chore(deps): bump docker/login-action in the actions group

Bumps the actions group with 1 update: [docker/login-action](https://github.com/docker/login-action). Updates `docker/login-action` from 3.4.0 to 3.5.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](74a5d14239...184bdaa072) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
chore(deps): bump github.com/docker/docker
2025-08-06 10:34:03 +02:00 · 2025-07-30 09:01:16 +02:00 · 2025-07-29 22:22:12 +02:00 · 2025-07-23 11:27:34 +02:00 · 2025-07-21 11:27:31 +02:00 · 2025-07-21 11:26:31 +02:00
169 changed files with 10400 additions and 2882 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -1,79 +0,0 @@
-version: 2
-jobs:
-  "test":
-    docker:
-      - image: docker.io/golang:1.14.0
-    steps:
-      - checkout
-      - run:
-          name: Test
-          command: make test
-  "images":
-    docker:
-      - image: docker:stable
-    steps:
-      - checkout
-      - setup_remote_docker
-      - run:
-          name: Prepare env
-          command: |
-            echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
-            apk update
-            apk add make bash git
-      - run:
-          name: Build all the docker images
-          command: GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make image/all
-      - run:
-          name: Push images
-          command: GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make push/all
-      - run:
-          name: Push latest images
-          command: |
-            if [ -n "$CIRCLE_TAG" ]
-            then
-              GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make push/latest
-            else
-              echo "Skipping (no git tag)"
-            fi
-  "release":
-    docker:
-      - image: circleci/golang:1.14
-    steps:
-      - checkout
-      - run:
-          name: Install goreleaser
-          command: |
-            echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list
-            sudo apt update
-            sudo apt install goreleaser
-      - run:
-          name: Release
-          command: GIT_TAG="$CIRCLE_TAG" make release
-workflows:
-  version: 2
-  build:
-    jobs:
-      - "test":
-          filters:
-            tags:
-              only: /v[0-9]+(\.[0-9]+)*(-.*)*/
-      - "images":
-          context: falco
-          filters:
-            branches:
-              only:
-                - master
-            tags:
-              only: /v[0-9]+(\.[0-9]+)*(-.*)*/
-          requires:
-            - "test"
-      - "release":
-          context: falco
-          filters:
-            branches:
-              ignore: /.*/
-            tags:
-              only: /v[0-9]+(\.[0-9]+)*(-.*)*/
-          requires:
-            - "test"
-            - "images"
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -66,5 +66,5 @@ For example, `action required: change the API interface of the rule engine`.
 -->

 ```release-note
-
+NONE
 ```
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    groups:
+      actions:
+        update-types:
+          - "minor"
+          - "patch"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -0,0 +1,77 @@
+name: CI Build
+on:
+  pull_request:
+    branches: [master]
+  workflow_dispatch:
+
+# Checks if any concurrent jobs under the same pull request or branch are being executed
+# NOTE: this will cancel every workflow that is being ran against a PR as group is just the github ref (without the workflow name)
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true  
+
+jobs:
+  build-test-dev:
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+    uses: ./.github/workflows/reusable_build_test_driverkit.yml
+    with:
+      arch: ${{ matrix.arch }}
+
+  paths-filter:
+    runs-on: ubuntu-latest
+    outputs:
+      docker_needs_build: ${{ steps.filter.outputs.docker }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        id: filter
+        with:
+          filters: |
+            docker:
+              - 'docker/**'  
+
+  build-images-dev:
+    needs: [build-test-dev,paths-filter]
+    if: needs.paths-filter.outputs.docker_needs_build == 'true'
+    strategy:
+      matrix:
+        arch: [ amd64, arm64 ]
+    uses: ./.github/workflows/reusable_build_push_images.yml
+    with:
+      arch: ${{ matrix.arch }}
+      push: false
+    secrets: inherit
+
+  gomodtidy:
+    name: Enforce go.mod tidiness
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+          persist-credentials: false
+
+      - name: Setup Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Execute go mod tidy and check the outcome
+        working-directory: ./
+        run: |
+          go mod tidy
+          exit_code=$(git diff --exit-code)
+          exit ${exit_code}
+
+      - name: Print a comment in case of failure
+        run: |
+          echo "The go.mod and/or go.sum files appear not to be correctly tidied.
+
+          Please, rerun go mod tidy to fix the issues."
+          exit 1
+        if: |
+          failure() && github.event.pull_request.head.repo.full_name == github.repository    
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@ -0,0 +1,36 @@
+name: Master CI
+on:
+  push:
+    branches: [master]
+
+# Checks if any concurrent jobs is running for master CI and eventually cancel it
+concurrency:
+  group: ci-master
+  cancel-in-progress: true  
+
+jobs:
+  build-test-master:
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+    uses: ./.github/workflows/reusable_build_test_driverkit.yml
+    with:
+      arch: ${{ matrix.arch }}
+
+  push-images-master:
+    needs: build-test-master
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+    uses: ./.github/workflows/reusable_build_push_images.yml
+    with:
+      arch: ${{ matrix.arch }}
+      push: true
+    secrets: inherit
+
+  images-master:
+    needs: push-images-master
+    uses: ./.github/workflows/reusable_manifest_images.yml
+    secrets: inherit
+      
+    
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -0,0 +1,68 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - v*
+
+permissions:
+  contents: write # needed to write releases
+  id-token: write # needed for keyless signing
+
+jobs:
+  build-test-release:
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+    uses: ./.github/workflows/reusable_build_test_driverkit.yml
+    with:
+      arch: ${{ matrix.arch }}
+
+  push-images-release:
+    needs: build-test-release
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+    uses: ./.github/workflows/reusable_build_push_images.yml
+    with:
+      arch: ${{ matrix.arch }}
+      tag: ${{ github.ref_name }}
+      is_latest: true
+      push: true
+    secrets: inherit  
+
+  images-release:
+    needs: push-images-release
+    uses: ./.github/workflows/reusable_manifest_images.yml
+    with:
+      tag: ${{ github.ref_name }}
+      is_latest: true
+    secrets: inherit
+
+  release:
+    needs: images-release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Fetch
+        run: git fetch --prune --force --tags
+
+      - name: Setup Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
+        with:
+          go-version-file: 'go.mod'
+      
+      - name: Install GoReleaser
+        uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
+        with:
+          install-only: true
+
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GIT_TAG: ${{ github.ref_name }}
+        run: make release  
--- a/.github/workflows/reusable_build_push_images.yml
+++ b/.github/workflows/reusable_build_push_images.yml
@ -0,0 +1,72 @@
+# This is a reusable workflow used by master and release CI
+on:
+  workflow_call:
+    inputs:
+      arch:
+        description: amd64 or arm64
+        required: true
+        type: string
+      branch:
+        description: name of the branch
+        required: false
+        type: string
+        default: 'master'
+      tag:
+        description: The tag to use (e.g. "master" or "0.35.0")
+        required: false
+        type: string
+        default: ''
+      is_latest:
+        description: Update the latest tag with the new image
+        required: false
+        type: boolean
+        default: false
+      push:
+        description: Whether to also push images
+        required: false
+        type: boolean
+        default: false
+
+jobs:
+  build-images:
+    runs-on: ${{ (inputs.arch == 'arm64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }}
+    env:
+      GIT_BRANCH: ${{ inputs.branch }}
+      GIT_TAG: ${{ inputs.tag }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        
+      - name: Create download folder
+        run: mkdir -p build-${{ inputs.arch }}
+        
+      - name: Download Driverkit
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          name: driverkit-${{ inputs.arch }}
+          path: build-${{ inputs.arch }}
+          
+      - name: Enforce executable bit
+        run: chmod +x build-${{ inputs.arch }}/driverkit
+        
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+          
+      - name: Login to Docker Hub
+        if: inputs.push
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_SECRET }}
+          
+      - name: Build and Push docker images
+        if: inputs.push
+        run: make push/all
+
+      - name: Build docker images
+        if: inputs.push == false
+        run: make image/all
+
+      - name: Push latest images if needed
+        if: inputs.push && inputs.is_latest
+        run: make push/latest
--- a/.github/workflows/reusable_build_test_driverkit.yml
+++ b/.github/workflows/reusable_build_test_driverkit.yml
@ -0,0 +1,47 @@
+# This is a reusable workflow used by master and release CI
+on:
+  workflow_call:
+    inputs:
+      arch:
+        description: amd64 or arm64
+        required: true
+        type: string
+
+jobs:
+  build-test:
+    # See https://github.com/actions/runner/issues/409#issuecomment-1158849936
+    runs-on: ${{ (inputs.arch == 'arm64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Build
+        run: make build
+        
+      - name: Test
+        run: make test
+        
+      - name: Set integration tests DRIVERVERSIONS env
+        if: inputs.arch == 'amd64'
+        run: echo "DRIVERVERSIONS=master 6.0.1+driver 2.0.0+driver 17f5df52a7d9ed6bb12d3b1768460def8439936d" >> $GITHUB_ENV
+        
+      - name: Set integration tests DRIVERVERSIONS env
+        if: inputs.arch == 'arm64'
+        run: echo "DRIVERVERSIONS=master 6.0.1+driver 2.0.0+driver" >> $GITHUB_ENV
+      
+      - name: Integration tests
+        run: make integration_test
+        
+      - name: Upload driverkit
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: driverkit-${{ inputs.arch }}
+          path: |
+            ${{ github.workspace }}/_output/bin/driverkit
--- a/.github/workflows/reusable_manifest_images.yml
+++ b/.github/workflows/reusable_manifest_images.yml
@ -0,0 +1,45 @@
+# This is a reusable workflow used by master and release CI
+on:
+  workflow_call:
+    inputs:
+      branch:
+        description: name of the branch
+        required: false
+        type: string
+        default: 'master'
+      tag:
+        description: The tag to use (e.g. "master" or "0.35.0")
+        required: false
+        type: string
+        default: ''
+      is_latest:
+        description: Update the latest tag with the new image
+        required: false
+        type: boolean
+        default: false
+
+jobs:
+  push-manifest:
+    runs-on: ubuntu-latest
+    env:
+      GIT_BRANCH: ${{ inputs.branch }}
+      GIT_TAG: ${{ inputs.tag }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+          
+      - name: Login to Docker Hub
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_SECRET }}
+          
+      - name: Build and Push manifest to registry
+        run: make manifest/all
+      
+      - name: Push latest manifest if needed
+        if: inputs.is_latest
+        run: make manifest/latest
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,7 @@
 _output/
 dist/
 vendor/
+.idea/
+driverkit

