2024 Archive

6.15.1 Release, December 2024

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.

Sysdig Platform

Jira Integration

You can now integrate both Jira Cloud and Jira Data center with Sysdig. This lets you open Jira tickets from within the Sysdig Secure UI and assign them to team members directly.

Sysdig Secure

Navigation Reorganization

Sysdig has streamlined and updated the UI navigation menus to help you access our security platform faster. For more information, see Navigation Reorganization.

Home Page

The new Home page offers an at-a-glance, visual representation of the most important issues in your environment. You can view your Runtime Detections and Vulnerabilities Dashboards in the default Home tab. For more information, see Home.

Package Deny List

Sysdig has added a new package deny rule that lets you control which packages are allowed in your codebase. You can add a specific package or a specific version of a package in a comma-separated list to the rule bundle. By defining these rules, you can enforce stricter security measures and maintain tighter control over your software artifacts.

Configurable Image tags for Falco-rules and Artifact-deployer

You can now set specific version tags for the falco-rules-installer and artifact-deployer images to deploy in air-gapped environments. By default, these images are configured to use the latest versions, ensuring you have the most up-to-date falco rules and artifacts, such as malware hashes. For more information, see Configuration Parameters

6.14.0 Release, September 2024

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.

Sysdig Secure

Accept Risk for Rules

Sysdig now offers its Risk Acceptance capabilities for Rules with customizable risk management scopes. This enhancement allows you to extend risk acceptance in both broad and granular ways, giving you greater control over your security policies. Previously, accepted risk was scoped only for a CVE, image, or host.

For more information, see Accept Risk.

Download Vulnerability Scanning Results in CSV Format

You can now download vulnerability reports in CSV format. This enhancement allows you to quickly and accurately export vulnerability data for analysis, reporting, or integration with other systems, thereby enhancing productivity and reducing the risk of data mishandling download capability.

For more information, see Download Vulnerability Scanning Results in CSV Format.

6.13.0 Release, July 2024

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.

Sysdig Platform

Notify Expiration of Team-Based Service Token

You will now receive alert notifications when team-based service token is about to expire.

Optimized Sysdig Installer

The Installer has been optimized to improve the installation time by 20%.

Public API Support

Sysdig Public APIs for Sysdig Monitor, Sysdig Secure, and Sysdig Platform are now supported in on-prem environments. Contact Sysdig Support for details.

Sysdig Secure

Layered Analysis

Sysdig extends its power of container image scanning toolkit to include Layered Analysis to provide insight into image hierarchy and explore every layer. Layered analysis offers:

• Improved Ownership and Remediation: Differentiate between base image and application layers to streamline routing and remediation. The security team can update base images to newer versions, while development teams handle vulnerabilities in the application layers.

• Enhanced Investigation and Research: Browse and analyze base images and each layer individually and see the packages and vulnerabilities included in each image and layer. This helps gain insights into when and how vulnerabilities were introduced. See the exact Dockerfile command related to each vulnerability layer for a deeper understanding.

For information, see Layered Analysis.

CSAF-VEX as the Primary Data Source for Redhat Vulnerabilities

Sysdig has transitioned from using Redhat OVAL (Open Vulnerability and Assessment Language) as the primary data source for Redhat vulnerabilities to the new CSAF-VEX (Common Security Advisory Framework Vulnerability Exploitability eXchange). This change is aimed at enhancing the vulnerability matching accuracy, improving data quality, and streamlining Sysdig’s overall security processes. Here are the key changes introduced by CSAF-VEX:

• Enhanced Data Accuracy and Quality: CSAF-VEX provides more precise and comprehensive vulnerability information. The structured format ensures that data is presented consistently, making it easier to interpret and act upon.

• Improved Vulnerability Assessment: The transition to CSAF-VEX will enable more detailed vulnerability assessments, including specific exploitability information. This will allow for more informed decision-making regarding vulnerability prioritization and remediation.

• Better Compatibility and Future-Proofing: CSAF-VEX is aligned with modern security standards and practices, ensuring better compatibility with other security frameworks and tools. This transition positions us to adapt more readily to future advancements in vulnerability management.

Support for Rocky Linux

The new Vulnerability Management engine supports Rocky Linux versions 8 and 9.

