tracee
by
aquasecurity

Description: Linux Runtime Security and Forensics using eBPF

View on GitHub ↗

Summary Information

Updated 31 minutes ago
Added to GitGenius on May 25th, 2022
Created on September 18th, 2019
Open Issues & Pull Requests: 135 (+0)
Number of forks: 504
Total Stargazers: 4,543 (+0)
Total Subscribers: 56 (+0)

Issue Activity (beta)

Open issues: 88
New in 7 days: 0
Closed in 7 days: 0
Avg open age: 875 days
Stale 30+ days: 85
Stale 90+ days: 81

Recent activity

Opened in 7 days: 0
Closed in 7 days: 0
Comments in 7 days: 2
Events in 7 days: 4

Top labels

  • kind/bug (344)
  • kind/feature (214)
  • area/ebpf (144)
  • priority/backlog (83)
  • kind/chore (53)
  • kind/documentation (42)
  • area/testing (32)
  • area/events (30)

Repository Insights (GitGenius)

Median issue/PR response: 0.0 hours
Mean response time: 304.5 days
90th percentile: 1174.6 days
Tracked items: 392

Most active contributors

Detailed Description

Tracee is a runtime security and observability tool developed by Aqua Security that leverages eBPF technology to monitor system and application behavior on Linux. The tool exposes system activity as consumable events, ranging from factual system calls to sophisticated security events that detect suspicious behavioral patterns. Written primarily in Go, Tracee enables users to understand what is happening on their systems in real time through deep kernel-level instrumentation.

The project is classified across multiple security and monitoring domains including compliance enforcement, anomaly detection, container security, runtime enforcement, system auditing, threat detection, and network monitoring. This breadth of classification reflects Tracee's versatility in addressing various security use cases from process tracking and system call tracing to network activity monitoring and policy compliance. The tool supports deployment across different environments, with specific installation guides and quickstart documentation available for Docker and Kubernetes deployments, as well as compatibility information for various Linux distributions and kernels.

Tracee's development has been actively maintained with significant community engagement. GitGenius tracking data shows 392 total issues and pull requests across the repository's history, with a median response latency of 0.0 hours indicating rapid triage and engagement. The most frequently labeled issues fall into three categories: kind/bug with 186 occurrences, kind/feature with 129 occurrences, and priority/backlog with 71 occurrences. This distribution suggests the project maintains an active bug-fixing cadence while also managing feature requests and backlog items systematically.

The core contributor base has been relatively concentrated, with geyslan leading activity tracking at 397 events, followed by yanivagman with 373 events and NDStrahilevitz with 108 events. These three individuals have driven the majority of development and maintenance work. Interestingly, GitGenius has identified overlapping contributors between Tracee and several major open source projects including Microsoft's VSCode and TypeScript repositories as well as the Rust language project, suggesting cross-pollination of expertise from high-profile development communities.

The tool's functionality centers on eBPF-based system instrumentation, allowing it to tap into kernel-level events without requiring kernel modifications or significant performance overhead. Users can consume events through various interfaces and integrate Tracee into their security workflows. The project provides comprehensive documentation covering installation prerequisites, Docker deployment, Kubernetes integration, and advanced configuration options including platform-specific guidance for macOS users.

Tracee positions itself as part of Aqua Security's broader open source portfolio and actively encourages community participation through GitHub Discussions, Slack channels, and formal contribution documentation. The project accepts user feedback and issue reports, maintaining an open development model that welcomes external contributions and community involvement in shaping the tool's evolution.

tracee
by
aquasecurityaquasecurity/tracee

Repository Details

Fetching additional details & charts...