-driverkit
+coverage.out
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@ -1,18 +1,22 @@
+version: 2
+
 project_name: driverkit
 builds:
  - id: "driverkit"
+    env:
+    - GOEXPERIMENT=loopvar
    goos:
    - linux
    goarch:
    - amd64
+    - arm64
    main: .
    flags:
      - -v 
-      - "-tags={{ .Env.GOTAGS }}"
    ldflags: 
      - "{{.Env.LDFLAGS}}"
    binary: driverkit

 release:
  github:
-  prerelease: auto
+  prerelease: auto
--- a/Example_configs.md
+++ b/Example_configs.md
@ -0,0 +1,385 @@
+# Example Configs
+
+## aliyun linux 2 (Alibaba Cloud Linux 2)
+
+```yaml
+kernelrelease: 4.19.91-26.al7.x86_64
+target: alinux
+output:
+    module: /tmp/falco_alinux_4.19.91-26.al7.x86_64.ko
+    probe: /tmp/falco_alinux_4.19.91-26.al7.x86_64.o
+driverversion: master
+```
+
+## aliyun linux 3 (Alibaba Cloud Linux 3)
+
+```yaml
+kernelrelease: 5.10.84-10.4.al8.x86_64
+target: alinux
+output:
+    module: /tmp/falco_alinux_4.19.91-26.al7.x86_64.ko
+    probe: /tmp/falco_alinux_4.19.91-26.al7.x86_64.o
+driverversion: master
+```
+
+## alma linux
+
+```yaml
+kernelrelease: 5.14.0-162.12.1.el9_1.x86_64
+target: almalinux
+output:
+    module: /tmp/falco_almalinux_5.14.0-162.12.1.el9_1.x86_64.ko
+    probe: /tmp/falco_almalinux_5.14.0-162.12.1.el9_1.x86_64.o
+driverversion: master
+```
+
+## amazonlinux
+
+```yaml
+kernelrelease: 4.14.26-46.32.amzn1.x86_64
+target: amazonlinux
+output:
+    module: /tmp/falco_amazonlinux_4.14.26-46.32.amzn1.x86_64.ko
+driverversion: master
+```
+
+## amazonlinux 2
+
+```yaml
+kernelrelease: 4.14.171-136.231.amzn2.x86_64
+target: amazonlinux2
+output:
+    module: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.ko
+    probe: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.o
+driverversion: master
+```
+
+## amazonlinux 2022
+
+```yaml
+kernelrelease: 5.10.96-90.460.amzn2022.x86_64
+target: amazonlinux2022
+output:
+    module: /tmp/falco_amazonlinux2022_5.10.96-90.460.amzn2022.x86_64.ko
+    probe: /tmp/falco_amazonlinux2022_5.10.96-90.460.amzn2022.x86_64.o
+driverversion: master
+```
+
+## archlinux
+
+Example configuration file to build both the Kernel module and eBPF probe for Archlinux.
+Note: archlinux target uses the [Arch Linux Archive](https://wiki.archlinux.org/title/Arch_Linux_Archive) to fetch
+all ever supported kernel releases.
+For arm64, it uses an user-provided mirror, as no official mirror is available: http://tardis.tiny-vps.com/aarm/.
+The mirror has been up and updated since 2015.
+
+```yaml
+kernelversion: 1
+kernelrelease: 6.0.6.arch1-1
+target: arch
+output:
+  module: /tmp/falco-arch.ko
+  probe: /tmp/falco-arch.o
+driverversion: master
+builderimage: ${ARCH_BUILD_IMAGE_HERE}
+```
+
+## centos 6
+
+```yaml
+kernelrelease: 2.6.32-754.14.2.el6.x86_64
+kernelversion: 1
+target: centos
+output:
+  module: /tmp/falco-centos6.ko
+driverversion: master
+```
+
+## centos 7
+
+```yaml
+kernelrelease: 3.10.0-957.12.2.el7.x86_64
+kernelversion: 1
+target: centos
+output:
+  module: /tmp/falco-centos7.ko
+driverversion: master
+```
+
+## centos 8
+
+```yaml
+kernelrelease: 4.18.0-147.5.1.el8_1.x86_64
+kernelversion: 1
+target: centos
+output:
+  module: /tmp/falco-centos8.ko
+driverversion: master
+```
+
+## debian
+
+Example configuration file to build both the Kernel module and eBPF probe for Debian.
+
+```yaml
+kernelrelease: 4.19.0-6-amd64
+kernelversion: 1
+output:
+  module: /tmp/falco-debian.ko
+  probe: /tmp/falco-debian.o
+target: debian
+driverversion: master
+```
+
+## fedora
+
+```yaml
+kernelrelease: 5.19.16-200.fc36.x86_64
+kernelversion: 1
+target: fedora
+output:
+  module: /tmp/falco-fedora.ko
+driverversion: master
+```
+
+## flatcar
+
+Example configuration file to build both the Kernel module and eBPF probe for Flatcar.
+The Flatcar release version needs to be provided in the `kernelrelease` field instead of the kernel version;
+moreover, kernelconfigdata must be provided.
+
+```yaml
+kernelrelease: 3185.0.0
+target: flatcar
+output:
+  module: /tmp/falco-flatcar-3185.0.0.ko
+  probe: /tmp/falco-flatcar-3185.0.0.o
+driverversion: master
+kernelconfigdata: Q09ORklHX0ZBTk9USUZZPXkKQ09ORklHX0t...
+```
+
+## minikube
+Example configuration file to build both the Kernel module and eBPF probe for Minikube.
+```yaml
+kernelversion: 1_1.26.0
+kernelrelease: 5.10.57
+target: minikube
+architecture: amd64
+output:
+  module: /tmp/falco_minikube_5.10.57_1_1.26.0.ko
+  probe: /tmp/falco_minikube_5.10.57_1_1.26.0.o
+kernelconfigdata: Q09ORklHX0ZBTk9USUZZPXkKQ09ORklHX0t...
+```
+
+## oracle linux 8
+
+```yaml
+kernelrelease: 5.4.17-2011.3.2.1.el8uek.x86_64
+kernelversion: 1
+target: ol
+output:
+  module: /tmp/falco-ol8.ko
+driverversion: master
+```
+
+## redhat 7
+
+```yaml
+kernelrelease: 3.10.0-1160.66.1.el7.x86_64
+target: redhat
+output:
+  module: /tmp/falco-redhat7.ko
+driverversion: master
+builderimage: registry.redhat.io/rhel7:rhel7_driverkit
+```
+The image used for this build was created with the following command:
+
+```bash
+docker build --build-arg rh_username=<username> --build-arg rh_password=<password> -t registry.redhat.io/rhel7:rhel7_driverkit -f Dockerfile.rhel7 .
+````
+| :warning: **Passing user credentials via command line**: Consider using `--secret` option! |
+|--------------------------------------------------------------------------------------------|
+
+and Dockerfile.rhel7:
+```bash
+FROM registry.redhat.io/rhel7
+
+ARG rh_username
+ARG rh_password
+
+RUN subscription-manager register --username $rh_username --password $rh_password --auto-attach
+
+RUN yum install gcc elfutils-libelf-devel make -y
+```
+| :warning: **Base image requires Redhat subscription to pull**:```docker login registry.redhat.io``` |
+|-----------------------------------------------------------------------------------------------------|
+
+## redhat 8
+
+```yaml
+kernelrelease: 4.18.0-372.9.1.el8.x86_64
+target: redhat
+output:
+  module: /tmp/falco-redhat8.ko
+  probe: /tmp/falco-redhat8.o
+driverversion: master
+builderimage: redhat/ubi8:rhel8_driverkit
+```
+
+The image used for this build was created with the following command:
+
+```bash
+docker build --build-arg rh_username=<username> --build-arg rh_password=<password> -t redhat/ubi8:rhel8_driverkit -f Dockerfile.rhel8 .
+````
+| :warning: **Passing user credentials via command line**: Consider using `--secret` option! |
+|--------------------------------------------------------------------------------------------|
+
+and Dockerfile.rhel8:
+```bash
+FROM redhat/ubi8
+
+ARG rh_username
+ARG rh_password
+
+RUN subscription-manager register --username $rh_username --password $rh_password --auto-attach
+
+RUN yum install gcc curl elfutils-libelf-devel kmod make \
+                llvm-toolset-0:12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64 cpio -y
+```
+
+## redhat 9
+
+```yaml
+kernelrelease: 5.14.0-70.13.1.el9_0.x86_64
+target: redhat
+output:
+  module: /tmp/falco-redhat9.ko
+  probe: /tmp/falco-redhat9.o
+driverversion: master
+builderimage: docker.io/redhat/ubi9:rhel9_driverkit
+```
+The image used for this build was created with the following command:
+
+```bash
+docker build -t docker.io/redhat/ubi9:rhel9_driverkit -f Dockerfile.rhel9 .
+````
+
+and Dockerfile.rhel9:
+```bash
+FROM docker.io/redhat/ubi9
+
+RUN yum install gcc elfutils-libelf-devel kmod make cpio llvm-toolset -y
+RUN ln -s /usr/bin/$(uname -p)-redhat-linux-gcc-11 /usr/bin/gcc-11
+```
+The `ln -s /usr/bin/$(uname -p)-redhat-linux-gcc-11 /usr/bin/gcc-11` command creates a symbolic link which makes sure driverkit finds the correct compiler binary.
+
+| :exclamation: **subscription-manager does not work on RHEL9 containers**: Host must have a valid RHEL subscription. However, if you want to build the Docker image on a host that is not RHEL9, the container will not have access to the required repositories. In that case, the subscription manager can be enabled with some additional adjustments. |
+|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+
+Dockerfile.rhel9.containerSkip:
+```bash
+FROM docker.io/redhat/ubi9
+
+ENV SMDEV_CONTAINER_OFF 1
+
+ARG REDHAT_USERNAME
+ARG REDHAT_PASSWORD
+
+RUN subscription-manager register --username $REDHAT_USERNAME --password $REDHAT_PASSWORD --auto-attach
+
+RUN yum install gcc elfutils-libelf-devel kmod make cpio llvm-toolset -y
+RUN ln -s /usr/bin/$(uname -p)-redhat-linux-gcc-11 /usr/bin/gcc-11
+```
+
+Setting `SMDEV_CONTAINER_OFF 1` makes sure the container detection is skipped and therefore enables the subscription manager again.
+
+## rocky linux
+
+```yaml
+kernelrelease: 5.14.0-162.18.1.el9_1.x86_64
+target: rocky
+output:
+    module: /tmp/falco_almalinux_5.14.0-162.18.1.el9_1.x86_64.ko
+    probe: /tmp/falco_almalinux_5.14.0-162.18.1.el9_1.x86_64.o
+driverversion: master
+```
+
+## ubuntu
+Example configuration file to build both the Kernel module and eBPF probe for Ubuntu (works with any flavor!).
+
+```yaml
+kernelrelease: 5.0.0-1021-aws-5.0
+kernelversion: 24~18.04.1
+target: ubuntu
+output:
+  module: /tmp/falco-ubuntu-generic.ko
+  probe: /tmp/falco-ubuntu-generic.o
+driverversion: master
+```
+
+## ubuntu-aws
+
+Example configuration file to build both the Kernel module and eBPF probe for Ubuntu AWS.
+
+```yaml
+kernelrelease: 4.15.0-1057-aws
+kernelversion: 59
+target: ubuntu-aws
+output:
+  module: /tmp/falco-ubuntu-aws.ko
+  probe: /tmp/falco-ubuntu-aws.o
+driverversion: master
+```
+
+> **NOTE:** ubuntu-aws exists to retain backward compatibility only,
+> and should not be used in new configs.
+
+## ubuntu-generic
+Example configuration file to build both the Kernel module and eBPF probe for Ubuntu generic.
+
+```yaml
+kernelrelease: 4.15.0-72-generic
+kernelversion: 81
+target: ubuntu-generic
+output:
+  module: /tmp/falco-ubuntu-generic.ko
+  probe: /tmp/falco-ubuntu-generic.o
+driverversion: master
+```
+
+> **NOTE:** ubuntu-generic exists to retain backward compatibility only,
+> and should not be used in new configs.
+
+## vanilla
+
+In case of vanilla, you also need to pass the kernel config data in base64 format.
+
+In most systems you can get `kernelconfigdata`  by reading `/proc/config.gz`.
+
+```yaml
+kernelrelease: 5.5.2
+kernelversion: 1
+target: vanilla
+output:
+  module: /tmp/falco-vanilla.ko
+  probe: /tmp/falco-vanilla.o
+driverversion: 0de226085cc4603c45ebb6883ca4cacae0bd25b2
+```
+
+Now you can add the `kernelconfigdata` to the configuration file, to do so:
+
+```bash
+zcat /proc/config.gz| base64 -w0 | awk '{print "kernelconfigdata: " $1;}' >> /tmp/vanilla.yaml
+```
+
+The command above assumes that you saved the configuration file at `/tmp/vanilla.yaml`
+
+### Note
+
+Usually, building for a `vanilla` target requires more time.
+
+So, we suggest to increase the `driverkit` timeout (defaults to `60` seconds):
+
+```bash
+driverkit docker -c /tmp/vanilla.yaml --timeout=300
+```
--- a/89
+++ b/89
@ -16,29 +16,25 @@ ifeq ($(COMMITS_FROM_GIT_TAG),0)
 	endif
 endif

