SaaS: Sysdig Secure Release Notes
You may also want to review the update log for Falco rules used in the Policy Editor: Falco Rules Changelog.
The dates shown are for the initial release of a feature.Β The feature may not be rolled out to all regions concurrently and availability of a feature in a particular region will depend on scheduling.
Supported Web Browsers
Sysdig supports, tests, and verifies the latest versions of Chrome and Firefox. Other browsers may also work but are not tested in the same way.
February 18, 2026
Streamlined Jira Integration Configuration
Sysdig now automatically maps Jira issue status in Sysdig to the corresponding status categories in your Jira project, with no additional configuration required while setting up the integration. In addition, when you edit an existing Jira integration, you no longer need to re-enter your Jira API token. For more details, see Configure Jira Ticketing Integration.
February 17, 2026
Amazon Kinesis Data Streams and Kinesis Firehose integrations
It’s now possible to stream data from Sysdig out to these two streaming platforms available in AWS.
You can find the supported data types in the SIEM and Data Platforms integrations page. In the Sysdig Secure dashboard, you can find this under Integrations > SIEM & Data Platforms.
The instructions to set them up are available in the Forwarding to Amazon Kinesis Data Streams and Forwarding to Amazon Kinesis Firehose pages.
Registry Scanner v0.11.2
Defect Fixes
- Fixed ROSA (Red Hat OpenShift Service on AWS) audience detection. Now we can also detect Azure Red Hat OpenShift and OSD (Red Hat OpenShift Dedicated) audiences.
February 13, 2026
Sysdig CLI Scanner v1.25.1
Defect Fixes
- Fixed issue causing packages to not be detected in Alpine minimal/hardened images.
February 10, 2026
Sysdig CLI Scanner v1.25.0
Enhancements
- Added flag
--registry-insecureto support pulling images from HTTP registry. - Added flag
--registry-skiptlsverifyto disable TLS certificate verification when pulling images from registries. - Added flag
--api-skiptlsverifyto disable TLS certificate verification for interactions with the Sysdig backend. - Added
v2format for csv output. This format includes non-package components, such as Application, OS, and Container Image.
Deprecation Notice
- Deprecated
--skiptlsverifyflag. This flag generically applies to both registry and Sysdig backend interaction. To avoid security risks, migrate to the new flags--api-skiptlsverifyand--registry-skiptlsverify.
Security Updates
Updated dependencies to address the following vulnerabilities:
Registry Scanner v0.11.1
Enhancements
- Added ROSA (Red Hat OpenShift Service on AWS) audience detection for improved authentication support.
Defect Fixes
- Fixed issue with track files for analyzer to ensure proper file tracking during scans.
Security Updates
Updated dependencies to address the following high-severity vulnerabilities:
- CVE-2025-15467
- CVE-2025-61726
- CVE-2025-68121
- CVE-2025-68973
- CVE-2025-11187
- CVE-2025-13601
- CVE-2025-14104
- CVE-2025-61728
- CVE-2025-69419
- CVE-2025-9086
- CVE-2025-15468
- CVE-2025-15469
- CVE-2025-66199
- CVE-2025-68160
- CVE-2025-69418
- CVE-2025-69420
- CVE-2025-69421
- CVE-2026-22795
- CVE-2026-22796
- CVE-2025-61730
KSPM Analyzer v1.47.1
Security Updates
Updated dependencies to address the following high-severity vulnerabilities:
Host Scanner v0.15.1
Security Updates
Updated dependencies to address the following high-severity vulnerabilities:
February 3, 2026
Vulnerability Management Overview & Findings is Generally Available
Vulnerability Management Overview & Findings is now generally available. This release provides a supported workspace for VM program owners to monitor program health, analyze risk trends, and prioritize remediation.
What’s New
- Expanded Program Dashboards: View risk trends and identify the primary sources of exposure, including namespaces, cloud accounts, images, and repositories.
- Enhanced Context: Gain deeper visibility across image, OS, application, and package layers, enabling more precise remediation and exception scoping.
- Better Prioritization: Findings are sorted by default to highlight the most critical, exploitable, and recently discovered vulnerabilities.
Migration is automatic for existing users. For more information, see Vulnerability Overview
January 29, 2026
KSPM Analyzer v1.47.1
Defect Fixes
- Fixed an issue that could make
kspm-analyzerlog the errorFailed to setup lease owner referenceon OpenShift clusters.
January 28, 2026
Host Scanner v0.14.2
Defect Fixes
- Fixed an issue which could cause the Host Scanner to perform unnecessary scans after restarts.
Security Updates
Updated dependencies to address the following vulnerabilities:
Sysdig Runtime Scanner v1.8.7
Defect Fixes
- Fixed an issue which could cause the Runtime Scanner to leak unused temporary copies of the vulnerability database.
