Runtime Security using eBPF and OPA - Itay Shakury, Open Source at Aqua Security

Scanning code/containers for known vulnerabilities is great, but what happens after you deploy these into production? With the power of Linux eBPF, we can instrument and track everything that happens on the operating system. With the power of OPA (Open Policy Agent) we can write accurate and expressive rules for analyzing those collected events. In this session we will introduce Tracee - an modern open source solution for Runtime Security that can help you detect suspicious behavior of applications at runtime.