helper when argv constraints matter; use `wasExecuted` for path-only checks. |
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` around lines 347 - 352, The README entry for
"wasExecutedWithArgs(containerID, path, args)" is stale: update the v1 Behaviour
cell to state that it matches both path and arguments (including wildcard-aware
matching) instead of saying args are ignored, and remove or replace the
incorrect note claiming per-argument matching (ExecArgsByPath) will be added in
a future version; ensure the table text explicitly references
wasExecutedWithArgs and ExecArgsByPath so readers know current argument-matching
behavior is supported in v1.

For the full list of rules, see the [Kubescape documentation](https://kubescape.io/docs/).

## 🎮 Demos & Examples
Expand Down
28 changes: 20 additions & 8 deletions cmd/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -297,10 +297,14 @@ func main() {
ruleBindingCache.AddNotifier(&ruleBindingNotify)

cpc := containerprofilecache.NewContainerProfileCache(cfg, storageClient, k8sObjectCache, prometheusExporter)
// Wire R1016 tamper alerts: when a user-defined AP/NN overlay is
// loaded but its signature no longer verifies, the CP cache emits
// "Signed profile tampered" through this exporter. Optional —
// nil-safe inside the cache.
// Wire the rule-alert exporter into the tamper-detection path so R1016
// ('Signed profile tampered') alerts actually reach alertmanager when
// a user-defined ApplicationProfile or NetworkNeighborhood fails its
// signature check. Without this call, tamper detection logs the
// failure but no alert is emitted — Test_31_TamperDetectionAlert
// catches the gap. (Lost during the merge/upstream-profile-rearch
// rebase; pkg/objectcache/containerprofilecache/tamper_alert.go has
// the receiver method.)
cpc.SetTamperAlertExporter(exporter)
cpc.Start(ctx)
logger.L().Info("ContainerProfileCache active; legacy AP/NN caches removed")
Expand All @@ -314,7 +318,7 @@ func main() {

adapterFactory := ruleadapters.NewEventRuleAdapterFactory()

celEvaluator, err := cel.NewCEL(objCache, cfg)
celEvaluator, err := cel.NewCEL(objCache, cfg, prometheusExporter)
if err != nil {
logger.L().Ctx(ctx).Fatal("error creating CEL evaluator", helpers.Error(err))
}
Expand Down Expand Up @@ -396,9 +400,17 @@ func main() {

// Create scan failure reporter (sends SBOM failures to careportreceiver for user notifications)
var failureReporter sbommanager.SbomFailureReporter
if services, svcErr := config.LoadServiceURLs("/etc/config/services.json"); svcErr == nil && services.GetReportReceiverHttpUrl() != "" {
failureReporter = sbommanagerv1.NewHTTPSbomFailureReporter(services.GetReportReceiverHttpUrl(), accessKey, clusterData.AccountID, clusterData.ClusterName)
logger.L().Info("scan failure reporting enabled", helpers.String("eventReceiverURL", services.GetReportReceiverHttpUrl()))
apiURL := os.Getenv("API_URL")
if apiURL == "" {
apiURL = "api.armosec.io"
}
if services, svcErr := config.LoadServiceURLs(apiURL); svcErr != nil {
logger.L().Ctx(ctx).Warning("scan failure reporting disabled: LoadServiceURLs failed", helpers.String("apiURL", apiURL), helpers.Error(svcErr))
} else if url := services.GetReportReceiverHttpUrl(); url == "" {
logger.L().Ctx(ctx).Warning("scan failure reporting disabled: empty report receiver URL", helpers.String("apiURL", apiURL))
} else {
failureReporter = sbommanagerv1.NewHTTPSbomFailureReporter(url, accessKey, clusterData.AccountID, clusterData.ClusterName)
logger.L().Info("scan failure reporting enabled", helpers.String("eventReceiverURL", url))
}

