Self-Hosted Runners
Cimon provides support for self-hosted runners, allowing you to enhance the security of your CI/CD pipelines even when using your own infrastructure. Please see support on the respective integration page for specific self-hosted environment setups (that are CI-dependant).
Kernel Version Requirements
Cimon supports both x86_64 and arm64 and requires OS with a base kernel version >= 5.10, along with Berkeley Packet Filter (BPF) and BPF Type Format (BTF) enabled. In particular, the following kernel configurations must be enabled:
CONFIG_BPF=y
CONFIG_BPF_SYSCALL=y
CONFIG_DEBUG_INFO_BTF=y
You can check if your kernel has BTF built-in by looking for /sys/kernel/btf/vmlinux file:
$ ls -la /sys/kernel/btf/vmlinux
-r--r--r-- 1 root root 4210967 Feb 14 11:14 /sys/kernel/btf/vmlinux
Compatibility with Cloud Provider Images
Cimon was tested to work with the latest images and distributions provided by major cloud providers - AWS, GCP, and Azure. This means that you can seamlessly integrate Cimon into your self-hosted runners, regardless of the cloud infrastructure you are using.
The following images were tested successfully:
- Ubuntu 20.04
- Ubuntu 22.04
- Debian 12
- Amazon Linux 2 (together with EKS environments)
- Amazon Linux 2023
- Container-Optimized OS from Google (GKE)
The following images were tested not to be supported:
- Debian 11
Running concurrent instances of Cimon
It is possible to run concurrent instances of Cimon on the same machine as long as they were run initially in separate containers. Since each sensor monitors its own process tree and network adapter, it will yield a separate set of results for each container instance. This setup is required for running Cimon in enterprise-grade CI systems such as Kubernetes-based builds and others.