RSS

SaaS: Sysdig Secure Release Notes

Here are the most recent release notes for Sysdig Secure SaaS. Review the entries to learn about the latest features, defect fixes, and known issues.

You may also want to review the update log for Falco rules used in the Policy Editor: Falco Rules Changelog.
The dates shown are for the initial release of a feature.Β The feature may not be rolled out to all regions concurrently and availability of a feature in a particular region will depend on scheduling.

Supported Web Browsers

Sysdig supports, tests, and verifies the latest versions of Chrome and Firefox. Other browsers may also work but are not tested in the same way.

February 3, 2026

Vulnerability Management Overview & Findings is Generally Available

Vulnerability Management Overview & Findings is now generally available. This release provides a supported workspace for VM program owners to monitor program health, analyze risk trends, and prioritize remediation.

What’s New

  • Expanded Program Dashboards: View risk trends and identify the primary sources of exposure, including namespaces, cloud accounts, images, and repositories.
  • Enhanced Context: Gain deeper visibility across image, OS, application, and package layers, enabling more precise remediation and exception scoping.
  • Better Prioritization: Findings are sorted by default to highlight the most critical, exploitable, and recently discovered vulnerabilities.

This experience is available under Secure > Vulnerabilities > Program Owner. Migration is automatic for existing users. See Vulnerability Overview

January 29, 2026

KSPM Analyzer v1.47.1

Defect Fixes

  • Fixed an issue that could make kspm-analyzer log the error Failed to setup lease owner reference on OpenShift clusters.

January 28, 2026

Host Scanner v0.14.2

Defect Fixes

  • Fixed an issue which could cause the Host Scanner to perform unnecessary scans after restarts.

Security Updates

Updated dependencies to address the following vulnerabilities:

Sysdig Runtime Scanner v1.8.7

Defect Fixes

  • Fixed an issue which could cause the Runtime Scanner to leak unused temporary copies of the vulnerability database.

Security Updates

Updated dependencies to address the following vulnerabilities:

January 27, 2026

KSPM Analyzer v1.47.0

Enhancements

  • Added support for Kubernetes versions 1.29 through 1.32 with new compliance audits.
  • Improved Docker audits to skip evaluation when Mirantis Container Runtime (MCR) is detected.
  • Improved startup performance, reducing initialization time and liveness probe response.

Security Updates

Updated dependencies to address the following vulnerabilities:

KSPM Collector v1.39.18

Security Updates

Updated dependencies to address the following vulnerabilities:

January 24, 2026

Agentless Scanning Support for LVM-Based and Multi-Partition Root Volumes

Sysdig Agentless Workload Scanning now supports LVM-based instances and hosts with multi-partition root volumes, reconstructing the full filesystem from /etc/fstab so all relevant mount points (for example, /, /usr, /var, /home) are included in analysis.

For more information on Agentless Host Scanning, see Scanning Guidelines.

January 20, 2026

Expanded Compliance Coverage

Added new compliance posture policies across benchmarks, regulatory standards, security frameworks, and Sysdig benchmarks. For more details, see Posture Policies.

January 20, 2026

Enhancements

Graph Inventory (New Experience)

The Inventory introduces a new experience for exploring and analyzing resources across your environment. This update provides a unified Inventory > Resources view with improved navigation, filtering, and visibility into resource relationships, powered by Sysdig’s graph query engine.

The new experience includes:

  • A hierarchical, searchable resource navigation
  • Context-aware filtering and pagination
  • Detailed resource insights via an interactive side panel

This enhancement helps you discover, filter, and analyze resources more efficiently across connected environments. For more information, see Resources.

January 19, 2026

Agentless Vulnerability Scanning for AWS Lambda ZIP Functions

Sysdig has expanded Agentless Workload Scanning to support AWS Lambda functions packaged as ZIP archives. Previously, scanning was limited to Lambda functions deployed as container images.

This enhancement allows you to:

  • Close visibility gaps: Discover and scan serverless functions deployed as ZIP files alongside your containerized workloads.
  • Automated SBOM extraction: Sysdig builds a detailed Software Bill of Materials (SBOM) by analyzing the AWS-managed base image, application code, and dependencies within the ZIP archive.
  • Unified reporting: Findings from Lambda ZIP functions appear in Sysdig Secure alongside other assets, complete with severity scoring, fix availability, and policy evaluation.

If you already use Sysdig Agentless Workload Scanning for AWS, Lambda ZIP functions will be included automatically once discovered.

New Response Actions are supported in Automations

Automations triggered from a Runtime Event extend the support to all the available actions:

  • Kill container
  • Stop container
  • Pause container
  • Kill Process
  • File acquire
  • File quarantine
  • Kill Pod
  • Kubernetes Rollout restart
  • Kubernetes Volume snapshot
  • Kubernetes Get Logs
  • Kubernetes Network isolate

Read more in the Automations page for more details.

January 13, 2026

Registry Scanner v0.11.0

Enhanced Image Filtering Capabilities

Improved image filtering functionality with expanded filter limits to support larger registries and more complex filtering requirements. This enhancement allows for more comprehensive control over which container images are included in vulnerability scanning workflows.

Filter limit increases:

  • config.filter.maxRepositoriesPerRegistry: Increased from 10,000 to 20,000 repositories per registry
  • config.filter.maxTagsPerRepository: Increased from 50 to 100 tags per repository
  • config.filter.maxAgeDays: Extended from 365 days (1 year) to 1,825 days (5 years) for image age filtering Refer to chart documentation for more details.

Security Updates

Updated dependencies to address the following vulnerabilities:

January 12, 2026

KSPM Collector v1.39.17

Security Updates

Updated dependencies to address the following vulnerabilities:

January 5, 2026

Risk Spotlight (In-Use) for Non-Kubernetes Containers

Sysdig has expanded Risk Spotlight (In-Use) prioritization to support non-Kubernetes container workloads. You can now identify which packages are actively loaded at runtime for bare containers (Docker and Podman) running on Linux hosts protected by the Sysdig Host Shield.

This enhancement allows you to reduce vulnerability noise and prioritize remediation efforts for your entire Linux ecosystem, including orchestrators such as Nomad or Mesos, by focusing on the vulnerabilities that are actually executable in production.

For more information, see Risk Spotlight.