-IMAGE_NAME_BUILDER ?= docker.io/falcosecurity/driverkit-builder
+DRIVERVERSIONS ?= master

-IMAGE_NAME_BUILDER_REF := $(IMAGE_NAME_BUILDER):$(GIT_REF)
-IMAGE_NAME_BUILDER_COMMIT := $(IMAGE_NAME_BUILDER):$(GIT_COMMIT)
-IMAGE_NAME_BUILDER_LATEST := $(IMAGE_NAME_BUILDER):latest
+DOCKER_ORG ?= falcosecurity

-IMAGE_NAME_DRIVERKIT ?= docker.io/falcosecurity/driverkit
+ARCH := $(shell uname -m)

-IMAGE_NAME_DRIVERKIT_REF := $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)
-IMAGE_NAME_DRIVERKIT_COMMIT := $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)
-IMAGE_NAME_DRIVERKIT_LATEST := $(IMAGE_NAME_DRIVERKIT):latest
+BUILDERS := $(patsubst docker/builders/builder-%.Dockerfile,%,$(wildcard docker/builders/builder*$(ARCH)*.Dockerfile))

-LDFLAGS := -X github.com/falcosecurity/driverkit/pkg/version.buildTime=$(shell date +%s) -X github.com/falcosecurity/driverkit/pkg/version.gitCommit=${GIT_COMMIT} -X github.com/falcosecurity/driverkit/pkg/version.gitTag=$(if ${GIT_TAG},${GIT_TAG},v0.0.0) -X github.com/falcosecurity/driverkit/pkg/version.commitsFromGitTag=${COMMITS_FROM_GIT_TAG} -X github.com/falcosecurity/driverkit/pkg/driverbuilder.builderBaseImage=${IMAGE_NAME_BUILDER_COMMIT}
+IMAGE_NAME_BUILDER_BASE ?= docker.io/$(DOCKER_ORG)/driverkit-builder

-OS_NAME := $(shell uname -s | tr A-Z a-z)
-SQLITE_TAGS :=
-ifeq ($(OS_NAME),darwin)
-	SQLITE_TAGS +=sqlite_omit_load_extension libsqlite3 darwin
-else ifeq ($(OS_NAME),linux)
-	SQLITE_TAGS +=sqlite_omit_load_extension linux
-endif
+IMAGE_NAME_DRIVERKIT ?= docker.io/$(DOCKER_ORG)/driverkit

-GOTAGS := ${SQLITE_TAGS}
+IMAGE_NAME_DRIVERKIT_REF := $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)_$(ARCH)
+IMAGE_NAME_DRIVERKIT_COMMIT := $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)_$(ARCH)
+IMAGE_NAME_DRIVERKIT_LATEST := $(IMAGE_NAME_DRIVERKIT):latest_$(ARCH)
+
+LDFLAGS := -X github.com/falcosecurity/driverkit/pkg/version.buildTime=$(shell date +%s) -X github.com/falcosecurity/driverkit/pkg/version.gitCommit=${GIT_COMMIT} -X github.com/falcosecurity/driverkit/pkg/version.gitTag=$(if ${GIT_TAG},${GIT_TAG},v0.0.0) -X github.com/falcosecurity/driverkit/pkg/version.commitsFromGitTag=${COMMITS_FROM_GIT_TAG} -X github.com/falcosecurity/driverkit/pkg/driverbuilder/builder.defaultImageTag=$(GIT_COMMIT)
+TARGET_TEST_ARCH ?= $(ARCH)
+test_configs := $(wildcard test/$(TARGET_TEST_ARCH)/configs/*.yaml)

 driverkit ?= _output/bin/driverkit
 driverkit_docgen ?= _output/bin/docgen
@ -47,11 +43,11 @@ driverkit_docgen ?= _output/bin/docgen
 build: clean ${driverkit}

 ${driverkit}:
-	CGO_ENABLED=1 go build -v -ldflags '${LDFLAGS}' -tags '${GOTAGS}' -o $@ .
+	CGO_ENABLED=0 GOEXPERIMENT=loopvar go build -v -ldflags '${LDFLAGS}' -o $@ .

 .PHONY: release
 release: clean
-	CGO_ENABLED=1 LDFLAGS="${LDFLAGS}" GOTAGS="${GOTAGS}" $(GORELEASER) release
+	CGO_ENABLED=0 LDFLAGS="${LDFLAGS}" $(GORELEASER) release

 .PHONY: clean
 clean:
@ -62,41 +58,58 @@ image/all: image/builder image/driverkit

 .PHONY: image/builder
 image/builder:
-	$(DOCKER) build \
-		-t "$(IMAGE_NAME_BUILDER_REF)" \
-		-t "$(IMAGE_NAME_BUILDER_COMMIT)" \
-		-f build/builder.Dockerfile .
+	$(foreach b,$(BUILDERS),\
+		$(DOCKER) buildx build -o type=image,push="false" -f docker/builders/builder-$b.Dockerfile . ; \
+    )

 .PHONY: image/driverkit
 image/driverkit:
-	$(DOCKER) build \
-		-t "$(IMAGE_NAME_DRIVERKIT_REF)" \
-		-t "$(IMAGE_NAME_DRIVERKIT_COMMIT)" \
-		-f build/driverkit.Dockerfile .
+	$(DOCKER) buildx build -o type=image,push="false" -f docker/driverkit.Dockerfile .

 push/all: push/builder push/driverkit

 .PHONY: push/builder
 push/builder:
-	$(DOCKER) push $(IMAGE_NAME_BUILDER_REF)
-	$(DOCKER) push $(IMAGE_NAME_BUILDER_COMMIT)
+	$(foreach b,$(BUILDERS),\
+		$(DOCKER) buildx build --push -t "$(IMAGE_NAME_BUILDER_BASE):$b-$(GIT_REF)" -t "$(IMAGE_NAME_BUILDER_BASE):$b-$(GIT_COMMIT)" -f docker/builders/builder-$b.Dockerfile . ; \
+	)

 .PHONY: push/driverkit
 push/driverkit:
-	$(DOCKER) push $(IMAGE_NAME_DRIVERKIT_REF)
-	$(DOCKER) push $(IMAGE_NAME_DRIVERKIT_COMMIT)
+	$(DOCKER) buildx build --push -t "$(IMAGE_NAME_DRIVERKIT_REF)" -t "$(IMAGE_NAME_DRIVERKIT_COMMIT)" -f docker/driverkit.Dockerfile .

 .PHONY: push/latest
 push/latest:
-	$(DOCKER) tag $(IMAGE_NAME_BUILDER_COMMIT) $(IMAGE_NAME_BUILDER_LATEST)
-	$(DOCKER) push $(IMAGE_NAME_BUILDER_LATEST)
-	$(DOCKER) tag $(IMAGE_NAME_DRIVERKIT_COMMIT) $(IMAGE_NAME_DRIVERKIT_LATEST)
-	$(DOCKER) push $(IMAGE_NAME_DRIVERKIT_LATEST)
+	$(foreach b,$(BUILDERS),\
+		$(DOCKER) buildx build --push -t "$(IMAGE_NAME_BUILDER_BASE):$b-latest" -f docker/builders/builder-$b.Dockerfile . ; \
+	)
+	$(DOCKER) buildx build --push -t "$(IMAGE_NAME_DRIVERKIT_LATEST)" -f docker/driverkit.Dockerfile .
+
+manifest/all: manifest/driverkit
+
+.PHONY: manifest/driverkit
+manifest/driverkit:
+	$(DOCKER) buildx imagetools create -t $(IMAGE_NAME_DRIVERKIT):$(GIT_REF) $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)_x86_64 $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)_aarch64
+	$(DOCKER) buildx imagetools create -t $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT) $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)_x86_64 $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)_aarch64
+
+.PHONY: manifest/latest
+manifest/latest:
+	$(DOCKER) buildx imagetools create -t $(IMAGE_NAME_DRIVERKIT):latest $(IMAGE_NAME_DRIVERKIT):latest_x86_64 $(IMAGE_NAME_DRIVERKIT):latest_aarch64

 .PHONY: test
 test:
-	go test -v -race ./...
-	go test -v ./cmd
+	go clean -testcache
+	GOEXPERIMENT=loopvar go test -v -cover -race ./...
+	GOEXPERIMENT=loopvar go test -v -cover ./cmd
+
+.PHONY: integration_test
+integration_test: $(test_configs)
+
+.PHONY: $(test_configs)
+$(test_configs): ${driverkit}
+	$(foreach d,$(DRIVERVERSIONS),\
+		${driverkit} docker -c $@ --builderimage auto:master -l debug --timeout 600 --driverversion $d; \
+	)

 .PHONY: ${driverkit_docgen}
 ${driverkit_docgen}: ${PWD}/docgen
@ -104,6 +117,6 @@ ${driverkit_docgen}: ${PWD}/docgen

 .PHONY: docs
 docs: ${driverkit_docgen}
-	$(RM) -R docs/*
+	$(RM) -R docs/driverkit*
 	@mkdir -p docs
 	${driverkit_docgen}
--- a/10
+++ b/10
@ -1,6 +1,10 @@
 approvers:
-  - fntlnz
  - leodido
-reviewers:
+  - dwindsor
+  - fededp
+  - EXONER4TED
+  - lowaiz
+  - LucaGuerra
+
+emeritus_approvers:
  - fntlnz
-  - leodido
--- a/README.md
+++ b/README.md
@ -1,11 +1,15 @@
 # driverkit

-Status: **Under development**
+[![Falco Ecosystem Repository](https://github.com/falcosecurity/evolution/blob/main/repos/badges/falco-ecosystem-blue.svg)](https://github.com/falcosecurity/evolution/blob/main/REPOSITORIES.md#ecosystem-scope) [![Incubating](https://img.shields.io/badge/status-incubating-orange?style=for-the-badge)](https://github.com/falcosecurity/evolution/blob/main/REPOSITORIES.md#incubating)

-A command line tool that can be used to build the Falco kernel module and eBPF probe.
+[![Latest](https://img.shields.io/github/v/release/falcosecurity/driverkit?style=for-the-badge)](https://github.com/falcosecurity/driverkit/releases/latest)
+![Architectures](https://img.shields.io/badge/ARCHS-x86__64%7Caarch64-blueviolet?style=for-the-badge)
+[![Go Report Card](https://goreportcard.com/badge/github.com/falcosecurity/driverkit?style=for-the-badge)](https://goreportcard.com/report/github.com/falcosecurity/driverkit)
+[![Docker pulls](https://img.shields.io/docker/pulls/falcosecurity/driverkit?style=for-the-badge)](https://hub.docker.com/r/falcosecurity/driverkit)

+A command line tool that can be used to build the [Falco](https://github.com/falcosecurity/falco) kernel module and eBPF probe.