Defect Fixes

• Fixed the issue where Secure API documentation does not load as expected.
• Cluster Scanner retrieves the label owner from scanned clusters as expected.

6.12.0 Release, June 2024

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.

Upgraded to OpenSearch v2

For fresh installations and upgrades to version v6.12.0, OpenSearch v2 is included. If you are currently using on-prem version 5.x and plan to upgrade to v6.12.0, ensure that you have first migrated your environment to OpenSearch v1 by upgrading to any on-prem 6.x before proceeding with the upgrade to version v6.12.0.

Sysdig Secure

Download Scan Results in PDF Format

You can now download scan results in PDF format showing the top 100 packages and vulnerabilities. For more information, see Download Scan Results.

Manual Scanning of Registry Images

You can use the Scan Now UI to manually scan the registry images. The results are displayed on the Registry page on the Sysdig Secure UI.

Display Container Information in Runtime Scan Results

Runtime Scan results will now include the following container information, in addition to the existing metadata:

• Container.name
• Container.ID
• container.runtime.type

You can also use them while scoping the scan results.

API Docs in Airgap Environments

API documentation for Sysdig Secure is now supported in Airgap Environments.

Defect Fixes

• Fixed the issue in Sysdig Secure where total agent count is not shown in the Agents Dashboard.

• Fixed the issue where the Cluster name is not auto-populated when creating a Vulnerability report for runtime workloads.

• Fixed the issue in Installer where proxy settings where not honoured.

  To help remove the proxy settings, a new CLI option, –disable-proxy, has been added to the installer. Use this option when you want to remove an existing proxy. To remove the existing proxy setting:

1. Remove the relevant entries from the values.yaml file.
2. Use the --disable-proxy when running the installer commands, such as generate, diff, and deploy

6.11.0 Release, April 2024

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.

Sysdig Secure

New VM Risk Acceptance Public API

Formerly accessible solely through the UI, the Risk Acceptance feature has now been exposed via a robust Public API, granting you unparalleled control over risk acceptance. The Risk Acceptance API adheres to the rigorous standards, ensuring seamless integration and alignment with industry best practices. For more information, please Contact Support.

RBAC Permissions Available in Vulnerability Management

Administrators can now define which roles are permitted to access the Vulnerability Management, Policy, Reporting and Risk Acceptance functions. For more information, see Custom Roles.

Defect Fixes

Fixed the issue in Installer where helm charts were not specifying node affinity, causing workloads to not be scheduled correctly.

6.10.0 Release, April 2024

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.

Sysdig Platform

Enhanced Team Settings

Enterprise accounts with a large number of users within a single Team can now efficiently manage their users by using the enhanced Team Settings interface. The Teams interface, including the List and Team Edit pages have been upgraded to provide a more streamlined Team and User management experience. For more information, see Manage Teams, Roles, and Service Accounts.

Upgrade sysdig-mini-ubi to v1.3.15

The Installer has been updated with the base image v1.3.15.

Prevent Malware Communication to Agent from Collector

Due to a race condition defect in processing malware messages in agent versions below v13.0.0, malware-related communication from the collector to the agent is prevented, even if the agent requests it.

Sysdig Secure

Vulnerability Feeds in Airgap Environments

When updating the sysdigcloud-scanningv2-airgap-vuln-feeds deployment with a new image tag, the old replicas will remain available until the new one is fully operational. This feature is beneficial in cases where pulling a new image from a registry fails.

Previously, only one replica was active, and the pod would terminate first before the new one was created. This process could lead to backend failures if the image retrieval failed during this transition.

Defect Fixes

• Fixed the issue where RKE2 clusters were missing most ingresses, resulting in the cluster failing to access different endpoints and returning a 404 error on request.
• Fixed an issue where Sysdig app status was visible in on-prem installations.
• Fixed an issue where installation was failing on Openshift due to insufficient wait time for sysdigcloud-postgres-operator.

6.4.6 Hotfix Release, April 2024

This hotfix addresses the issue of the Secure login page not being displayed after restarting the sysdigcloud-api pod.

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository includes the on-premises Installation documentation.

