Motivation
Having available as fields all labels from the running containers, ie container.labels[].
These labels are really useful to get more context. For example, for the runners of CI like Gitlab Runners, the fields are filled with information which allow to do the correlation with the job, the project, etc. Having these fields will allow to integrate more Falco in the Supply Chain Security:
"com.gitlab.gitlab-runner.job.before_sha": "",
"com.gitlab.gitlab-runner.job.id": "0",
"com.gitlab.gitlab-runner.job.ref": "",
"com.gitlab.gitlab-runner.job.sha": "",
"com.gitlab.gitlab-runner.job.url": "/-/jobs/0",
"com.gitlab.gitlab-runner.managed": "true",
"com.gitlab.gitlab-runner.pipeline.id": "",
"com.gitlab.gitlab-runner.project.id": "0",
"com.gitlab.gitlab-runner.runner.id": "",
"com.gitlab.gitlab-runner.runner.local_id": "0",
"com.gitlab.gitlab-runner.type": "build",
"my.custom.label": "my.custom.value",
Feature
Having the fields container.labels[] containing all the labels of the pod where the suspicious action happened.
Alternatives
n/a
Additional context
Motivation
Having available as fields all labels from the running containers, ie
container.labels[].These labels are really useful to get more context. For example, for the runners of CI like Gitlab Runners, the fields are filled with information which allow to do the correlation with the job, the project, etc. Having these fields will allow to integrate more Falco in the Supply Chain Security:
Feature
Having the fields
container.labels[]containing all the labels of the pod where the suspicious action happened.Alternatives
n/a
Additional context