Direct upgrades are supported from version: 6.x, 7.x

For compatibility matrix, see Kubernetes support matrix. For installation and upgrade instructions, see Installation overview.

Sysdig Secure

Local Scanning for Kubernetes Container Workloads

Sysdig Secure now supports Local Scanning, a new deployment option for Sysdig Vulnerability Management that runs scanners directly on Kubernetes nodes and hosts to discover and analyze images in place, including ephemeral and non‑registry images. This reduces dependence on central registries, closes visibility gaps across complex environments, and makes it easier to scale vulnerability coverage. Local Scanning requires Host Shield 14.5.0) or later.

For more information, see Local Scanning.

Host and Kubernetes Response Actions in Automations

Automations triggered from Runtime Events now support the full set of response actions, enabling faster containment and forensics directly from detections:

• Kill container
• Stop container
• Pause container
• Kill Process
• File acquire
• File quarantine
• Kill Pod
• Kubernetes Rollout restart
• Kubernetes Volume snapshot
• Kubernetes Get Logs
• Kubernetes Network isolate

For more information, see Response Actions in Automations.

Graph Search

Graph Search introduces an intuitive query builder on top of our graph database, allowing users to explore relationships across their On-Premise environments and Kubernetes assets and quickly surface the security issues that matter most in their environments. For more information, see Graph Search.

Sysdig Platform

On-Prem Platform Version in UI

You can now access the On-Prem platform version directly in the UI from the Version & License page under Settings, making it easier for administrators to see which Sysdig On-Prem release is running.

Direct upgrades are supported from version: 6.x, 7.x

For compatibility matrix, see Kubernetes support matrix. For installation and upgrade instructions, see Installation overview.

Sysdig Secure

Runtime Detection: File Integrity Monitoring (FIM)

A new runtime detection type, File Integrity Monitoring (FIM), is now available. FIM enables you to monitor file changes and create detection policies aligned with PCI DSS requirements 10.5.5 and 11.5. FIM monitoring requires Host Shield version 14.3 or later.

For more information, see FIM Policies.

Events Feed: Customizable Columns

You can now customize the columns displayed in the Events Feed to view relevant attributes directly in the event list, without opening individual events. For more information, see Events Feed.

Risk Spotlight (In-Use) Support for Non-Kubernetes Containers

Risk Spotlight (In-Use) prioritization now supports non-Kubernetes container workloads, including Docker and Podman containers running on Linux hosts protected by Sysdig Host Shield. This enhancement allows you to reduce vulnerability noise and prioritize remediation efforts for your entire Linux ecosystem by focusing on the vulnerabilities that are actively executable across your Linux container environments.

For more information, see Risk Spotlight.

Changes to List Matching Policies and Rules

Creation of new List Matching Policies and Rules is no longer supported. Existing policies and rules continue to function and can still be modified.

For new detections, use Falco rules, which provide expanded detection capabilities and flexibility.

For more information, see List Matching Policy.

Zones: Additional Filtering Operators

Two new filtering operators are available for Zones:

• is not
• does not contain

These operators enable more precise exclusion filtering for events and findings.

Sysdig Monitor

Recurring Alert Silencing Rules

Alert silencing rules now support recurring schedules, allowing you to automatically mute alerts during defined maintenance windows (for example, daily or weekly). Silences can be applied to the entire infrastructure within the selected team scope.

For more information, see Configure Recurring Silence Rule.