Sysdig On-Premises Release Notes
- Supported Web Browsers: Sysdig supports, tests, and verifies the latest versions of Chrome and Firefox. Other browsers may also work but are not tested with the same rigour.
- Falco Rules: You may also want to review the update log for Falco Rules. used in the Sysdig Secure Policy Editor.
7.7.0 Release, April 2026
Upgrade Process
Direct upgrades are supported from version: 6.x, 7.x
For compatibility matrix, see Kubernetes support matrix. For installation and upgrade instructions, see Installation overview.
Sysdig Secure
Local Scanning for Kubernetes Container Workloads
Sysdig Secure now supports Local Scanning, a new deployment option for Sysdig Vulnerability Management that runs scanners directly on Kubernetes nodes and hosts to discover and analyze images in place, including ephemeral and nonβregistry images. This reduces dependence on central registries, closes visibility gaps across complex environments, and makes it easier to scale vulnerability coverage. Local Scanning requires Host Shield 14.5.0) or later.
For more information, see Local Scanning.
Host and Kubernetes Response Actions in Automations
Automations triggered from Runtime Events now support the full set of response actions, enabling faster containment and forensics directly from detections:
- Kill container
- Stop container
- Pause container
- Kill Process
- File acquire
- File quarantine
- Kill Pod
- Kubernetes Rollout restart
- Kubernetes Volume snapshot
- Kubernetes Get Logs
- Kubernetes Network isolate
For more information, see Response Actions in Automations.
Graph Search
Graph Search introduces an intuitive query builder on top of our graph database, allowing users to explore relationships across their On-Premise environments and Kubernetes assets and quickly surface the security issues that matter most in their environments. For more information, see Graph Search.
Sysdig Platform
On-Prem Platform Version in UI
You can now access the On-Prem platform version directly in the UI from the Version & License page under Settings, making it easier for administrators to see which Sysdig On-Prem release is running.
7.6.0 Release, February 2026
Upgrade Process
Direct upgrades are supported from version: 6.x, 7.x
For compatibility matrix, see Kubernetes support matrix. For installation and upgrade instructions, see Installation overview.
Sysdig Secure
Runtime Detection: File Integrity Monitoring (FIM)
A new runtime detection type, File Integrity Monitoring (FIM), is now available. FIM enables you to monitor file changes and create detection policies aligned with PCI DSS requirements 10.5.5 and 11.5. FIM monitoring requires Host Shield version 14.3 or later.
For more information, see FIM Policies.
Events Feed: Customizable Columns
You can now customize the columns displayed in the Events Feed to view relevant attributes directly in the event list, without opening individual events. For more information, see Events Feed.
Risk Spotlight (In-Use) Support for Non-Kubernetes Containers
Risk Spotlight (In-Use) prioritization now supports non-Kubernetes container workloads, including Docker and Podman containers running on Linux hosts protected by Sysdig Host Shield. This enhancement allows you to reduce vulnerability noise and prioritize remediation efforts for your entire Linux ecosystem by focusing on the vulnerabilities that are actively executable across your Linux container environments.
For more information, see Risk Spotlight.
Changes to List Matching Policies and Rules
Creation of new List Matching Policies and Rules is no longer supported. Existing policies and rules continue to function and can still be modified.
For new detections, use Falco rules, which provide expanded detection capabilities and flexibility.
For more information, see List Matching Policy.
Zones: Additional Filtering Operators
Two new filtering operators are available for Zones:
is notdoes not contain
These operators enable more precise exclusion filtering for events and findings.
Sysdig Monitor
Recurring Alert Silencing Rules
Alert silencing rules now support recurring schedules, allowing you to automatically mute alerts during defined maintenance windows (for example, daily or weekly). Silences can be applied to the entire infrastructure within the selected team scope.
For more information, see Configure Recurring Silence Rule.
