[WP] Serialize tracer metadata struct in process#48487
Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit intomainfrom Mar 30, 2026
Merged
[WP] Serialize tracer metadata struct in process#48487gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit intomainfrom
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit intomainfrom
Conversation
Gui774ume
added
changelog/no-changelog
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b7bdb225ed
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Gui774ume
force-pushed
the
will/add-missing-tracermetadata-tags
branch
from
ff9ff94 to
5a02aa1
Compare
Gui774ume
requested review from
a team,
charan-manjunath and
nathan-b
and removed request for
a team
Gui774ume
force-pushed
the
will/serialize-tracermetadata-in-process
branch
from
b7bdb22 to
c4b9d82
Compare
Gui774ume
changed the title
Gui774ume
changed the title
Gui774ume
force-pushed
the
will/serialize-tracermetadata-in-process
branch
from
c4b9d82 to
837298a
Compare
Gui774ume
force-pushed
the
will/add-missing-tracermetadata-tags
branch
from
13310e3 to
a3b1833
Compare
Gui774ume
force-pushed
the
will/serialize-tracermetadata-in-process
branch
from
d3df440 to
7f30aed
Compare
Gui774ume
force-pushed
the
will/serialize-tracermetadata-in-process
branch
from
7f30aed to
542f0ff
Compare
Gui774ume
requested review from
a team and
matthewleese
and removed request for
a team
spikat
approved these changes
Mar 30, 2026
vitkyrka
approved these changes
Mar 30, 2026
Contributor
Author
|
/merge |
|
View all feedbacks in Devflow UI.
This pull request is not mergeable according to GitHub. Common reasons include pending required checks, missing approvals, or merge conflicts — but it could also be blocked by other repository rules or settings.
devflow unqueued this merge request: It did not become mergeable within the expected time |
Gui774ume
requested review from
a team and
charan-manjunath
and removed request for
a team
Gui774ume
force-pushed
the
will/serialize-tracermetadata-in-process
branch
from
542f0ff to
c0f1f79
Compare
pimlu
reviewed
Mar 30, 2026
| tagsFound["DD_VERSION"]) { | ||
| continue | ||
| } | ||
| p.Tags = append(p.Tags, intern.GetByString(key+":"+value)) |
Contributor
There was a problem hiding this comment.
It seems like this is almost a round-trip back to the original form that was in ProcessTags no?
Contributor
Author
There was a problem hiding this comment.
Pretty much - I tried to change as little logic as possible from the original code to make sure it doesn't impact your use case. We can change the signature / optimize the tmeta.Tags() (and then here as well) if you want, but maybe in a separate PR since that's not the goal here ?
pimlu
approved these changes
Mar 30, 2026
rdesgroppes
reviewed
Mar 30, 2026
rdesgroppes
approved these changes
Mar 30, 2026
Contributor
eBPF complexity changesSummary result: ❔ - needs attention
runtime_security detailsruntime_security [programs with changes]
runtime_security [programs without changes]
runtime_security_syscall_wrapper detailsruntime_security_syscall_wrapper [programs with changes]
runtime_security_syscall_wrapper [programs without changes]
This report was generated based on the complexity data for the current branch will/serialize-tracermetadata-in-process (pipeline 105049742, commit fced961) and the base branch main (commit d3d4c0e). Objects without changes are not reported. Contact #ebpf-platform if you have any questions/feedback. Table complexity legend: 🔵 - new; ⚪ - unchanged; 🟢 - reduced; 🔴 - increased |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This PR replaces the
TracerTags []stringfield on theProcessstruct with the fullTracerMetadatastruct. This allows security events and CWS serializers to carry the complete tracer metadata (language, version, hostname, service name/env/version, process tags, etc.) instead of a pre-flattened list of tag strings.Key changes:
Process.TracerTags []stringreplaced byProcess.TracerMetadata tracermetadata.TracerMetadatain the secl model (Unix + Windows).TracerMetadatastruct as"tracer"JSON instead of a flatmap[string]string.TracerMetadata.Tags()directly instead of consuming pre-built tag slices.TracerMetadataon cache entries instead of converting to tags at resolution time.Motivation
Storing only flattened tags (
[]string) on theProcessstruct discards structured tracer metadata (schema version, runtime ID, hostname, logs collection status, etc.) that downstream consumers need. By keeping the fullTracerMetadatastruct through the pipeline, we:Tags()without re-parsing.Describe how you validated your changes
pkg/network/events/,pkg/security/tests/, andpkg/discovery/tracermetadata/updated and passing.Additional Notes
docs/cloud-workload-security/) has been updated to reflect the newtracerfield structure (full struct instead ofmap[string]string)."tracer"field in CWS events — it changes from{"key": "value", ...}to the fullTracerMetadataJSON representation with named fields (tracer_language,service_name, etc.).