Merge pull request #270 from dkerwin/add_gitlab_ee

Add official gitlab EE docker image to list of known shell spawning images
falcosecurity · Sep 23, 2017 · 1666d03 · 1666d03
2 parents 2d0963e + 64145ba
commit 1666d03
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
@@ -512,7 +512,8 @@
 # as a packaging mechanism more than for a dedicated microservice.
 - macro: shell_spawning_containers
   condition: (container.image startswith jenkins or
-              container.image startswith gitlab/gitlab-ce)
+              container.image startswith gitlab/gitlab-ce or
+              container.image startswith gitlab/gitlab-ee)
 
 - rule: Launch Privileged Container
   desc: Detect the initial process started in a privileged container. Exceptions are made for known trusted images.