RSS

SaaS: Sysdig Secure Release Notes

Here are the most recent release notes for Sysdig Secure SaaS. Review the entries to learn about the latest features, defect fixes, and known issues.

You may also want to review the update log for Falco rules used in the Policy Editor: Falco Rules Changelog.
The dates shown are for the initial release of a feature. The feature may not be rolled out to all regions concurrently and availability of a feature in a particular region will depend on scheduling.

Supported Web Browsers

Sysdig supports, tests, and verifies the latest versions of Chrome and Firefox. Other browsers may also work but are not tested in the same way.

February 18, 2025

Host Scanner v0.13.2

Sysdig released a new version of the Host Scanner with the following improvements:

  • Fixed a regression bug introduced in v0.13.1 that made the application unresponsive on some redhat distributions.

February 13, 2025

CLI Scanner v1.20.0

Sysdig released a new version of the CLI Scanner with the following improvements:

  • You can now export the vulnerabilities list in CSV format, either to standard output or as a CSV file.
  • Added fixes for the followings vulnerability:

For more details, see Running in VM Mode

February 12, 2025

Policy Unification for Vulnerability Management

Sysdig lets you to create unified Vulnerability Management Policies, streamlining policy management across all stages—Pipeline, Registry, Runtime, and Admission Control. This enhancement brings unified policy definitions, greater flexibility with scope filters, and expanded support for registry policies.

  • Registry Policy Support: Policies can now be applied to images scanned in registries, expanding coverage to all critical stages of your software development lifecycle.
  • Unified Policy Definition: Policies are now defined once with a set of rules and scope filters. These policies can then apply to any or all stages—Pipeline, Registry, Admission Control, and Runtime—reducing complexity and duplication.
  • Image Name scope for All Stages: Policies can now be scoped using filters such as Image Reference (also known as Image Name or Pullstring), enabling granular control and consistency across Pipeline, Registry, Runtime, and Admission Control.

The new unified policy system is available to all users of Vulnerability Management. Any existing policies remain functional. Existing policies will be converted automatically to an equivalent policy in the new unified model.

For more information, see Vulnerability Management Policies.

MLPS 2.0 and ITSG-33 Compliance Policies for China and Canada

Sysdig has expanded its compliance coverage with two new policies:

  • Multi-Level Protection Scheme (MLPS) 2.0: China’s cybersecurity framework, defining four security levels based on system importance, risk impact, and required protections. Organizations must assess their level and implement corresponding controls, with Level 2+ systems requiring certified evaluations.
  • Information Technology Security Guidance (ITSG-33): Canada’s cybersecurity standard, providing a structured catalog of security controls across Technical, Operational, and Management categories to support government security assurance.

These frameworks are critical for organizations operating in China and Canada, ensuring compliance with regulatory expectations and strengthening cybersecurity postures.

For more information, see Posture Policies.

February 10, 2025

OCI Support Now Generally Available

Oracle Cloud Infrastructure (OCI) support is now generally available across all regions. This milestone builds on Sysdig’s Controlled Availability (CA) phase, delivering multi-regional scanning for enhanced security visibility. OCI support is now available by default for all customers. Get started by onboarding your OCI tenants and compartments and leveraging Sysdig multi-region scanning to strengthen your cloud security posture.

Key Features:

  • Multi-Regional Scanning: You can now assess your OCI security posture across multiple OCI regions, ensuring comprehensive coverage.
  • Performance Enhancements: Improved efficiency in ingesting and processing OCI security findings within Sysdig Graph.
  • Expanded Coverage: Security insights now span multiple regions, eliminating blind spots.
  • Graph-Based Security Analytics: Fully integrated OCI resources and findings into Sysdig’s Graph, enabling deeper security correlation and the creation of Custom Risks.
  • Out-of-the-box Compliance: An extensive library of 46 compliance policies with 103 controls specific to OCI.

February 07, 2025

Host Scanner v0.13.1

Registry Scanner v0.7.4

  • Added a new parameter to enforce the use of Federal Information Processing Standards (FIPS) images.

    To perform this enforcement, set image.fips: true. For more details, see the Registry Scanner Helm Chart.

  • Fixed a defect where the registry scanner was not using the correct FIPS validated endpoints for Amazon Elastic Container Registry (ECR) installations.

To use Registry Scanner v0.7.4, update Helm charts to version 1.6.8. To do this, run helm repo update.

February 05, 2025

Runtime Scanner v1.8.2

February 04, 2025

Registry Scanner v0.7.3

  • Fixed a defect where the registry skipTLS was not being honored for AWS ECR installations
  • Added fixes for CVE-2024-45339

February 03, 2025

Oracle Cloud Infrastructure (OCI) Support Release

Sysdig is excited to announce out-of-the-box (OOTB) support for Oracle Cloud Infrastructure (OCI), enabling you to seamlessly onboard your OCI tenants and compartments into Sysdig Secure.

Key Features:

  • CSPM (Posture and Compliance) Support:
    • Full visibility into your OCI resources, with actionable insights into posture and compliance findings.
    • Automated assessments aligned with industry best practices and compliance standards.
  • Compliance Policies: A robust library of 46 compliance policies, covering regulatory frameworks and security benchmarks tailored for OCI environments.
  • CIS Benchmarks: Dedicated policies for OCI and OKE:
    • OCI Benchmarks: 51 controls.
    • OKE Benchmarks: 52 controls.
  • Graph-Based Security & Custom Risk Creation: All OCI resources and findings are fully ingested into Sysdig’s Graph. This means:
    • Resources and findings are accessible via Graph Search and SysQL.
    • You can create Custom Risks by leveraging graph-based queries and correlations.
    • OCI data is seamlessly integrated with other multi-cloud security insights in the platform.