-## Usage
+## Glossary

 When you meet `kernelversion` that refers to the version you get executing `uname -v`:

@ -23,6 +27,42 @@ uname -r
 4.15.0-1057-aws
 ```

+## Help
+
+By checking driverkit help, you can quickly discover info about:
+* Supported options
+* Supported commands
+* Supported architectures
+* Supported targets
+* Default options
+
+```
+driverkit help
+```
+
+## Architecture
+
+The target architecture is taken from runtime environment, but it can be overridden through `architecture` config.  
+Driverkit also supports cross building for arm64 using qemu from an x86_64 host.
+
+> **NOTE:** we could not automatically fetch correct architecture given a kernelrelease,
+> because some kernel names do not have any architecture suffix, namely Ubuntu ones.
+
+## Headers
+
+Driverkit has an internal logic to retrieve headers urls given a target and desired kernelrelease/kernelversion.  
+Unfortunately, the logic is quite hard to implement correctly for every supported target.   
+As of today, the preferred method is to instead use the `kernelurls` configuration param,  
+that allows to specify a list of headers.
+
+> **NOTE:** the internal headers fetching logic should be considered a fallback that will be, sooner or later, deprecated.  
+
+A solution to crawl all supported kernels by multiple distro was recently developed,  
+and it provides a json output with aforementioned `kernelheaders`: https://github.com/falcosecurity/kernel-crawler.  
+Json for supported architectures can be found at https://falcosecurity.github.io/kernel-crawler/.
+
+## How to use
+
 ### Against a Kubernetes cluster

