back to home

cilium / tetragon

eBPF-based Security Observability and Runtime Enforcement

4,477 stars
514 forks
229 issues
CGoC++
Chat with CodebaseArchitecture ScanSecurity AuditExplain Codebase

AI Architecture Analysis

This repository is indexed by RepoMind. By analyzing cilium/tetragon in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.

Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context on-demand, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.

Source files are only loaded when you start an analysis to optimize performance.
Click here to launch the interactive analysis workspace

Embed this Badge

Showcase RepoMind's analysis directly in your repository's README.

[![Analyzed by RepoMind](https://img.shields.io/badge/Analyzed%20by-RepoMind-4F46E5?style=for-the-badge)](https://repomind.in/repo/cilium/tetragon)
Preview:Analyzed by RepoMind

Repository Overview (README excerpt)

Crawler view

--- Cilium’s new Tetragon component enables powerful real-time, eBPF-based Security Observability and Runtime Enforcement. Tetragon detects and is able to react to security-significant events, such as • Process execution events • System call activity • I/O activity including network & file access When used in a Kubernetes environment, Tetragon is Kubernetes-aware - that is, it understands Kubernetes identities such as namespaces, pods and so on - so that security event detection can be configured in relation to individual workloads. See more about how Tetragon is using eBPF. Getting started Refer to the official documentation of Tetragon. To get started with Tetragon, take a look at the getting started guides to: • Try Tetragon on Kubernetes • Try Tetragon on Linux • Deploy Tetragon • Install the Tetra CLI Tetragon is able to observe critical hooks in the kernel through its sensors and generates events enriched with Linux and Kubernetes metadata: • **Process lifecycle**: generating and events by default, enabling full process lifecycle observability. Learn more about these events on the process lifecycle use case page. • **Generic tracing**: generating , and events for more advanced and custom use cases. Learn more about these events on the TracingPolicy concept page and discover multiple use cases like: • 🌏 network observability • 📂 filename access • 🔑 credentials monitoring • 🔓 privileged execution See further resources: • Conference Talks, Books, Blog Posts, and Labs • Frequently Asked Question • References Join the community Join the Tetragon 💬 Slack channel and the 📅 Community Call to chat with developers, maintainers, and other users. This is a good first stop to ask questions and share your experiences. How to Contribute For getting started with local development, you can refer to the Contribution Guide. If you plan to submit a PR, please "sign-off" your commits. Adopters A list of adopters of the Tetragon project and who is deploying it in production, and of their use cases, can be found in the USERS.md file.