This release delivers comprehensive coverage for OCI, ensuring compliance, enhanced security posture, and a faster path to meeting governance standards. With a total of 46 supported policies, your OCI workloads are secured and aligned with best practices.

For instructions on setup, onboarding OCI tenants, and accessing compliance reports, see Connect Oracle Cloud.

January 30, 2025

Registry Scanner v0.7.2

Fixed a defect where the main job tries to grab logs from the workers.

January 27, 2025

New Compliance Policies for CAF, SOX, and FISMA

The following policies expand compliance coverage and enhance security:

  • NCSC Cyber Assessment Framework (CAF): Aligns with the UK National Cyber Security Centre (NCSC) guidelines for assessing and improving cyber resilience.
  • Sarbanes-Oxley (SOX) Act: Ensures compliance for financial reporting controls and regulations.
  • Federal Information Security Modernization Act (FISMA): Supports compliance with US federal information security standards.

For more information, see Posture Policies Included.

Event Feed Grouping

In the Events Feed in the Threats module, you can now group events in a variety of ways, such as by policy, rule, clusters, workloads and cloud accounts. This lets you construct useful lists of events according to your needs. For more details, see Group By.

January 22, 2025

CLI Scanner v1.19.2

Sysdig released a new version of the CLI Scanner to fix a defect that caused an error in the policies evaluation in on-prem environments.

January 21, 2025

New Posture Policies for AKS, OpenShift, FERPA, GLBA, and NERC CIP

The following policies have been added to enhance security and compliance across key platforms and regulations:

  • CIS Azure Kubernetes Service (AKS) Benchmark v1.5.0: Offers improved security guidance for Azure Kubernetes environments based on the CIS v1.5.0 benchmark.
  • CIS Azure Kubernetes Service (AKS) Benchmark v1.6.0: Incorporates the latest best practices to ensure compliance with the CIS v1.6.0 benchmark for AKS.
  • CIS Red Hat OpenShift Container Platform Benchmark v1.6.0: Enhances compliance for OpenShift environments in accordance with the CIS v1.6.0 benchmark.
  • CIS Red Hat OpenShift Container Platform Benchmark v1.7.0: Strengthens compliance for OpenShift environments in alignment with the CIS v1.7.0 benchmark.
  • Family Educational Rights and Privacy Act (FERPA): Ensures compliance with data privacy and security requirements for educational institutions handling student records.
  • Gramm-Leach-Bliley Act (GLBA): Supports financial institutions in meeting data security and privacy obligations under GLBA.
  • NERC Critical Infrastructure Protection (CIP): Addresses the cybersecurity requirements for bulk electric system entities, ensuring compliance with NERC CIP standards.

For more information, see Posture Policies Included.

January 16, 2025

Host Scanner v0.13.0

Sysdig released a new version of Host Scanner with the following improvements:

  • Support for OpenSUSE and AlmaLinux
  • Added the HOST_DIRS_TO_SKIP environment variable with the possibility to specify a list of folders to skip while scanning the host
  • Added the IGNORE_CONTAINER_SCAN_INIT_FAILURE environment variable, which can be configured to continue operation when container scanning is enabled and the host-scanner fails to connect to container runtimes socket
  • Fixed a defect that prevented Cloud and K8s metadata to be propagated to the backend when performing container scanning
  • Fixed a defect that could prevent the scan result to be generated if the host had a large number of kernels installed
  • Fixed the CVE-2024-45338 vulnerability

January 14, 2025

Vulnerability Management API v1

Sysdig has upgraded the existing Vulnerability Management API to v1. The API v1 enhances consistency and alignment with platform API standards, and offers improved response schema. See Vulnerability Management API V1 for more information.

Note that the v1beta1 version of the API will be retained for backward compatibility during the following 6 months, with no further changes or evolution. If you are using the older version, we recommend that you upgrade to v1.

January 10, 2025

CLI Scanner v1.19.0

Sysdig released a new version of the CLI Scanner with the following improvements:

Vulnerability Detection Supported on AlmaLinux and OpenSUSE

You are now able to detect, generate SBOMs, and receive scan results using the CLI Scanning, Host Scanner, and Agentless Scanning on AlmaLinux and OpenSUSE platforms.

January 08, 2025

Track Risk Acceptance Actions of Users

Sysdig has enhanced its Vulnerability Management capabilities by introducing the ability to track user actions related to risk acceptance. You can now easily discover:

  • Which user created the risk
  • Which user last updated the risk
  • When these actions occurred

These enhancement provide greater transparency and control over risk acceptance and update workflows, enabling you to manage vulnerabilities more effectively.

For more information, see Accepted Risk for Vulnerabilities.

January 07, 2025

Full Custom Controls for Kubernetes

Sysdig now offers the ability to create Custom Controls for Kubernetes via Terraform. You now can create controls from scratch by defining your own REGO code, remediation playbooks, and control severity.

For more information, see Create Custom Controls with Terraform.