Skip to content

aquasecurity/tracee-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
docs
docs
 
 
policies
policies
 
 
signatures
signatures
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yaml
action.yaml
 
 

Repository files navigation

Production Ready

This project is not production ready. We are experimenting with it to test and demostrate Tracee capabilities.

Protect your GitHub Actions with Tracee

Tracee is a powerful open source runtime security and forensics solution. It is using eBPF to trace your system, produce rich events that gives you visibility into what is happening under the hood, and also detects suspicious behavior in those event.

This project is using Tracee to protect GitHub Actions workflow against supply chain attacks. You can add the aquasecurity/tracee-action GitHub Action to your workflow, which will automatically install Tracee in the runner and start tracing it.

Protection

tracee-action offers two kinds of protection that complements each other: Events, and Profile.

Signatures

Tracee runs in the background and hunts for suspicious behavior in the runner and in the workflow. It uses the powerful set of behavioral signatures that is available for Tracee, and you can add your own specific signatures to detect unwanted behavior. Signatures detections are reported to you as a comment on the PR that triggered the action for your review. You can review the list of events in the default policy here

Profile

While the profile is running Tracee builds a profile that describes how your workflow normally behaves. Once you approve this initial profile as the baseline, tracee-action will detect and report any deviation from it. Profile deviations are reported to you as a new PR that add commits the changes to a .tracee directory in the project. You can review the contents of the default profile here

Getting Started

Add tracee-action to the beginning of your workflow with the tag ending with -start, and to the end of your workflow with the tag ending with -stop. Example:

name: My pipeline
jobs:
  my-job:
    runs-on: ubuntu-latest
    steps:
    - name: Start Tracee
      uses: aquasecurity/[email protected]

    ...

    - name: Stop Tracee
      uses: aquasecurity/[email protected]

There are some configuration options the are detailed here

Tracee is an Aqua Security open source project. Learn about our open source work and portfolio Here. Join the community, and talk to us about any matter in GitHub Discussion or Slack.

About

Protect GitHub Actions with Tracee

github.com/aquasecurity/tracee

Topics

security ebpf github-actions runtime-scanner

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

80 stars

Watchers

8 watching

Forks

8 forks
Report repository

Releases 8

v0.4.0-start Latest
Sep 13, 2023
+ 7 releases

Contributors 4

  •  
  •  
  •  
  •  

Languages