Skip to main content
Garnet architecture: deploy Jibril, monitor runtime behavior, assert and publish verdicts
Jibril is the eBPF sensor on the host — observes syscall-level network, process, and file activity with lineage and timing. The control plane ingests that telemetry, evaluates assertions, and publishes verdicts to the dashboard, GitHub, and webhooks. More on Jibril at jibril.garnet.ai.

eBPF safety

Jibril needs privileged access to attach eBPF programs. Programs are kernel-verified, run in a restricted sandbox, and cannot perform arbitrary writes. Host isolation is preserved.

GitHub Actions

Add the action to your workflow.

Kubernetes

Deploy as a DaemonSet.