 ```bash
@ -35,7 +75,6 @@ driverkit kubernetes --output-module /tmp/falco.ko --kernelversion=81 --kernelre
 driverkit docker --output-module /tmp/falco.ko --kernelversion=81 --kernelrelease=4.15.0-72-generic --driverversion=master --target=ubuntu-generic
 ```

-
 ### Build using a configuration file

 Create a file named `ubuntu-aws.yaml` containing the following content:
@ -61,233 +100,21 @@ driverkit docker -c ubuntu-aws.yaml
 It is possible to customize the kernel module name that is produced by Driverkit with the `moduledevicename` and `moduledrivername` options.
 In this context, the _device name_ is the prefix used for the devices in `/dev/`, while the _driver name_ is the kernel module name as reported by `modinfo` or `lsmod` once the module is loaded.

-## Supported targets
+## Examples

-### ubuntu-generic
-Example configuration file to build both the Kernel module and eBPF probe for Ubuntu generic.
+For a comprehensive list of examples, heads to [example configs](Example_configs.md)!

-```yaml
-kernelrelease: 4.15.0-72-generic
-kernelversion: 81
-target: ubuntu-generic
-output:
-  module: /tmp/falco-ubuntu-generic.ko
-  probe: /tmp/falco-ubuntu-generic.o
-driverversion: master
-```
+## Support a new target

-### ubuntu-aws
+To add support for a new target, a new builder must be added.  
+For more info, you can find specific docs in [docs/builder.md](docs/builder.md) file.

-Example configuration file to build both the Kernel module and eBPF probe for Ubuntu AWS.
+## Support a new builder image

-```yaml
-kernelrelease: 4.15.0-1057-aws
-kernelversion: 59
-target: ubuntu-aws
-output:
-  module: /tmp/falco-ubuntu-aws.ko
-  probe: /tmp/falco-ubuntu-aws.o
-driverversion: master
-```
-
-### centos 6
-
-```yaml
-kernelrelease: 2.6.32-754.14.2.el6.x86_64
-kernelversion: 1
-target: centos
-output:
-  module: /tmp/falco-centos6.ko
-driverversion: master
-```
-
-### centos 7
-
-```yaml
-kernelrelease: 3.10.0-957.12.2.el7.x86_64
-kernelversion: 1
-target: centos
-output:
-  module: /tmp/falco-centos7.ko
-driverversion: master
-```
-
-### centos 8
-
-```yaml
-kernelrelease: 4.18.0-147.5.1.el8_1.x86_64
-kernelversion: 1
-target: centos
-output:
-  module: /tmp/falco-centos8.ko
-driverversion: master
-```
-
-### amazonlinux
-
-```yaml
-kernelrelease: 4.14.26-46.32.amzn1.x86_64
-target: amazonlinux
-output:
-    module: /tmp/falco_amazonlinux_4.14.26-46.32.amzn1.x86_64.ko
-driverversion: be1ea2d9482d0e6e2cb14a0fd7e08cbecf517f94
-```
-
-### amazonlinux 2
-
-```yaml
-kernelrelease: 4.14.171-136.231.amzn2.x86_64
-target: amazonlinux2
-output:
-    module: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.ko
-    probe: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.o
-driverversion: be1ea2d9482d0e6e2cb14a0fd7e08cbecf517f94
-```
-
-### debian
-
-Example configuration file to build both the Kernel module and eBPF probe for Debian.
-
-```yaml
-kernelrelease: 4.19.0-6-amd64
-kernelversion: 1
-output:
-  module: /tmp/falco-debian.ko
-  probe: /tmp/falco-debian.o
-target: debian
-driverversion: master
-```
-
-### vanilla
-
-In case of vanilla, you also need to pass the kernel config data in base64 format.
-
-In most systems you can get `kernelconfigdata`  by reading `/proc/config.gz`.
-
-```yaml
-kernelrelease: 5.5.2
-kernelversion: 1
-target: vanilla
-output:
-  module: /tmp/falco-vanilla.ko
-  probe: /tmp/falco-vanilla.o
-driverversion: 0de226085cc4603c45ebb6883ca4cacae0bd25b2
-```
-
-Now you can add the `kernelconfigdata` to the configuration file, to do so:
-
-```bash
-zcat /proc/config.gz| base64 -w0 | awk '{print "kernelconfigdata: " $1;}' >> /tmp/vanilla.yaml
-```
-
-The command above assumes that you saved the configuration file at `/tmp/vanilla.yaml`
-
-#### Note
-
-Usually, building for a `vanilla` target requires more time.
-
-So, we suggest to increase the `driverkit` timeout (defaults to `60` seconds):
-
-```bash
-driverkit docker -c /tmp/vanilla.yaml --timeout=300
-```
-
-## Goals
-
- [x] Have a package that can build the Falco kernel module in k8s
- [x] Have a package that can build the Falco kernel module in docker
- [x] Have a package that can build the Falco eBPF probe in k8s
- [x] Have a package that can build the Falco eBPF probe in docker
- [x] Support the top distributions in our [Survey](http://bit.ly/driverkit-survey-vote) and the Vanilla Kernel
-  - [x] Ubuntu (`ubuntu-aws`, `ubuntu-generic`)
-  - [x] CentOS 8
-  - [x] CentOS 7
-  - [x] CentOS 6
-  - [x] AmazonLinux (`amazonlinux`, `amazonlinux2`)
-  - [x] Debian
-  - [x] Vanilla kernel (`vanilla`)
+To add support for a new builder image, follow the doc at [docs/builder_images.md](docs/builder_images.md) file.

 ## Survey

 We are conducting a [survey](http://bit.ly/driverkit-survey-vote) to know what is the most interesting set of Operating Systems we must support first in driverkit.

 You can find the results of the survey [here](http://bit.ly/driverkit-survey-results)
-
-## Creating a new Builder
-
-You probably came here because you want to tell the [Falco Drivers Build Grid](https://github.com/falcosecurity/test-infra/tree/master/driverkit) to
-build drivers for a specific distro you care about.
-
-If that distribution is not supported by driverkit, the Falco Drivers Build Grid will not be able to just build it as it does for other distros.
-
-To add a new supported distribution, you need to create a specific file implementing the `builder.Builder` interface.
-
-You can find the specific distribution files into the [pkg/driverbuilder/builder](/pkg/driverbuilder/builder) folder.
-
-Here's the [Ubuntu](/pkg/driverbuilder/builder/ubuntu.go) one for reference.
-
-Following this simple set of instructions should help you while you implement a new `builder.Builder`.
-
-
-### 1. Builder file
-Create a file, named with the name of the distro you want to add in the `pkg/driverbuilder/builder` folder.
-
-```bash
-touch pkg/driverbuilder/builder/archlinux.go
-```
-
-### 2. Target name
-
-Your builder will need a constant for the target it implements. Usually that constant
-can just be the name of the distribution you are implementing. A builder can implement 
-more than one target at time. For example, the Ubuntu builder implements both `ubuntu-generic` and `ubuntu-aws`
-to reflect the organization that the distro itself has.
-
-Once you have the constant, you will need to add it to the `BuilderByTarget` map.
-
-
-Open your file and you will need to have something like this:
-
-```go
-// TargetTypeArchLinux identifies the Arch Linux target.
-const TargetTypeArchLinux Type = "archlinux"
-
-type archLinux struct {
-}
-
-func init() {
-	BuilderByTarget[TargetTypeArchLinux] = &archLinux{}
-}
-```
-
-Now, you can implement the `builder.Builder` interface for the `archlinux` struct
-you just registered.
-
-Here's a very minimalistic example.
-
-
-```go
-func (v archLinux) Script(c Config) (string, error) {
-  return "echo 'hello world'", nil
-}
-```
-
-Essentially, the `Script` function that you are implementing will need to return a string containing
-a `bash` script that will be executed by driverkit at build time.
-
-Depending on how the distro works, the script will need to fetch the kernel headers for it at the specific kernel version specified
-in the `Config` struct at `c.Build.KernelVersion`.
-Once you have those, based on what that kernel can do and based on what was configured
-by the user you will need to build the kernel module driver and/or the eBPF probe driver.
-
-How does this work?
-
-If the user specifies:
-
- `c.Build.ModuleFilePath` you will need to build the kernel module and save it in /tmp/driver/falco.ko`
- `c.Build.ProbeFilePath` you will need to build the eBPF probe and save it in /tmp/driver/probe.o`
-
-The `/tmp/driver` MUST be interpolated from the `DriverDirectory` constant from [`builders.go`](/pkg/driverbuilder/builder/builders.go).
-
-If you look at the various builder implemented, you will see that the task of creating a new builder
-can be easy or difficult depending on how the distribution ships their artifacts.
--- a/RELEASE.md
+++ b/RELEASE.md
@ -1,6 +1,6 @@
 # Release Process

-Our release process is based upon [CircleCI](https://app.circleci.com/pipelines/github/falcosecurity/driverkit) and [goreleaser](https://github.com/goreleaser/goreleaser) tool for artifacts.
+Our release process is fully automated using [Github actions](.github/workflows/release.yml) and [goreleaser](https://github.com/goreleaser/goreleaser) tool for artifacts.

 When we release we do the following process:

--- a/build/builder.Dockerfile
+++ b/build/builder.Dockerfile
@ -1,104 +0,0 @@
-FROM debian:buster
-
-LABEL maintainer="cncf-falco-dev@lists.cncf.io"
-
-RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
-
-RUN apt-get update \
-	&& apt-get install -y --no-install-recommends \
-	bash-completion \
-	bc \
-	clang-7 \
-	ca-certificates \
-	curl \
-	dkms \
-	gnupg2 \
-	gcc \
-	jq \
-	libc6-dev \
-	libelf-dev \
-	libmpx2 \
-	llvm-7 \
-	netcat \
-	xz-utils \
-	rpm2cpio \
-	cpio \
-	flex \
-	bison \
-	openssl \
-	libssl-dev \
-	libncurses-dev \
-	libudev-dev \
-	libpci-dev \
-	libiberty-dev \
-	lsb-release \
-	wget \
-	software-properties-common \
-	gpg \
-	&& rm -rf /var/lib/apt/lists/*
-
-# Install clang 12
-RUN cd /tmp \
-	&& wget https://apt.llvm.org/llvm.sh \
-	&& chmod +x llvm.sh \
-	&& ./llvm.sh 12
-
-# gcc 6 is no longer included in debian stable, but we need it to
-# build kernel modules on the default debian-based ami used by
-# kops. So grab copies we've saved from debian snapshots with the
-# prefix https://snapshot.debian.org/archive/debian/20170517T033514Z
-# or so.
-
-RUN curl -L -o cpp-6_6.3.0-18_amd64.deb https://download.falco.org/dependencies/cpp-6_6.3.0-18_amd64.deb \
-	&& curl -L -o gcc-6-base_6.3.0-18_amd64.deb https://download.falco.org/dependencies/gcc-6-base_6.3.0-18_amd64.deb \
-	&& curl -L -o gcc-6_6.3.0-18_amd64.deb https://download.falco.org/dependencies/gcc-6_6.3.0-18_amd64.deb \
-	&& curl -L -o libasan3_6.3.0-18_amd64.deb https://download.falco.org/dependencies/libasan3_6.3.0-18_amd64.deb \
-	&& curl -L -o libcilkrts5_6.3.0-18_amd64.deb https://download.falco.org/dependencies/libcilkrts5_6.3.0-18_amd64.deb \
-	&& curl -L -o libgcc-6-dev_6.3.0-18_amd64.deb https://download.falco.org/dependencies/libgcc-6-dev_6.3.0-18_amd64.deb \
-	&& curl -L -o libubsan0_6.3.0-18_amd64.deb https://download.falco.org/dependencies/libubsan0_6.3.0-18_amd64.deb \
-	&& curl -L -o libmpfr4_3.1.3-2_amd64.deb https://download.falco.org/dependencies/libmpfr4_3.1.3-2_amd64.deb \
-	&& curl -L -o libisl15_0.18-1_amd64.deb https://download.falco.org/dependencies/libisl15_0.18-1_amd64.deb \
-	&& dpkg -i cpp-6_6.3.0-18_amd64.deb gcc-6-base_6.3.0-18_amd64.deb gcc-6_6.3.0-18_amd64.deb libasan3_6.3.0-18_amd64.deb libcilkrts5_6.3.0-18_amd64.deb libgcc-6-dev_6.3.0-18_amd64.deb libubsan0_6.3.0-18_amd64.deb libmpfr4_3.1.3-2_amd64.deb libisl15_0.18-1_amd64.deb \
-	&& rm -f cpp-6_6.3.0-18_amd64.deb gcc-6-base_6.3.0-18_amd64.deb gcc-6_6.3.0-18_amd64.deb libasan3_6.3.0-18_amd64.deb libcilkrts5_6.3.0-18_amd64.deb libgcc-6-dev_6.3.0-18_amd64.deb libubsan0_6.3.0-18_amd64.deb libmpfr4_3.1.3-2_amd64.deb libisl15_0.18-1_amd64.deb
-
-# gcc 5 is no longer included in debian stable, but we need it to
-# build centos kernels, which are 3.x based and explicitly want a gcc
-# version 3, 4, or 5 compiler. So grab copies we've saved from debian
-# snapshots with the prefix https://snapshot.debian.org/archive/debian/20190122T000000Z.
-
-RUN curl -L -o cpp-5_5.5.0-12_amd64.deb https://download.falco.org/dependencies/cpp-5_5.5.0-12_amd64.deb \
-	&& curl -L -o gcc-5-base_5.5.0-12_amd64.deb https://download.falco.org/dependencies/gcc-5-base_5.5.0-12_amd64.deb \
-	&& curl -L -o gcc-5_5.5.0-12_amd64.deb https://download.falco.org/dependencies/gcc-5_5.5.0-12_amd64.deb \
-	&& curl -L -o libasan2_5.5.0-12_amd64.deb	https://download.falco.org/dependencies/libasan2_5.5.0-12_amd64.deb \
-	&& curl -L -o libgcc-5-dev_5.5.0-12_amd64.deb https://download.falco.org/dependencies/libgcc-5-dev_5.5.0-12_amd64.deb \