6.9.1 Hotfix Release, March 2024

This hotfix addresses the following:

• Update the rules validator for the policies backend service to allow users to upgrade their default rules to the latest available ruleset

• The error during the upgrade process, caused by a missing import code for pvStorageSize.cassandra, has been fixed.

• The issue where the installer incorrectly added a \n (line feed) to the context when current-context is used but the context is not specified in the values.yaml or on the installer command line has been resolved.

• Cassandra failure during the Zookeeper upgrade process in the installer when override fields are used. To fix the issue, remove the customOverride field:

    cassandra:
      jvmOptions: -Xms6G -Xmx8G
      # customOverrides: |
      #   compaction_throughput_mb_per_sec: 300
  

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.

6.7.1 Hotfix Release, March 2024

This hotfix addresses an issue encountered during the zookeeper upgrade process in the installer, providing improved upgrade efficiency and speed.

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.

6.4.5 Hotfix Release, March 2024

This hotfix fixes an issue with the slowness in the Secure UI.

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.

6.9.0 Release, February 2024

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.

Backup and Restore PostgreSQL

Sysdig provides support to back up and restore the configurations data stored in high availability PostgreSQL clusters. See Backup and Restore High Availability PostgreSQL Clusters.

Upgraded to Cassandra v4

For fresh installations and upgrades to v6.9.0, Cassandra v4 will be included. If you are currently using on-prem version 5.x and plan to upgrade to v6.9.0, ensure you have upgraded your data store to Cassandra v3 before proceeding with the upgrade to v6.9.0.

Sysdig Secure

Malware Detection

Sysdig Secure now has the ability to detect fileless attacks using a new Falco rule on the managed policy called Sysdig Threat Detection.

To use this feature, your system must meet the following requirements:

• Agent version 13.0.1+ installed
• Sysdig Threat Detection policy enabled

For more information on Sysdig solution for fileless malware detection, see Fileless Malware Detection.

Contact Sysdig representative to enable this feature in your on-prem environment.

Defect Fixes

• Fixed an issue where agents were restarted when deployed on the same nodes as Cassandra instances.
• Fixed an issue where the scan results are not displayed on the Vulnerability Management UI.
• Fixed an issue where error messages continued to be displayed while viewing the Group Mappings that had not been activated.
• Fixed an issue where upgrading to version v6.x.0 with service accounts triggered a faulty migration that displayed the v6.4.2 UI.
• Fixed an issue where Data Sources UI not reflecting the connected Sysdig Agents correctly.
• Fixed an issue where Token, Index, and Source Type of an already-configured Splunk integration for Event Forwarding is not displayed in the Sysdig Secure UI.

6.4.4 Hotfix Release, February 2024

This hotfix fixes an option to not display the Sysdig Secure API token in the UI.

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.

6.8.0 Release, January 2024

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.

Vulnerability Management Support for Report Generation in Zip Format

When you create or edit a report, you can choose JSON, NDJSON, or CSV format and you can also choose Gzip or ZIP compression format. For more information, see Reporting

postgres-ha Operator Upgrade

The postgres-ha operator has been updated to the latest upstream version.

5.1.12 Hotfix Release, January 2024

This hotfix corrects an issue that causes failures when scanning manifests with reference to non-Linux images.

6.4.3 Hotfix Release, January 2024

This hotfix provides the option to restrict the roles that the Service Manager can assign. With this option on, the Service Manager can only assign Standard User roles to Service Developers and Service Manager roles to Service Administrators. It prevents them from assigning Advanced User, Team Manager, or any other custom roles to users.

6.4.2 Hotfix Release, December 2023

This hotfix introduces the ability to count and segment Runtime events by specific labels.

Support for Sysdig Terraform Provider v1.10.0

The Sysdig Terraform Provider v1.10.0 is compatible with Sysdig on-prem version 6.4.0.

Upgrade Process

Supported Upgrades From: 5.0.x, 5.1.x, 6.x

For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.

Defect Fixes

• Fixed reported errors in Captures at Secure-Only on-prem environments.
• Readiness Probe in Sysdig Agent v12.15.0 works as expected.
• Retrieving images and Installers works as expected.
• Audit logs are generated and reported after forwarding to Syslog.