From ba8a0e838970efd3b1e19e00ab27535e1d126ba4 Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Thu, 28 Mar 2024 12:25:10 +0100 Subject: [PATCH] docs: update default branch to `main` Signed-off-by: Leonardo Grasso --- docs/plugin-ids.md | 2 +- plugins/gcpaudit/walkthrough.md | 2 +- plugins/github/README.md | 2 +- plugins/k8saudit-eks/README.md | 6 +++--- plugins/k8saudit-gke/README.md | 2 +- plugins/k8smeta/README.md | 4 ++-- release.md | 4 ++-- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/plugin-ids.md b/docs/plugin-ids.md index 079c9486..7b81cb94 100644 --- a/docs/plugin-ids.md +++ b/docs/plugin-ids.md @@ -2,7 +2,7 @@ Using a unique `id` is mandatory to maintain interoperability across all plugins with _event sourcing_ capability. When a plugin is loaded by a compatible application (e.g., Falco), the `id` is used to route events to the correct plugin. Indeed, attempting to load two or more plugins using the same `id` will result in an error. -For this reason, The Falco Project maintains a [public registry of plugins](https://github.com/falcosecurity/plugins/blob/master/README.md#registering-a-new-plugin), which allows the assignment of a unique `id` for your plugin. However, some plugins may not be registered in the public registry. For example, if you are privately developing a plugin for your own use, you might use any `id` you want. To avoid conflicts in these situations, this document mandates general rules regarding `id` assignment and reservation. +For this reason, The Falco Project maintains a [public registry of plugins](https://github.com/falcosecurity/plugins/blob/main/README.md#registering-a-new-plugin), which allows the assignment of a unique `id` for your plugin. However, some plugins may not be registered in the public registry. For example, if you are privately developing a plugin for your own use, you might use any `id` you want. To avoid conflicts in these situations, this document mandates general rules regarding `id` assignment and reservation. ## ID Blocks diff --git a/plugins/gcpaudit/walkthrough.md b/plugins/gcpaudit/walkthrough.md index 1f3bbde0..60f44e55 100644 --- a/plugins/gcpaudit/walkthrough.md +++ b/plugins/gcpaudit/walkthrough.md @@ -274,7 +274,7 @@ Falco is configured to monitor changes to its configuration files, so there is n With everything configured, the last step is to test the GCP Audit Logs plugin. -If you read the [plugin rules file](https://github.com/falcosecurity/plugins/blob/master/plugins/gcpaudit/rules/gcp_auditlog_rules.yaml), you will see that there are dozens of different rules that you could test, but to keep it simple we’ll repeat the same test we did earlier and create and delete a Pub/Sub topic. +If you read the [plugin rules file](https://github.com/falcosecurity/plugins/blob/main/plugins/gcpaudit/rules/gcp_auditlog_rules.yaml), you will see that there are dozens of different rules that you could test, but to keep it simple we’ll repeat the same test we did earlier and create and delete a Pub/Sub topic. Since the VM you created to run Falco does not have `gcloud` installed, the easiest way to do this section is to create a second shell instance either back on your local machine or in Cloud Shell - wherever you originally ran the gcloud commands from. diff --git a/plugins/github/README.md b/plugins/github/README.md index bcff9b0b..2e41485e 100644 --- a/plugins/github/README.md +++ b/plugins/github/README.md @@ -121,4 +121,4 @@ The plugin can currently detect when the following types of secrets are committe - shopify_private_app_access_token - pypi_upload_token -Adding a new secret detection is simply a matter of adding a new entry in the secretsChecks array in [secrets.go](https://github.com/falcosecurity/plugins/blob/master/plugins/github/pkg/github/secrets.go). +Adding a new secret detection is simply a matter of adding a new entry in the secretsChecks array in [secrets.go](https://github.com/falcosecurity/plugins/blob/main/plugins/github/pkg/github/secrets.go). diff --git a/plugins/k8saudit-eks/README.md b/plugins/k8saudit-eks/README.md index 75e41b83..665c5785 100644 --- a/plugins/k8saudit-eks/README.md +++ b/plugins/k8saudit-eks/README.md @@ -3,7 +3,7 @@ ## Introduction This plugin extends Falco to support [Kubernetes Audit Events](https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-backends) from AWS EKS clusters as a new data source. -For more details about what Audit logs are, see the [README of k8saudit plugin](https://github.com/falcosecurity/plugins/blob/master/plugins/k8saudit/README.md). +For more details about what Audit logs are, see the [README of k8saudit plugin](https://github.com/falcosecurity/plugins/blob/main/plugins/k8saudit/README.md). ### Functionality @@ -11,7 +11,7 @@ This plugin supports consuming Kubernetes Audit Events stored