incertum
commented
3 weeks ago /milestone TBD
/assign @jasondellaluce
Open incertum opened 3 weeks ago
incertum
commented
3 weeks ago /milestone TBD
/assign @jasondellaluce
While working on the first iteration of the
anomalydetectionplugin https://github.com/falcosecurity/plugins/pull/419, it quickly became evident that a significant amount of sophisticated libs code needs to be duplicated. This process is not only tedious but also error-prone, placing additional burdens on developers who simply wish to leverage existing libs capabilities. I see this as complementary to issue https://github.com/falcosecurity/libs/issues/1944, as there will undoubtedly be cases where raw access to state table fields is still necessary.But in cases where libs code is being copied exactly as-is, it might be worth discussing how we can improve the plugins API to avoid this kind of duplication. What do you think?