Sysdig On-Premises Release Notes
- Supported Web Browsers: Sysdig supports, tests, and verifies the latest versions of Chrome and Firefox. Other browsers may also work but are not tested with the same rigour.
- Falco Rules: You may also want to review the update log for Falco Rules. used in the Sysdig Secure Policy Editor.
7.8.0 Release, June 2026
Upgrade Process
Direct upgrades are supported from version: 6.x, 7.x
For compatibility matrix, see Kubernetes support matrix. For installation and upgrade instructions, see Installation overview.
Sysdig Secure
Response History
You can now see what Response Actions have been taken, where, when, and by whom in the Response History page. The page collects all Response Actions performed across the product - manually from events, automatically from Automations, or through APIs providing a single place to retrieve collected artifacts or revert containment actions performed by mistake.
For more information, see Response History.
Sysdig Secure Main Navigation Update
Sysdig has updated the Secure main navigation to improve access to key workflows and consolidate product areas. The navigation now includes:
- Dashboards (formerly Home): Gives you insights into posture, vulnerabilities, and runtime events.
- Graph Search: Lets you use a unified search to explore resources and relationships in ways that are faster and more complete.
- Detection & Response: Monitors and detects events, audit activity, and captures, and configures Rapid Response flows.
- Inventory: Displays all your resources.
- Reporting: Allows you to access Reports Manager and Scheduled Reports.
- Policies: Lets you view and set up policies.
- Integrations: Lets you connect your environments, data sources, and third-party tools.
- Settings: Manages account configuration, including API keys, SSO, users, teams, and certificates.
Legacy navigation items remain available under Legacy submenus.
Sysdig Monitor
Legacy Metrics Storage Backend Disabled by Default
Starting v7.8.0, access to the legacy metrics storage backend is disabled by default. Dashboards are migrated from the legacy metrics backend to the Prometheus-based ones. Form editor panels are automatically translated to PromQL and executed via the Sysdig Prometheus API, so queries keep working but now use a single PromQL engine and higher-granularity data.
For more information, see Automatic Query Translation.
Note: This change only affects customers who have not been running v6.1.0 or higher for at least 12 months.
7.7.1 Hotfix Release, April 2026
Upgrade Process
Direct upgrades are supported from version: 6.x, 7.x
For compatibility matrix, see Kubernetes support matrix. For installation and upgrade instructions, see Installation overview.
Defect Fixes
Improved PostgreSQL maintenance to automatically clean up unused large objects and prevent excessive WAL and disk growth.
7.7.0 Release, April 2026
Upgrade Process
Direct upgrades are supported from version: 6.x, 7.x
For compatibility matrix, see Kubernetes support matrix. For installation and upgrade instructions, see Installation overview.
Sysdig Secure
Local Scanning for Kubernetes Container Workloads
Sysdig Secure now supports Local Scanning, a new deployment option for Sysdig Vulnerability Management that runs scanners directly on Kubernetes nodes and hosts to discover and analyze images in place, including ephemeral and nonβregistry images. This reduces dependence on central registries, closes visibility gaps across complex environments, and makes it easier to scale vulnerability coverage. Local Scanning requires Host Shield 14.5.0) or later.
For more information, see Local Scanning.
Host and Kubernetes Response Actions in Automations
Automations triggered from Runtime Events now support the full set of response actions, enabling faster containment and forensics directly from detections:
- Kill container
- Stop container
- Pause container
- Kill Process
- File acquire
- File quarantine
- Kill Pod
- Kubernetes Rollout restart
- Kubernetes Volume snapshot
- Kubernetes Get Logs
- Kubernetes Network isolate
For more information, see Response Actions in Automations.
Graph Search
Graph Search introduces an intuitive query builder on top of our graph database, allowing users to explore relationships across their On-Premise environments and Kubernetes assets and quickly surface the security issues that matter most in their environments. For more information, see Graph Search.
Sysdig Platform
On-Prem Platform Version in UI
You can now access the On-Prem platform version directly in the UI from the Version & License page under Settings, making it easier for administrators to see which Sysdig On-Prem release is running.
7.6.0 Release, February 2026
Upgrade Process
Direct upgrades are supported from version: 6.x, 7.x
For compatibility matrix, see Kubernetes support matrix. For installation and upgrade instructions, see Installation overview.
Sysdig Secure
Runtime Detection: File Integrity Monitoring (FIM)
A new runtime detection type, File Integrity Monitoring (FIM), is now available. FIM enables you to monitor file changes and create detection policies aligned with PCI DSS requirements 10.5.5 and 11.5. FIM monitoring requires Host Shield version 14.3 or later.
For more information, see FIM Policies.
Events Feed: Customizable Columns
You can now customize the columns displayed in the Events Feed to view relevant attributes directly in the event list, without opening individual events. For more information, see Events Feed.
Risk Spotlight (In-Use) Support for Non-Kubernetes Containers
Risk Spotlight (In-Use) prioritization now supports non-Kubernetes container workloads, including Docker and Podman containers running on Linux hosts protected by Sysdig Host Shield. This enhancement allows you to reduce vulnerability noise and prioritize remediation efforts for your entire Linux ecosystem by focusing on the vulnerabilities that are actively executable across your Linux container environments.
For more information, see Risk Spotlight.
Changes to List Matching Policies and Rules
Creation of new List Matching Policies and Rules is no longer supported. Existing policies and rules continue to function and can still be modified.
For new detections, use Falco rules, which provide expanded detection capabilities and flexibility.
For more information, see List Matching Policy.
Zones: Additional Filtering Operators
Two new filtering operators are available for Zones:
is notdoes not contain
These operators enable more precise exclusion filtering for events and findings.
Sysdig Monitor
Recurring Alert Silencing Rules
Alert silencing rules now support recurring schedules, allowing you to automatically mute alerts during defined maintenance windows (for example, daily or weekly). Silences can be applied to the entire infrastructure within the selected team scope.
For more information, see Configure Recurring Silence Rule.