Security Updates
Updated dependencies to address the following vulnerabilities:
January 27, 2026
KSPM Analyzer v1.47.0
Enhancements
- Added support for Kubernetes versions 1.29 through 1.32 with new compliance audits.
- Improved Docker audits to skip evaluation when Mirantis Container Runtime (MCR) is detected.
- Improved startup performance, reducing initialization time and liveness probe response.
Security Updates
Updated dependencies to address the following vulnerabilities:
- CVE-2024-5642
- CVE-2025-13601
- CVE-2025-4598
- CVE-2025-6069
- CVE-2025-6075
- CVE-2025-61726
- CVE-2025-61728
- CVE-2025-61730
- CVE-2025-68973
- CVE-2025-8291
KSPM Collector v1.39.18
Security Updates
Updated dependencies to address the following vulnerabilities:
January 24, 2026
Agentless Scanning Support for LVM-Based and Multi-Partition Root Volumes
Sysdig Agentless Workload Scanning now supports LVM-based instances and hosts with multi-partition root volumes, reconstructing the full filesystem from /etc/fstab so all relevant mount points (for example, /, /usr, /var, /home) are included in analysis.
For more information on Agentless Host Scanning, see Scanning Guidelines.
January 20, 2026
Expanded Compliance Coverage
Added new compliance posture policies across benchmarks, regulatory standards, security frameworks, and Sysdig benchmarks. For more details, see Posture Policies.
January 20, 2026
Enhancements
Graph Inventory (New Experience)
The Inventory introduces a new experience for exploring and analyzing resources across your environment. This update provides a unified Inventory > Resources view with improved navigation, filtering, and visibility into resource relationships, powered by Sysdigβs graph query engine.
The new experience includes:
- A hierarchical, searchable resource navigation
- Context-aware filtering and pagination
- Detailed resource insights via an interactive side panel
This enhancement helps you discover, filter, and analyze resources more efficiently across connected environments. For more information, see Resources.
January 19, 2026
Agentless Vulnerability Scanning for AWS Lambda ZIP Functions
Sysdig has expanded Agentless Workload Scanning to support AWS Lambda functions packaged as ZIP archives. Previously, scanning was limited to Lambda functions deployed as container images.
This enhancement allows you to:
- Close visibility gaps: Discover and scan serverless functions deployed as ZIP files alongside your containerized workloads.
- Automated SBOM extraction: Sysdig builds a detailed Software Bill of Materials (SBOM) by analyzing the AWS-managed base image, application code, and dependencies within the ZIP archive.
- Unified reporting: Findings from Lambda ZIP functions appear in Sysdig Secure alongside other assets, complete with severity scoring, fix availability, and policy evaluation.
If you already use Sysdig Agentless Workload Scanning for AWS, Lambda ZIP functions will be included automatically once discovered.
New Response Actions are supported in Automations
Automations triggered from a Runtime Event extend the support to all the available actions:
- Kill container
- Stop container
- Pause container
- Kill Process
- File acquire
- File quarantine
- Kill Pod
- Kubernetes Rollout restart
- Kubernetes Volume snapshot
- Kubernetes Get Logs
- Kubernetes Network isolate
Read more in the Automations page for more details.
January 13, 2026
Registry Scanner v0.11.0
Enhanced Image Filtering Capabilities
Improved image filtering functionality with expanded filter limits to support larger registries and more complex filtering requirements. This enhancement allows for more comprehensive control over which container images are included in vulnerability scanning workflows.
Filter limit increases:
config.filter.maxRepositoriesPerRegistry: Increased from 10,000 to 20,000 repositories per registryconfig.filter.maxTagsPerRepository: Increased from 50 to 100 tags per repositoryconfig.filter.maxAgeDays: Extended from 365 days (1 year) to 1,825 days (5 years) for image age filtering Refer to chart documentation for more details.
Security Updates
Updated dependencies to address the following vulnerabilities:
January 12, 2026
KSPM Collector v1.39.17
Security Updates
Updated dependencies to address the following vulnerabilities:
January 5, 2026
Risk Spotlight (In-Use) for Non-Kubernetes Containers
Sysdig has expanded Risk Spotlight (In-Use) prioritization to support non-Kubernetes container workloads. You can now identify which packages are actively loaded at runtime for bare containers (Docker and Podman) running on Linux hosts protected by the Sysdig Host Shield.
This enhancement allows you to reduce vulnerability noise and prioritize remediation efforts for your entire Linux ecosystem, including orchestrators such as Nomad or Mesos, by focusing on the vulnerabilities that are actually executable in production.
For more information, see Risk Spotlight.
