By intercepting system calls at the kernel level, you can observe exactly what a CI/CD pipeline is doing without modifying it. This post explores h...

Earthly's platform is a central hub for developers and DevOps engineers, offering insights into building, testing, and deploying software applications. Through articles, tutorials, and case studies, Earthly offers insights into declarative build configurations, dependency management, and reproducible builds. Readers can learn about build automation techniques, continuous integration pipelines, and infrastructure as code practices to streamline their development workflows and improve software delivery.

Earthly

A CI agent uses Linux syscall interception (ptrace + seccomp-bpf filters) to instrument CI/CD pipelines without modifying them. By intercepting only execve syscalls, it achieves near-zero overhead (<0.1%) while capturing complete visibility into process execution, timing, tool versions, and environment configuration. The agent can attach to running processes, making it compatible with managed runners like GitHub Actions. Use cases include automatic OpenTelemetry tracing, test coverage collection, security scanner enforcement, dependency graph extraction, and custom metadata collection. The approach enables centralized observability and policy enforcement across all pipelines without per-repository configuration changes.

Instrumenting CI/CD Pipelines via Syscall Interception

The problem: CI/CD pipelines are black boxes