-	&& curl -L -o libisl15_0.18-4_amd64.deb https://download.falco.org/dependencies/libisl15_0.18-4_amd64.deb \
-	&& curl -L -o libmpx0_5.5.0-12_amd64.deb https://download.falco.org/dependencies/libmpx0_5.5.0-12_amd64.deb \
-	&& dpkg -i cpp-5_5.5.0-12_amd64.deb gcc-5-base_5.5.0-12_amd64.deb gcc-5_5.5.0-12_amd64.deb libasan2_5.5.0-12_amd64.deb libgcc-5-dev_5.5.0-12_amd64.deb libisl15_0.18-4_amd64.deb libmpx0_5.5.0-12_amd64.deb \
-	&& rm -f cpp-5_5.5.0-12_amd64.deb gcc-5-base_5.5.0-12_amd64.deb gcc-5_5.5.0-12_amd64.deb libasan2_5.5.0-12_amd64.deb libgcc-5-dev_5.5.0-12_amd64.deb libisl15_0.18-4_amd64.deb libmpx0_5.5.0-12_amd64.deb
-
-# gcc 4 is no longer included in debian stable, but we need it to
-# build centos kernels, which are 2.x based and explicitly want a gcc
-# version 4 compiler. So grab copies we've saved from debian
-# snapshots with the prefix http://ftp.debian.org/debian/pool/main/g/gcc-4.8/.
-
-RUN curl -L -o cpp-4.8_4.8.4-1_amd64.deb https://download.falco.org/dependencies/cpp-4.8_4.8.4-1_amd64.deb \
-	&& curl -L -o gcc-4.8-base_4.8.4-1_amd64.deb https://download.falco.org/dependencies/gcc-4.8-base_4.8.4-1_amd64.deb \
-	&& curl -L -o gcc-4.8_4.8.4-1_amd64.deb https://download.falco.org/dependencies/gcc-4.8_4.8.4-1_amd64.deb \
-	&& curl -L -o libasan0_4.8.4-1_amd64.deb https://download.falco.org/dependencies/libasan0_4.8.4-1_amd64.deb \
-	&& curl -L -o libgcc-4.8-dev_4.8.4-1_amd64.deb https://download.falco.org/dependencies/libgcc-4.8-dev_4.8.4-1_amd64.deb \
-	&& curl -L -o libisl10_0.12.2-2_amd64.deb https://download.falco.org/dependencies/libisl10_0.12.2-2_amd64.deb \
-	&& curl -L -o multiarch-support_2.19-18+deb8u10_amd64.deb https://download.falco.org/dependencies/multiarch-support_2.19-18%2Bdeb8u10_amd64.deb \
-	&& curl -L -o libcloog-isl4_0.18.4-1+b1_amd64.deb https://download.falco.org/dependencies/libcloog-isl4_0.18.4-1%2Bb1_amd64.deb \
-	&& dpkg -i multiarch-support_2.19-18+deb8u10_amd64.deb \
-	&& dpkg -i libisl10_0.12.2-2_amd64.deb gcc-4.8-base_4.8.4-1_amd64.deb libasan0_4.8.4-1_amd64.deb libgcc-4.8-dev_4.8.4-1_amd64.deb libcloog-isl4_0.18.4-1+b1_amd64.deb cpp-4.8_4.8.4-1_amd64.deb gcc-4.8_4.8.4-1_amd64.deb \
-	&& rm -f multiarch-support_2.19-18+deb8u10_amd64.deb libisl10_0.12.2-2_amd64.deb gcc-4.8-base_4.8.4-1_amd64.deb libasan0_4.8.4-1_amd64.deb libgcc-4.8-dev_4.8.4-1_amd64.deb libcloog-isl4_0.18.4-1+b1_amd64.deb cpp-4.8_4.8.4-1_amd64.deb gcc-4.8_4.8.4-1_amd64.deb
-
-# debian:stable head contains binutils 2.31, which generates
-# binaries that are incompatible with kernels < 4.16. So manually
-# forcibly install binutils 2.30-22 instead.
-RUN curl -L -o binutils_2.30-22_amd64.deb https://download.falco.org/dependencies/binutils_2.30-22_amd64.deb \
-	&& curl -L -o libbinutils_2.30-22_amd64.deb https://download.falco.org/dependencies/libbinutils_2.30-22_amd64.deb \
-	&& curl -L -o binutils-x86-64-linux-gnu_2.30-22_amd64.deb https://download.falco.org/dependencies/binutils-x86-64-linux-gnu_2.30-22_amd64.deb \
-	&& curl -L -o binutils-common_2.30-22_amd64.deb https://download.falco.org/dependencies/binutils-common_2.30-22_amd64.deb \
-	&& dpkg -i *binutils*.deb \
-	&& rm -f *binutils*.deb
--- a/build/driverkit.Dockerfile
+++ b/build/driverkit.Dockerfile
@ -1,15 +0,0 @@
-FROM docker.io/golang:1.14-alpine3.11 as builder
-
-LABEL maintainer="cncf-falco-dev@lists.cncf.io"
-
-RUN apk add --no-cache --update
-RUN apk add gcc musl-dev make bash git
-ADD . /driverkit
-
-WORKDIR /driverkit
-
-RUN make build
-
-FROM docker.io/alpine:3.11
-COPY --from=builder /driverkit/_output/bin/driverkit /bin/driverkit
-CMD ["/bin/driverkit"]
--- a/cmd/cli_test.go
+++ b/cmd/cli_test.go
@ -1,14 +1,34 @@
+//go:build !race
 // +build !race

+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd

 import (
 	"bytes"
-	"io/ioutil"
 	"os"
 	"path/filepath"
+	"runtime"
+	"sort"
 	"strings"
 	"testing"
+	"text/template"
+
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"

 	"github.com/acarl005/stripansi"
 	"gotest.tools/assert"
@ -73,6 +93,10 @@ var tests = []testCase{
 			"4.15.0-1057-aws",
 			"--kernelversion",
 			"59",
+			"--kernelurls",
+			"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb",
+			"--kernelurls",
+			"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb",
 			"--target",
 			"ubuntu-aws",
 			"--output-module",
@ -98,10 +122,16 @@ var tests = []testCase{
 			"4.15.0-1057-aws",
 			"--kernelversion",
 			"59",
+			"--kernelurls",
+			"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb",
+			"--kernelurls",
+			"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb",
 			"--target",
 			"ubuntu-aws",
 			"--output-module",
 			"/tmp/falco-ubuntu-aws.ko",
+			"--output-probe",
+			"/tmp/falco-ubuntu-aws.o",
 			"--loglevel",
 			"debug",
 		},
@ -114,11 +144,16 @@ var tests = []testCase{
 		env: map[string]string{
 			"DRIVERKIT_KERNELVERSION": "59",
 			"DRIVERKIT_OUTPUT_MODULE": "/tmp/falco-ubuntu-aws.ko",
+			"DRIVERKIT_OUTPUT_PROBE":  "/tmp/falco-ubuntu-aws.o",
 		},
 		args: []string{
 			"docker",
 			"--kernelrelease",
 			"4.15.0-1057-aws",
+			"--kernelurls",
+			"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb",
+			"--kernelurls",
+			"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb",
 			"-t",
 			"ubuntu-aws",
 			"--loglevel",
@ -141,6 +176,19 @@ var tests = []testCase{
 			out: "testdata/docker-from-config-debug.txt",
 		},
 	},
+	{
+		descr: "docker/from-config-file-using-urls",
+		args: []string{
+			"docker",
+			"-c",
+			"testdata/configs/2.yaml",
+			"--loglevel",
+			"debug",
+		},
+		expect: expect{
+			out: "testdata/docker-override-urls-from-config-debug.txt",
+		},
+	},
 	{
 		descr: "docker/override-from-config-file",
 		env: map[string]string{
@ -158,6 +206,47 @@ var tests = []testCase{
 			out: "testdata/docker-override-from-config-debug.txt",
 		},
 	},
+	{
+		descr: "docker/build-related-target-azure",
+		args: []string{
+			"docker",
+			"--kernelrelease",
+			"4.15.0-1057-azure",
+			"--kernelversion",
+			"62",
+			"--kernelurls",
+			"http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-azure-headers-4.15.0-1057_4.15.0-1057.62_all.deb",
+			"--kernelurls",
+			"http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-headers-4.15.0-1057-azure_4.15.0-1057.62_amd64.deb",
+			"--target",
+			"ubuntu-azure",
+			"--output-module",
+			"/tmp/falco-ubuntu-azure.ko",
+			"--loglevel",
+			"debug",
+		},
+		expect: expect{
+			out: "testdata/docker-related-target-debug.txt",
+		},
+	},
+	{
+		descr: "docker/build-target-check-validation-redhat",
+		args: []string{
+			"docker",
+			"--kernelrelease",
+			"4.18.0-348.el8.x86_64",
+			"--target",
+			"redhat",
+			"--output-module",
+			"/tmp/falco-redhat.ko",
+			"--loglevel",
+			"debug",
+		},
+		expect: expect{
+			out: "testdata/docker-target-redhat-validation-error-debug.txt",
+			err: "exiting for validation errors",
+		},
+	},
 	{
 		descr: "complete/docker/targets",
 		args: []string{
@ -227,9 +316,14 @@ var tests = []testCase{

 func run(t *testing.T, test testCase) {
 	// Setup
-	c := NewRootCmd()
-	b := bytes.NewBufferString("")
-	c.SetOutput(b)
+	configOpts, err := NewConfigOptions()
+	assert.NilError(t, err)
+	rootOpts, err := NewRootOptions()
+	assert.NilError(t, err)
+	var buf bytes.Buffer
+	configOpts.setOutput(&buf, true)
+	c := NewRootCmd(configOpts, rootOpts)
+	c.SetOutput(&buf)
 	if len(test.args) == 0 || (test.args[0] != "__complete" && test.args[0] != "__completeNoDesc" && test.args[0] != "help" && test.args[0] != "completion") {
 		test.args = append(test.args, "--dryrun")
 	}
@ -240,19 +334,18 @@ func run(t *testing.T, test testCase) {
 		}
 	}
 	// Test
-	err := c.Execute()
+	err = c.Execute()
 	if err != nil {
 		if test.expect.err == "" {
 			t.Fatalf("error executing CLI: %v", err)
 		} else {
 			assert.Error(t, err, test.expect.err)
 		}
+		// Exactly same behavior as rootCmd.Start(), but here we use ERROR instead of FATAL to avoid leaving
+		configOpts.Printer.Logger.Error("error executing driverkit", configOpts.Printer.Logger.Args("err", err.Error()))
 	}
-	out, err := ioutil.ReadAll(b)
-	if err != nil {
-		t.Fatalf("error reading CLI output: %v", err)
-	}
-	res := stripansi.Strip(string(out))
+	out := buf.String()
+	res := stripansi.Strip(out)
 	assert.Equal(t, test.expect.out, res)
 	// Teardown
 	for k := range test.env {
@ -262,6 +355,81 @@ func run(t *testing.T, test testCase) {
 	}
 }

+// Simple explanation:
+// basically we leverage text.template to execute templates for test data.
+// testTemplateData is the actual template structure used to fill the test requested output.
+// It internally stores all the help text, split in section { Desc, Usage, Commands, Flags, Info }
+// plus the flagsTemplateData (that is the template data used to fill Flags fields basically).
+type testTemplateData struct {
+	Desc     string
+	Usage    string
+	Commands string
+	Flags    string
+	Info     string
+	flagsTemplateData
+}
+
+func readTemplateFile(t *testing.T, s string) string {
+	out, err := os.ReadFile("testdata/templates/" + s)
+	assert.NilError(t, err)
+	return string(out)
+}
+
+func initTestTemplateData(t *testing.T, args []string) testTemplateData {
+	td := initFlagsTemplateData(args)
+	return testTemplateData{
+		Usage:             readTemplateFile(t, "usage.txt"),
+		Commands:          readTemplateFile(t, "commands.txt"),
+		Flags:             runTemplate(t, readTemplateFile(t, "flags.txt"), td),
+		Desc:              readTemplateFile(t, "desc.txt"),
+		Info:              readTemplateFile(t, "info.txt"),
+		flagsTemplateData: td,
+	}
+}
+
+type flagsTemplateData struct {
+	Targets             string
+	CurrentArch         string
+	Architectures       string
+	TargetsVerticalList string
+
+	// It is the subcmd being called, ie: driverkit (root) or docker,kubernetes.
+	// It is automatically fetched by args passed to each test case
+	Cmd string
+}
+
+func initFlagsTemplateData(args []string) flagsTemplateData {
+	targets := builder.Targets()
+	sort.Strings(targets)
+
+	cmd := "driverkit"
+	if len(args) > 0 {
+		if args[0] == "docker" {
+			cmd = "docker"
+		} else if args[0] == "kubernetes" {
+			cmd = "kubernetes"
+		}
+	}
+
+	return flagsTemplateData{
+		Targets:             "[" + strings.Join(targets, ",") + "]",
+		CurrentArch:         runtime.GOARCH,
+		Architectures:       kernelrelease.SupportedArchs.String(),
+		TargetsVerticalList: strings.Join(targets, "\n"),
+		Cmd:                 cmd,
+	}
+}
+
+func runTemplate(t *testing.T, f string, td interface{}) string {
+	tplate := template.New("test")
+	parsed, err := tplate.Parse(f)
+	assert.NilError(t, err)
+	buf := bytes.NewBuffer(nil)
+	err = parsed.Execute(buf, td)
+	assert.NilError(t, err)
+	return buf.String()
+}
+
 func TestCLI(t *testing.T) {
 	for _, test := range tests {
 		descr := test.descr
@ -272,11 +440,12 @@ func TestCLI(t *testing.T) {
 			test.descr = strings.TrimSuffix(filepath.Base(test.expect.out), ".txt")
 		}
 		if test.expect.out != "" {
-			out, err := ioutil.ReadFile(test.expect.out)
+			out, err := os.ReadFile(test.expect.out)
 			if err != nil {
 				t.Fatalf("output fixture not found: %v", err)
 			}
-			test.expect.out = string(out)
+			td := initTestTemplateData(t, test.args)
+			test.expect.out = runTemplate(t, string(out), td)
 		}

 		t.Run(test.descr, func(t *testing.T) {
--- a/cmd/completion.go
+++ b/cmd/completion.go
@ -1,8 +1,23 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd

 import (
 	"bytes"
 	"fmt"
+	"github.com/spf13/pflag"
 	"os"
 	"strings"
 	"text/template"
@ -32,12 +47,12 @@ func validateArgs() cobra.PositionalArgs {
 		if len(args) == 0 {
 			return nil
 		}
-		return cobra.ExactValidArgs(1)(c, args)
+		return cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs)(c, args)
 	}
 }

 // NewCompletionCmd ...
-func NewCompletionCmd() *cobra.Command {
+func NewCompletionCmd(_ *ConfigOptions, _ *RootOptions, _ *pflag.FlagSet) *cobra.Command {
 	var long bytes.Buffer
 	tmpl := template.Must(template.New("long").Parse(longUsageTemplate))
 	tmpl.Execute(&long, map[string]interface{}{
@ -51,25 +66,23 @@ func NewCompletionCmd() *cobra.Command {
 		Args:              validateArgs(),
