ErenAri/Aegis-BPF

Network Security

A kernel‑level eBPF runtime security agent for Linux that enforces file‑deny and network‑deny rules via LSM hooks.

Track releases GitHub

C++ Latest v0.8.0 · 10d ago Security brief →

Features

Kernel‑level blocking of file opens using BPF LSM hooks
Inode‑based (device:inode) and path‑based deny rules with OverlayFS copy‑up propagation
Dual‑stack network policy supporting IPv4/IPv6 CIDR, port, and IP:port denies

Recent releases

View all 10 releases →

Review required

v0.8.0 New feature 10d

Auth RBAC Dependencies

Ed25519 signing, CEF format, rule library, BTFhub download

Open

Review required

v0.7.0 Mixed 11d

Auth RBAC Breaking upgrade

Policy translation, Helm updates, Agent config

Open

Review required

v0.6.0 New feature 25d

Auth RBAC

Hook fix + simulation + CEF + packaging

Open

Review required

v0.5.1 Maintenance 1mo

Dependencies

Routine maintenance and dependency updates.

Open

Review required

v0.5.0 New feature 1mo

Auth RBAC

Workload selector + rule actions + console

Open

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Releases

View all →

Releases per month

Cadence 2.0 / wk

Last release 0d

Release size 2

Tracked 10

Security

Full profile →

Security score 7.0/10

OpenSSF 6.3/10

Open CVEs 0

SECURITY.md Active maintainer

Community

GitHub stars 16

Open issues 12

Open PRs 10

Stars/wk velocity 0.0

About

Stars

Forks

Languages

C++ Shell C

View on GitHub

Install & Platforms

Platforms

linux arm64

Alternative to

Falco Tracee Tetragon KubeArmor

Similar tools

Cardea

Core

UUSEC WAF

kastelldev/kastell

helm

About

Stars

Forks

Languages

C++ Shell C

View on GitHub

Install & Platforms

Platforms

linux arm64

Similar tools

Cardea

Core

UUSEC WAF

kastelldev/kastell

helm

Alternative to

Falco Tracee Tetragon KubeArmor