// Create the SBOM manager
Expand Down
37 changes: 20 additions & 17 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ require (
github.com/go-openapi/strfmt v0.26.0
github.com/golang-jwt/jwt/v5 v5.3.0
github.com/google/cel-go v0.26.1
github.com/google/go-containerregistry v0.21.2
github.com/google/go-containerregistry v0.21.3
github.com/google/uuid v1.6.0
github.com/goradd/maps v1.3.0
github.com/grafana/pyroscope-go v1.2.2
Expand All @@ -35,7 +35,7 @@ require (
github.com/joncrlsn/dque v0.0.0-20241024143830-7723fd131a64
github.com/kubescape/backend v0.0.39
github.com/kubescape/go-logger v0.0.28
github.com/kubescape/k8s-interface v0.0.208
github.com/kubescape/k8s-interface v0.0.207
github.com/kubescape/storage v0.0.258
github.com/kubescape/workerpool v0.0.0-20250526074519-0e4a4e7f44cf
github.com/moby/sys/mountinfo v0.7.2
Expand All @@ -48,10 +48,10 @@ require (
github.com/prometheus/alertmanager v0.27.0
github.com/prometheus/client_golang v1.23.2
github.com/prometheus/procfs v0.19.2
github.com/sigstore/cosign/v3 v3.0.5
github.com/sigstore/cosign/v3 v3.0.6
github.com/sigstore/fulcio v1.8.5
github.com/sigstore/rekor v1.5.1
github.com/sigstore/sigstore v1.10.4
github.com/sigstore/sigstore v1.10.5
github.com/sirupsen/logrus v1.9.4
github.com/spf13/afero v1.15.0
github.com/spf13/viper v1.21.0
Expand All @@ -65,10 +65,11 @@ require (
google.golang.org/grpc v1.80.0
google.golang.org/protobuf v1.36.11
gopkg.in/mcuadros/go-syslog.v2 v2.3.0
gopkg.in/yaml.v3 v3.0.1
istio.io/pkg v0.0.0-20231221211216-7635388a563e
k8s.io/api v0.35.1
k8s.io/apimachinery v0.35.1
k8s.io/client-go v0.35.1
k8s.io/api v0.35.3
k8s.io/apimachinery v0.35.3
k8s.io/client-go v0.35.3
Comment on lines +70 to +72
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

For Go Kubernetes modules, is it supported to mix k8s.io/api/apimachinery/client-go v0.35.x with k8s.io/kubectl v0.34.1? What is the official compatibility guidance?

💡 Result:

Mixing k8s.io/client-go v0.35.x with k8s.io/kubectl v0.34.1 in a single Go module is not recommended and can lead to dependency resolution conflicts [1][2]. Official Kubernetes guidance requires that all k8s.io/* modules (such as client-go, apimachinery, api, and kubectl) within a single project be kept at the same minor version [1][3]. Kubernetes libraries are designed to be used as a cohesive set, and mixing versions often results in build errors, runtime panics, or "module provides package" errors due to the way these packages share internal dependencies and type definitions [4][2][3]. Key points regarding compatibility: 1. Version Consistency: You should align all k8s.io dependencies to the same minor version (e.g., all at v0.34.x or all at v0.35.x) to ensure they are compatible with each other [3]. 2. Version Skew Policy: While the Kubernetes Version Skew Policy allows for a difference of one minor version between a compiled kubectl binary and a running kube-apiserver [5][6], this policy applies to the operational deployment of components, not to the Go module dependency management of a single application [1]. 3. Dependency Management: Because k8s.io/client-go and other components are often mirrored from the main Kubernetes repository, they share common underlying code [7][8][9]. Using mismatched versions in your go.mod file forces the Go module resolver to attempt to reconcile conflicting requirements, which is frequently unsupported and prone to failure [1][2]. To resolve this, update your go.mod file so that all k8s.io/ dependencies match the same minor version [3]. If you are targeting a specific Kubernetes cluster version, it is best practice to use the corresponding v0.x.y version for all Kubernetes modules [1][7].

Citations:

Align all k8s.io/ modules to the same minor version.*

The modules k8s.io/api, k8s.io/apimachinery, and k8s.io/client-go are at v0.35.3, but k8s.io/kubectl remains at v0.34.1. This version skew is not supported by Kubernetes and will cause build errors, runtime panics, or module resolution failures. Update k8s.io/kubectl to v0.35.3 to match the other k8s.io dependencies.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` around lines 70 - 72, The k8s.io/* modules are version-skewed: update
the go.mod entry for k8s.io/kubectl to v0.35.3 so it matches k8s.io/api,
k8s.io/apimachinery, and k8s.io/client-go (ensure the module string
"k8s.io/kubectl" is changed to version v0.35.3 and run `go mod tidy` / `go mod
download` to validate and regenerate the go.sum).