 		ValidArgs:         cmdArgs,
 		DisableAutoGenTag: true,
-		Run: func(c *cobra.Command, args []string) {
+		RunE: func(c *cobra.Command, args []string) error {
 			if len(args) == 0 {
-				c.Help()
-				return
+				return c.Help()
 			}

 			arg := args[0]
 			switch arg {
 			case "bash":
-				c.Root().GenBashCompletion(os.Stdout)
-				break
+				return c.Root().GenBashCompletion(os.Stdout)
 			case "zsh":
-				c.Root().GenZshCompletion(os.Stdout)
-				break
+				return c.Root().GenZshCompletion(os.Stdout)
 			case "fish":
-				c.Root().GenFishCompletion(os.Stdout, true)
+				return c.Root().GenFishCompletion(os.Stdout, true)
 			case "help":
-				c.Help()
+				return c.Help()
 			}
+			return nil
 		},
 	}

--- a/cmd/config_options.go
+++ b/cmd/config_options.go
@ -1,49 +1,155 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd

 import (
-	"fmt"
+	"errors"
+	"github.com/falcosecurity/falcoctl/pkg/output"
+	"github.com/mitchellh/go-homedir"
+	"github.com/spf13/pflag"
+	"github.com/spf13/viper"
+	"io"
+	"os"
+	"strings"

 	"github.com/creasty/defaults"
 	"github.com/falcosecurity/driverkit/validate"
 	"github.com/go-playground/validator/v10"
-	logger "github.com/sirupsen/logrus"
+	"github.com/pterm/pterm"
 )

-var validProcessors = []string{"docker", "kubernetes"}
-var aliasProcessors = []string{"docker", "k8s"}
-var configOptions *ConfigOptions
+var validProcessors = []string{"docker", "kubernetes", "kubernetes-in-cluster", "local"}
+var aliasProcessors = []string{"docker", "k8s", "k8s-ic"}

 // ConfigOptions represent the persistent configuration flags of driverkit.
 type ConfigOptions struct {
-	ConfigFile string
-	LogLevel   string `validate:"logrus" name:"log level" default:"info"`
-	Timeout    int    `validate:"number,min=30" default:"60" name:"timeout"`
+	configFile string
+	Timeout    int    `validate:"number,min=30" default:"120" name:"timeout"`
 	ProxyURL   string `validate:"omitempty,proxy" name:"proxy url"`
-	DryRun     bool
+	dryRun     bool

-	configErrors bool
+	// Printer used by all commands to output messages.
+	Printer *output.Printer
+	// writer is used to write the output of the printer.
+	writer         io.Writer
+	logLevel       *output.LogLevel
+	disableStyling bool
+}
+
+func (co *ConfigOptions) initPrinter() {
+	// DisableStyling is only enforced by tests.
+	if co.disableStyling {
+		pterm.DisableStyling()
+	}
+	co.Printer = output.NewPrinter(co.logLevel.ToPtermLogLevel(), pterm.LogFormatterColorful, co.writer)
+	if co.disableStyling {
+		// Disable time print for tests
+		co.Printer.Logger = co.Printer.Logger.WithTime(false)
+	}
+
+}
+
+// Called by tests to disable styling and set bytes buffer as output
+func (co *ConfigOptions) setOutput(writer io.Writer, disableStyling bool) {
+	co.writer = writer
+	co.disableStyling = disableStyling
+	co.initPrinter()
 }

 // NewConfigOptions creates an instance of ConfigOptions.
-func NewConfigOptions() *ConfigOptions {
-	o := &ConfigOptions{}
-	if err := defaults.Set(o); err != nil {
-		logger.WithError(err).WithField("options", "ConfigOptions").Fatal("error setting driverkit options defaults")
+func NewConfigOptions() (*ConfigOptions, error) {
+	o := &ConfigOptions{
+		writer:         os.Stdout,
+		logLevel:       output.NewLogLevel(),
+		disableStyling: false,
 	}
-	return o
+	o.initPrinter()
+	if err := defaults.Set(o); err != nil {
+		// Return ConfigOptions anyway because we need the logger
+		return o, err
+	}
+	return o, nil
 }

 // Validate validates the ConfigOptions fields.
-func (co *ConfigOptions) Validate() []error {
+func (co *ConfigOptions) validate() []error {
 	if err := validate.V.Struct(co); err != nil {
-		errors := err.(validator.ValidationErrors)
-		errArr := []error{}
-		for _, e := range errors {
+		var errs validator.ValidationErrors
+		errors.As(err, &errs)
+		var errArr []error
+		for _, e := range errs {
 			// Translate each error one at a time
-			errArr = append(errArr, fmt.Errorf(e.Translate(validate.T)))
+			errArr = append(errArr, errors.New(e.Translate(validate.T)))
 		}
-		co.configErrors = true
 		return errArr
 	}
 	return nil
 }
+
+// AddFlags registers the common flags.
+func (co *ConfigOptions) AddFlags(flags *pflag.FlagSet) {
+	flags.StringVarP(&co.configFile, "config", "c", co.configFile, "config file path (default $HOME/.driverkit.yaml if exists)")
+	flags.VarP(co.logLevel, "loglevel", "l", "set level for logs "+co.logLevel.Allowed())
+	flags.IntVar(&co.Timeout, "timeout", co.Timeout, "timeout in seconds")
+	flags.StringVar(&co.ProxyURL, "proxy", co.ProxyURL, "the proxy to use to download data")
+	flags.BoolVar(&co.dryRun, "dryrun", co.dryRun, "do not actually perform the action")
+}
+
+// Init reads in config file and ENV variables if set.
+func (co *ConfigOptions) Init() bool {
+	configErr := false
+	if errs := co.validate(); errs != nil {
+		for _, err := range errs {
+			co.Printer.Logger.Error("error validating config options",
+				co.Printer.Logger.Args("err", err.Error()))
+		}
+		configErr = true
+	}
+	if co.configFile != "" {
+		viper.SetConfigFile(co.configFile)
+	} else {
+		// Find home directory.
+		home, err := homedir.Dir()
+		if err != nil {
+			co.Printer.Logger.Error("error getting the home directory",
+				co.Printer.Logger.Args("err", err.Error()))
+			// not setting configErr = true because we fallback to `$HOME/.driverkit.yaml` and try with it
+		}
+
+		viper.AddConfigPath(home)
+		viper.SetConfigName(".driverkit")
+	}
+
+	viper.AutomaticEnv()
+	viper.SetEnvPrefix("driverkit")
+	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
+
+	// If a config file is found, read it in.
+	err := viper.ReadInConfig()
+	// Init printer with either read or existent one,
+	// so that we can further log considering log level set.
+	co.initPrinter()
+	if err == nil {
+		co.Printer.Logger.Info("using config file",
+			co.Printer.Logger.Args("file", viper.ConfigFileUsed()))
+	} else {
+		var configFileNotFoundError viper.ConfigFileNotFoundError
+		if errors.As(err, &configFileNotFoundError) {
+			// Config file not found, ignore ...
+			co.Printer.Logger.Debug("running without a configuration file")
+		}
+	}
+	return configErr
+}
--- a/cmd/docker.go
+++ b/cmd/docker.go
@ -1,26 +1,56 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd

 import (
+	"bytes"
 	"github.com/falcosecurity/driverkit/pkg/driverbuilder"
-	"github.com/sirupsen/logrus"
-	logger "github.com/sirupsen/logrus"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-	"github.com/spf13/viper"
 )

 // NewDockerCmd creates the `driverkit docker` command.
-func NewDockerCmd(rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
+func NewDockerCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
 	dockerCmd := &cobra.Command{
 		Use:   "docker",
 		Short: "Build Falco kernel modules and eBPF probes against a docker daemon.",
-		Run: func(c *cobra.Command, args []string) {
-			logrus.WithField("processor", c.Name()).Info("driver building, it will take a few seconds")
-			if !configOptions.DryRun {
-				if err := driverbuilder.NewDockerBuildProcessor(viper.GetInt("timeout"), viper.GetString("proxy")).Start(rootOpts.toBuild()); err != nil {
-					logger.WithError(err).Fatal("exiting")
+		RunE: func(c *cobra.Command, args []string) error {
+			configOpts.Printer.Logger.Info("starting build",
+				configOpts.Printer.Logger.Args("processor", c.Name()))
+			if !configOpts.dryRun {
+				if !rootOpts.Output.HasOutputs() {
+					configOpts.Printer.Logger.Info("no output specified")
+					return nil
 				}
+				// Since we use a spinner, cache log data to a bytesbuffer;
+				// we will later print it once we stop the spinner.
+				var b *builder.Build
+				if configOpts.disableStyling {
+					b = rootOpts.ToBuild(configOpts.Printer)
+				} else {
+					var buf bytes.Buffer
+					b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
+					configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
+					defer func() {
+						configOpts.Printer.DefaultText.Print(buf.String())
+					}()
+				}
+				return driverbuilder.NewDockerBuildProcessor(configOpts.Timeout, configOpts.ProxyURL).Start(b)
 			}
+			return nil
 		},
 	}
 	// Add root flags
--- a/cmd/images.go
+++ b/cmd/images.go
@ -0,0 +1,74 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cmd
+
+import (
+	"bytes"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
+	"os"
+
+	"github.com/olekukonko/tablewriter"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+// NewImagesCmd creates the `driverkit images` command.
+func NewImagesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
+	imagesCmd := &cobra.Command{
+		Use:   "images",
+		Short: "List builder images",
+		RunE: func(c *cobra.Command, args []string) error {
+			configOpts.Printer.Logger.Info("starting loading images",
+				configOpts.Printer.Logger.Args("processor", c.Name()))
+			// Since we use a spinner, cache log data to a bytesbuffer;
+			// we will later print it once we stop the spinner.
+			var (
+				buf bytes.Buffer
+				b   *builder.Build
+			)
+			if configOpts.disableStyling {
+				b = rootOpts.ToBuild(configOpts.Printer)
+			} else {
+				b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
+				configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("listing images, it will take a few seconds")
+			}
+			b.LoadImages()
+			if !configOpts.disableStyling {
+				_ = configOpts.Printer.Spinner.Stop()
+				configOpts.Printer.DefaultText.Print(buf.String())
+			}
+
+			table := tablewriter.NewWriter(os.Stdout)
+			table.SetHeader([]string{"Image", "Target", "Arch", "GCC"})
+			table.SetBorders(tablewriter.Border{Left: true, Top: false, Right: true, Bottom: false})
+			table.SetCenterSeparator("|")
+
+			for _, img := range b.Images {
+				data := make([]string, 4)
+				data[0] = img.Name
+				data[1] = img.Target.String()
+				data[2] = b.Architecture
+				data[3] = img.GCCVersion.String()
+				table.Append(data)
+			}
+			table.Render() // Send output
+			return nil
+		},
+	}
+	// Add root flags
+	imagesCmd.PersistentFlags().AddFlagSet(rootFlags)
+
+	return imagesCmd
+}
--- a/cmd/kubernetes.go
+++ b/cmd/kubernetes.go
@ -1,21 +1,34 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd

 import (
+	"bytes"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
 	"regexp"
 	"strings"

 	"github.com/falcosecurity/driverkit/pkg/driverbuilder"
 	"github.com/falcosecurity/driverkit/pkg/kubernetes/factory"
-	"github.com/sirupsen/logrus"
-	logger "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-	"github.com/spf13/viper"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 )

 // NewKubernetesCmd creates the `driverkit kubernetes` command.
-func NewKubernetesCmd(rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
+func NewKubernetesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
 	kubernetesCmd := &cobra.Command{
 		Use:     "kubernetes",
 		Short:   "Build Falco kernel modules and eBPF probes against a Kubernetes cluster.",
@ -35,35 +48,48 @@ func NewKubernetesCmd(rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Co
 		f.Usage = upperAfterPointRegexp.ReplaceAllString(f.Usage, ", ${1}")
 		f.Usage = upperAfterCommaRegexp.ReplaceAllStringFunc(f.Usage, strings.ToLower)
 	})
+	// Add Kubernetes pods options flags
+	flags := kubernetesCmd.Flags()
+	addKubernetesFlags(flags)
+	kubernetesCmd.PersistentFlags().AddFlagSet(flags)
 	// Add root flags
 	kubernetesCmd.PersistentFlags().AddFlagSet(rootFlags)

 	kubefactory := factory.NewFactory(configFlags)

-	kubernetesCmd.Run = func(cmd *cobra.Command, args []string) {
-		logrus.WithField("processor", cmd.Name()).Info("driver building, it will take a few seconds")
-		if !configOptions.DryRun {
-			if err := kubernetesRun(cmd, args, kubefactory, rootOpts); err != nil {
-				logger.WithError(err).Fatal("exiting")
+	kubernetesCmd.RunE = func(c *cobra.Command, args []string) error {
+		configOpts.Printer.Logger.Info("starting build",
+			configOpts.Printer.Logger.Args("processor", c.Name()))
+		if !configOpts.dryRun {
+			if !rootOpts.Output.HasOutputs() {
+				configOpts.Printer.Logger.Info("no output specified")
