Skip to content

Zircolite

v3.7.6 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 4d SIEM & Threat Detection
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

auditd detection dfir dfir-automation dfir-tools evtx
+9 more
evtxtract forensics forensics-tools logs pysigma python sigma sigma-rules sysmon

Summary

AI summary

Dockerfile now uses multi-stage builds with a .dockerignore file.

Changes in this release

Refactor Low

Split Docker image build into separate builder and runtime stages, installing dependencies in a virtualenv during build and copying only resolved packages plus the application to the runtime image.

Split Docker image build into separate builder and runtime stages, installing dependencies in a virtualenv during build and copying only resolved packages plus the application to the runtime image.

Source: llm_adapter@2026-05-30

Confidence: high
Refactor Low

Add `.dockerignore` to exclude VCS metadata, dev tooling, docs, tests, and local outputs from Docker build context.

Add `.dockerignore` to exclude VCS metadata, dev tooling, docs, tests, and local outputs from Docker build context.

Source: llm_adapter@2026-05-30

Confidence: high
Refactor Low

Copy only resolved packages and the application to the runtime image at build time.

Copy only resolved packages and the application to the runtime image at build time.

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Full changelog

What's Changed

Docker

  • Split the image build into separate builder and runtime stages: dependencies are installed into a virtualenv in the builder, and only the resolved packages plus the application (with rulesets refreshed at build time) are copied into a clean runtime image, keeping build tooling out of the final layer (#137)
  • Add .dockerignore so VCS metadata, dev tooling, docs, tests, and local outputs are excluded from the build context

Full Changelog: https://github.com/wagga40/Zircolite/compare/v3.7.5...v3.7.6

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Zircolite

Get notified when new releases ship.

Sign up free

About Zircolite

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

All releases →

Related context

Beta — feedback welcome: [email protected]