k8s.io/cri-api v0.35.0
k8s.io/kubectl v0.34.1
k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2
Expand Down Expand Up @@ -167,7 +168,7 @@ require (
github.com/bodgit/sevenzip v1.6.1 // indirect
github.com/bodgit/windows v1.0.1 // indirect
github.com/briandowns/spinner v1.23.2 // indirect
github.com/buildkite/agent/v3 v3.115.4 // indirect
github.com/buildkite/agent/v3 v3.118.0 // indirect
github.com/buildkite/go-pipeline v0.16.0 // indirect
github.com/buildkite/interpolate v0.1.5 // indirect
github.com/buildkite/roko v1.4.0 // indirect
Expand Down Expand Up @@ -273,7 +274,7 @@ require (
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
github.com/golang/snappy v1.0.0 // indirect
github.com/google/btree v1.1.3 // indirect
github.com/google/certificate-transparency-go v1.3.2 // indirect
github.com/google/certificate-transparency-go v1.3.3 // indirect
github.com/google/gnostic-models v0.7.0 // indirect
github.com/google/go-cmp v0.7.0 // indirect
github.com/google/go-querystring v1.2.0 // indirect
Expand All @@ -298,7 +299,7 @@ require (
github.com/huandu/xstrings v1.5.0 // indirect
github.com/iancoleman/strcase v0.3.0 // indirect
github.com/in-toto/attestation v1.1.2 // indirect
github.com/in-toto/in-toto-golang v0.9.0 // indirect
github.com/in-toto/in-toto-golang v0.10.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
Expand All @@ -310,7 +311,7 @@ require (
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/klauspost/compress v1.18.5 // indirect
github.com/klauspost/pgzip v1.2.6 // indirect
github.com/letsencrypt/boulder v0.20251110.0 // indirect
github.com/letsencrypt/boulder v0.20260223.0 // indirect
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
github.com/mackerelio/go-osstat v0.2.5 // indirect
Expand All @@ -331,6 +332,7 @@ require (
github.com/moby/locker v1.0.1 // indirect
github.com/moby/moby v28.5.2+incompatible // indirect
github.com/moby/spdystream v0.5.1 // indirect
github.com/moby/sys/atomicwriter v0.1.0 // indirect
github.com/moby/sys/sequential v0.6.0 // indirect
github.com/moby/sys/signal v0.7.1 // indirect
github.com/moby/sys/user v0.4.0 // indirect
Expand Down Expand Up @@ -395,9 +397,9 @@ require (
github.com/shibumi/go-pathspec v1.3.0 // indirect
github.com/shopspring/decimal v1.4.0 // indirect
github.com/sigstore/protobuf-specs v0.5.0 // indirect
github.com/sigstore/rekor-tiles/v2 v2.2.0 // indirect
github.com/sigstore/rekor-tiles/v2 v2.2.1 // indirect
github.com/sigstore/sigstore-go v1.1.4 // indirect
github.com/sigstore/timestamp-authority/v2 v2.0.4 // indirect
github.com/sigstore/timestamp-authority/v2 v2.0.5 // indirect
github.com/skeema/knownhosts v1.3.1 // indirect
github.com/sorairolake/lzip-go v0.3.8 // indirect
github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
Expand Down Expand Up @@ -442,9 +444,9 @@ require (
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
go.opentelemetry.io/contrib/bridges/otelslog v0.18.0 // indirect
go.opentelemetry.io/contrib/detectors/gcp v1.39.0 // indirect
go.opentelemetry.io/contrib/detectors/gcp v1.40.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 // indirect
go.opentelemetry.io/contrib/instrumentation/runtime v0.68.0 // indirect
go.opentelemetry.io/contrib/processors/minsev v0.16.0 // indirect
go.opentelemetry.io/otel v1.43.0 // indirect
Expand Down Expand Up @@ -483,7 +485,6 @@ require (
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.35.0 // indirect
k8s.io/apiserver v0.35.0 // indirect
k8s.io/cli-runtime v0.35.0 // indirect
Expand All @@ -507,4 +508,6 @@ replace github.com/inspektor-gadget/inspektor-gadget => github.com/matthyx/inspe

replace github.com/cilium/ebpf => github.com/matthyx/ebpf v0.0.0-20260421101317-8a32d06def6c

replace github.com/kubescape/storage => github.com/k8sstormcenter/storage v0.0.240-0.20260509184329-a7e6234349ab
replace github.com/anchore/syft => github.com/kubescape/syft v1.32.0-ks.2

replace github.com/kubescape/storage => github.com/k8sstormcenter/storage v0.0.240-0.20260513133617-b23d85f00f6a
Loading
Loading