Kernel CI
ebpf-verifier
Research prototype for running the eBPF verifier outside the live kernel to make cross-version testing practical.
View on GitHub
trailofbits/ebpf-verifier
Best for
Reducing verifier-specific surprises before deployment.
Surface
Kernel CI
Catalog group
Inspect operating systems and endpoint surfaces
Repository
trailofbits/ebpf-verifier
From the README
The eBPF Verifier Harness project seeks to isolate the eBPF verifier from the Linux kernel in order to allow efficient checks that an eBPF program will run on various kernel versions and configurations. It will also allow for detecting discrepencies in the eBPF verifier between different kernel versions. 1. linux/src: git submodule of linux src 2. libbpf/src: git submodule of libbpf mirror src 3.Read the full README on GitHub ↗
Related tools · Inspect operating systems and endpoint surfaces
- Linuxevents eBPF-based monitoring without shipping kernel headers or a stack of environment-specific bytecode artifacts.
- ebpfpub Monitors system and library calls across multiple kernel versions with minimal runtime dependencies.
- winchecksec Static inspection of Windows binaries for mitigations like DEP, ASLR, and code integrity.
- pe-parse Minimal, security-focused parser for Portable Executable files built to survive malicious or malformed inputs.
- osquery-extensions Collection of Trail of Bits extensions that expand what osquery can inspect and expose.