in Cloudwatch Logs ## Capabilities -The `k8saudit-eks` uses the field extraction methods of the [`k8saudit`](https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit) plugin as the format for the Audit Logs is same. +The `k8saudit-eks` uses the field extraction methods of the [`k8saudit`](https://github.com/falcosecurity/plugins/tree/main/plugins/k8saudit) plugin as the format for the Audit Logs is same. ### Event Source @@ -122,7 +122,7 @@ A string which contains the name of your EKS Cluster (required). ### Rules -The `k8saudit-eks` plugin ships with no default rule for test purpose, you can use the same rules than those for `k8saudit` plugin. See [here](https://github.com/falcosecurity/plugins/blob/master/plugins/k8saudit/rules/k8s_audit_rules.yaml). +The `k8saudit-eks` plugin ships with no default rule for test purpose, you can use the same rules than those for `k8saudit` plugin. See [here](https://github.com/falcosecurity/plugins/blob/main/plugins/k8saudit/rules/k8s_audit_rules.yaml). To test if it works anyway, you can still use this one for example: diff --git a/plugins/k8saudit-gke/README.md b/plugins/k8saudit-gke/README.md index cf2e04c2..52eedf40 100644 --- a/plugins/k8saudit-gke/README.md +++ b/plugins/k8saudit-gke/README.md @@ -14,7 +14,7 @@ GKE Admin Activity audit logs and GKE Data Access audit logs can be send to a Pu Optionally, the `k8saudit-gke` plugin can use the Google Container API to fetch cluster resource metadata labels. These cluster labels are appended to the resource labels of the log entry. -Finally, the Google audit log entries are converted to a Kubernetes audit event object and handed off to the Falco rule pipeline. This means the field extraction methods and rules of the [`k8saudit`](https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit) can be used. +Finally, the Google audit log entries are converted to a Kubernetes audit event object and handed off to the Falco rule pipeline. This means the field extraction methods and rules of the [`k8saudit`](https://github.com/falcosecurity/plugins/tree/main/plugins/k8saudit) can be used. > [!WARNING] > As the Kubernetes audit event is reconstructed from a Google audit logs entry some Falco rules might not work as expected due to missing information. diff --git a/plugins/k8smeta/README.md b/plugins/k8smeta/README.md index d56abaf8..69b62700 100644 --- a/plugins/k8smeta/README.md +++ b/plugins/k8smeta/README.md @@ -96,7 +96,7 @@ The plugin doesn't have open params ### Rules -This plugin doesn't provide any custom rule, you can use the default Falco ruleset and add the necessary `k8smeta` fields. A very simple example rule can be found [here](https://github.com/falcosecurity/plugins/blob/master/plugins/k8smeta/test/rules/example_rule.yaml) +This plugin doesn't provide any custom rule, you can use the default Falco ruleset and add the necessary `k8smeta` fields. A very simple example rule can be found [here](https://github.com/falcosecurity/plugins/blob/main/plugins/k8smeta/test/rules/example_rule.yaml) ### Running @@ -123,4 +123,4 @@ cmake .. make k8smeta -j10 ``` -To run local tests follow the steps [here](https://github.com/falcosecurity/plugins/blob/master/plugins/k8smeta/test/README.md) +To run local tests follow the steps [here](https://github.com/falcosecurity/plugins/blob/main/plugins/k8smeta/test/README.md) diff --git a/release.md b/release.md index af32eb98..d6153b46 100644 --- a/release.md +++ b/release.md @@ -1,9 +1,9 @@ # Release Process -Our release process is automated by a couple of GitHub Actions ([`Update Plugins-dev`](https://github.com/falcosecurity/plugins/blob/master/.github/workflows/push_master.yml) and [`Release Plugins`](https://github.com/falcosecurity/plugins/blob/master/.github/workflows/release.yml)). +Our release process is automated by a couple of GitHub Actions ([`Update Plugins-dev`](https://github.com/falcosecurity/plugins/blob/main/.github/workflows/main.yml) and [`Release Plugins`](https://github.com/falcosecurity/plugins/blob/main/.github/workflows/release.yml)). The process publishes two types of releases: -- **dev** builds: the process is fully automated, and it is triggered when changes are merged into `master` branch +- **dev** builds: the process is fully automated, and it is triggered when changes are merged into `main` branch - **stable** builds: the process is automated, but it needs to be manually triggered by tagging a plugin with a release version (see the [section](#Stable-builds) below) Regardless of the type, if a plugin provides a ruleset, the ruleset is released, too, with the same version number. This may change in the future. Also, see [Versioning a rulset](https://github.com/falcosecurity/rules/blob/main/RELEASE.md#versioning-a-ruleset) guidelines before deciding the release version number.