Product
Announcing Precomputed Reachability Analysis in Socket
Socket’s precomputed reachability slashes false positives by flagging up to 80% of vulnerabilities as irrelevant, with no setup and instant results.
By Martin Torp - Jul 30, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
github.com/DataDog/ebpf
- Version published
- Created
eBPF
eBPF is a pure Go library that provides utilities for loading, compiling, and debugging eBPF programs. It has minimal external dependencies and is intended to be used in long running processes.
The library is maintained by Cloudflare and Cilium.
See ebpf.io for other projects from the eBPF ecosystem.
Getting Started
A small collection of Go and eBPF programs that serve as examples for building your own tools can be found under examples/.
Contributions are highly encouraged, as they highlight certain use cases of eBPF and the library, and help shape the future of the project.
Getting Help
Please join the #ebpf-go channel on Slack if you have questions regarding the library.
Packages
This library includes the following packages:
- asm contains a basic assembler, allowing you to write eBPF assembly instructions directly within your Go code. (You don't need to use this if you prefer to write your eBPF program in C.)
- cmd/bpf2go allows compiling and embedding eBPF programs written in C within Go code. As well as compiling the C code, it auto-generates Go code for loading and manipulating the eBPF program and map objects.
- link allows attaching eBPF to various hooks
- perf allows reading from a
PERF_EVENT_ARRAY - ringbuf allows reading from a
BPF_MAP_TYPE_RINGBUFmap - features implements the equivalent
of
bpftool feature probefor discovering BPF-related kernel features using native Go. - rlimit provides a convenient API to lift
the
RLIMIT_MEMLOCKconstraint on kernels before 5.11.
Requirements
- A version of Go that is supported by upstream
- Linux >= 4.4. CI is run against LTS releases.
Regenerating Testdata
Run make in the root of this repository to rebuild testdata in all
subpackages. This requires Docker, as it relies on a standardized build
environment to keep the build output stable.
It is possible to regenerate data using Podman by overriding the CONTAINER_*
variables: CONTAINER_ENGINE=podman CONTAINER_RUN_ARGS= make.
The toolchain image build files are kept in testdata/docker/.
License
MIT
eBPF Gopher
The eBPF honeygopher is based on the Go gopher designed by Renee French.
FAQs
Unknown package
Package last updated on 02 May 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Protects the Chrome Extension Ecosystem
Socket is launching experimental protection for Chrome extensions, scanning for malware and risky permissions to prevent silent supply chain attacks.
By Mix Irving, Alexandros Kapravelos, Eli Insua - Jul 30, 2025
Product
Introducing Socket MCP for Claude Desktop
Add secure dependency scanning to Claude Desktop with Socket MCP, a one-click extension that keeps your coding conversations safe from malicious packages.
By Alexandros Kapravelos - Jul 29, 2025