+				return nil
 			}
+			// Since we use a spinner, cache log data to a bytesbuffer;
+			// we will later print it once we stop the spinner.
+			var b *builder.Build
+			if configOpts.disableStyling {
+				b = rootOpts.ToBuild(configOpts.Printer)
+			} else {
+				var buf bytes.Buffer
+				b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
+				configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
+				defer func() {
+					configOpts.Printer.DefaultText.Print(buf.String())
+				}()
+			}
+			return kubernetesRun(kubefactory, b, configOpts)
 		}
+		return nil
 	}

 	return kubernetesCmd
 }

-func kubernetesRun(cmd *cobra.Command, args []string, kubefactory factory.Factory, rootOpts *RootOptions) error {
-	f := cmd.Flags()
-	b := rootOpts.toBuild()
-
-	namespaceStr, err := f.GetString("namespace")
-	if err != nil {
-		return err
-	}
-	if len(namespaceStr) == 0 {
-		namespaceStr = "default"
-	}
-
+func kubernetesRun(kubefactory factory.Factory,
+	b *builder.Build,
+	configOpts *ConfigOptions,
+) error {
 	kc, err := kubefactory.KubernetesClientSet()
 	if err != nil {
 		return err
@ -76,7 +102,12 @@ func kubernetesRun(cmd *cobra.Command, args []string, kubefactory factory.Factor
 		return err
 	}

-	buildProcessor := driverbuilder.NewKubernetesBuildProcessor(kc.CoreV1(), clientConfig, namespaceStr, viper.GetInt("timeout"), viper.GetString("proxy"))
-
+	buildProcessor := driverbuilder.NewKubernetesBuildProcessor(kc.CoreV1(),
+		clientConfig,
+		kubernetesOptions.RunAsUser,
+		kubernetesOptions.Namespace,
+		kubernetesOptions.ImagePullSecret,
+		configOpts.Timeout,
+		configOpts.ProxyURL)
 	return buildProcessor.Start(b)
 }
--- a/cmd/kubernetes_in_cluster.go
+++ b/cmd/kubernetes_in_cluster.go
@ -0,0 +1,94 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cmd
+
+import (
+	"bytes"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
+	"github.com/falcosecurity/driverkit/pkg/kubernetes/factory"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+)
+
+// NewKubernetesInClusterCmd creates the `driverkit kubernetes` command.
+func NewKubernetesInClusterCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
+	kubernetesInClusterCmd := &cobra.Command{
+		Use:     "kubernetes-in-cluster",
+		Short:   "Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.",
+		Aliases: []string{"k8s-ic"},
+	}
+
+	// Add Kubernetes pods options flags
+	flags := kubernetesInClusterCmd.Flags()
+	addKubernetesFlags(flags)
+	kubernetesInClusterCmd.PersistentFlags().AddFlagSet(flags)
+	// Add root flags
+	kubernetesInClusterCmd.PersistentFlags().AddFlagSet(rootFlags)
+
+	kubernetesInClusterCmd.RunE = func(c *cobra.Command, args []string) error {
+		configOpts.Printer.Logger.Info("starting build",
+			configOpts.Printer.Logger.Args("processor", c.Name()))
+		if !configOpts.dryRun {
+			if !rootOpts.Output.HasOutputs() {
+				configOpts.Printer.Logger.Info("no output specified")
+				return nil
+			}
+			// Since we use a spinner, cache log data to a bytesbuffer;
+			// we will later print it once we stop the spinner.
+			var b *builder.Build
+			if configOpts.disableStyling {
+				b = rootOpts.ToBuild(configOpts.Printer)
+			} else {
+				var buf bytes.Buffer
+				b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
+				configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
+				defer func() {
+					configOpts.Printer.DefaultText.Print(buf.String())
+				}()
+			}
+			return kubernetesInClusterRun(b, configOpts)
+		}
+		return nil
+	}
+
+	return kubernetesInClusterCmd
+}
+
+func kubernetesInClusterRun(b *builder.Build, configOpts *ConfigOptions) error {
+	kubeConfig, err := rest.InClusterConfig()
+	if err != nil {
+		return err
+	}
+	if err = factory.SetKubernetesDefaults(kubeConfig); err != nil {
+		return err
+	}
+
+	kc, err := kubernetes.NewForConfig(kubeConfig)
+	if err != nil {
+		return err
+	}
+
+	buildProcessor := driverbuilder.NewKubernetesBuildProcessor(kc.CoreV1(),
+		kubeConfig,
+		kubernetesOptions.RunAsUser,
+		kubernetesOptions.Namespace,
+		kubernetesOptions.ImagePullSecret,
+		configOpts.Timeout,
+		configOpts.ProxyURL)
+	return buildProcessor.Start(b)
+}
--- a/cmd/kubernetes_options.go
+++ b/cmd/kubernetes_options.go
@ -0,0 +1,31 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cmd
+
+import flag "github.com/spf13/pflag"
+
+var kubernetesOptions = &KubeOptions{}
+
+type KubeOptions struct {
+	RunAsUser       int64  `json:"runAsUser,omitempty" protobuf:"varint,2,opt,name=runAsUser" default:"0"`
+	Namespace       string `validate:"required" name:"namespace" default:"default"`
+	ImagePullSecret string `validate:"omitempty" name:"image-pull-secret" default:""`
+}
+
+func addKubernetesFlags(flags *flag.FlagSet) {
+	flags.StringVarP(&kubernetesOptions.Namespace, "namespace", "n", "default", "If present, the namespace scope for the pods and its config ")
+	flags.Int64Var(&kubernetesOptions.RunAsUser, "run-as-user", 0, "Pods runner user")
+	flags.StringVar(&kubernetesOptions.ImagePullSecret, "image-pull-secret", "", "ImagePullSecret")
+}
--- a/cmd/local.go
+++ b/cmd/local.go
@ -0,0 +1,81 @@
+package cmd
+
+import (
+	"bytes"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+type localCmdOptions struct {
+	useDKMS         bool
+	downloadHeaders bool
+	srcDir          string
+	envMap          map[string]string
+}
+
+// NewLocalCmd creates the `driverkit local` command.
+func NewLocalCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
+	opts := localCmdOptions{}
+	localCmd := &cobra.Command{
+		Use:   "local",
+		Short: "Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.",
+		RunE: func(c *cobra.Command, args []string) error {
+			configOpts.Printer.Logger.Info("starting build",
+				configOpts.Printer.Logger.Args("processor", c.Name()))
+			if !configOpts.dryRun {
+				if !rootOpts.Output.HasOutputs() {
+					configOpts.Printer.Logger.Info("no output specified")
+					return nil
+				}
+				// Since we use a spinner, cache log data to a bytesbuffer;
+				// we will later print it once we stop the spinner.
+				var b *builder.Build
+				if configOpts.disableStyling {
+					b = rootOpts.ToBuild(configOpts.Printer)
+				} else {
+					var buf bytes.Buffer
+					b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
+					configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
+					defer func() {
+						configOpts.Printer.DefaultText.Print(buf.String())
+					}()
+				}
+				return driverbuilder.NewLocalBuildProcessor(opts.useDKMS,
+					opts.downloadHeaders,
+					false,
+					opts.srcDir,
+					opts.envMap,
+					configOpts.Timeout).Start(b)
+			}
+			return nil
+		},
+	}
+	// Add root flags, but not the ones unneeded
+	unusedFlagsSet := map[string]struct{}{
+		"architecture":        {},
+		"kernelurls":          {},
+		"builderrepo":         {},
+		"builderimage":        {},
+		"gccversion":          {},
+		"kernelconfigdata":    {},
+		"proxy":               {},
+		"registry-name":       {},
+		"registry-password":   {},
+		"registry-plain-http": {},
+		"registry-user":       {},
+	}
+	flagSet := pflag.NewFlagSet("local", pflag.ExitOnError)
+	rootFlags.VisitAll(func(flag *pflag.Flag) {
+		if _, ok := unusedFlagsSet[flag.Name]; !ok {
+			flagSet.AddFlag(flag)
+		}
+	})
+	flagSet.BoolVar(&opts.useDKMS, "dkms", false, "Enforce usage of DKMS to build the kernel module.")
+	flagSet.BoolVar(&opts.downloadHeaders, "download-headers", false, "Try to automatically download kernel headers.")
+	flagSet.StringVar(&opts.srcDir, "src-dir", "", "Enforce usage of local source dir to build drivers.")
+	flagSet.StringToStringVar(&opts.envMap, "env", make(map[string]string), "Env variables to be enforced during the driver build.")
+	localCmd.PersistentFlags().AddFlagSet(flagSet)
+	return localCmd
+}
--- a/cmd/root.go
+++ b/cmd/root.go
@ -1,6 +1,21 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd

 import (
+	"errors"
 	"fmt"
 	"io"
 	"os"
@ -8,20 +23,21 @@ import (
 	"strings"

 	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 	"github.com/falcosecurity/driverkit/pkg/version"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"

-	homedir "github.com/mitchellh/go-homedir"
-	logger "github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
 )

-func persistentValidateFunc(rootCommand *RootCmd, rootOpts *RootOptions) func(c *cobra.Command, args []string) error {
+func persistentValidateFunc(rootCommand *RootCmd, configOpts *ConfigOptions, rootOpts *RootOptions) func(c *cobra.Command, args []string) error {
 	return func(c *cobra.Command, args []string) error {
+		var validationError = errors.New("exiting for validation errors")
+		configErr := configOpts.Init()
 		// Early exit if detect some error into config flags
-		if configOptions.configErrors {
-			return fmt.Errorf("exiting for validation errors")
+		if configErr {
+			return validationError
 		}
 		// Merge environment variables or config file values into the RootOptions instance
 		skip := map[string]bool{ // do not merge these
@ -37,16 +53,31 @@ func persistentValidateFunc(rootCommand *RootCmd, rootOpts *RootOptions) func(c
 		}
 		rootCommand.c.Flags().VisitAll(func(f *pflag.Flag) {
 			if name := f.Name; !skip[name] {
-				value := viper.GetString(name)
-				if value == "" {
-					// fallback to nested options in config file, if any
-					if nestedName, ok := nested[name]; ok {
-						value = viper.GetString(nestedName)
+				if name == "kernelurls" {
+					// Slice types need special treatment when used as flags. If we call 'Set(name, value)',
+					// rather than replace, it appends. Since viper will already have the cli options set
+					// if supplied, we only need this step if rootCommand doesn't already have them e.g.
+					// not set on CLI so read from config.
+					if cliURLs, err := rootCommand.c.Flags().GetStringSlice(name); err == nil && len(cliURLs) != 0 {
+						return
+					}
+					value := viper.GetStringSlice(name)
+					if len(value) != 0 {
+						strValue := strings.Join(value, ",")
+						_ = rootCommand.c.Flags().Set(name, strValue)
+					}
+				} else {
+					value := viper.GetString(name)
+					if value == "" {
+						// fallback to nested options in config file, if any
+						if nestedName, ok := nested[name]; ok {
+							value = viper.GetString(nestedName)
+						}
+					}
+					// set the value, if any, otherwise let the default
+					if value != "" {
+						_ = rootCommand.c.Flags().Set(name, value)
 					}
-				}
-				// set the value, if any, otherwise let the default
-				if value != "" {
-					rootCommand.c.Flags().Set(name, value)
 				}
 			}
 		})
@ -58,11 +89,12 @@ func persistentValidateFunc(rootCommand *RootCmd, rootOpts *RootOptions) func(c
 		if c.Root() != c && c.Name() != "help" && c.Name() != "__complete" && c.Name() != "__completeNoDesc" && c.Name() != "completion" {
 			if errs := rootOpts.Validate(); errs != nil {
 				for _, err := range errs {
-					logger.WithError(err).Error("error validating build options")
+					configOpts.Printer.Logger.Error("error validating build options",
+						configOpts.Printer.Logger.Args("err", err.Error()))
 				}
-				return fmt.Errorf("exiting for validation errors")
+				return validationError
 			}
-			rootOpts.Log()
+			rootOpts.Log(configOpts.Printer)
 		}
 		return nil
 	}
@ -74,9 +106,7 @@ type RootCmd struct {
 }

 // NewRootCmd instantiates the root command.
-func NewRootCmd() *RootCmd {
-	configOptions = NewConfigOptions()
-	rootOpts := NewRootOptions()
+func NewRootCmd(configOpts *ConfigOptions, rootOpts *RootOptions) *RootCmd {
 	rootCmd := &cobra.Command{
 		Use:                   "driverkit",
 		Short:                 "A command line tool to build Falco kernel modules and eBPF probes.",
@ -85,52 +115,51 @@ func NewRootCmd() *RootCmd {
 		Args:                  cobra.OnlyValidArgs,
 		DisableFlagsInUseLine: true,
 		DisableAutoGenTag:     true,
+		SilenceErrors:         true,
+		SilenceUsage:          true,
 		Version:               version.String(),
-		Run: func(c *cobra.Command, args []string) {
+		RunE: func(c *cobra.Command, args []string) error {
 			if len(args) == 0 {
-				logger.WithField("processors", validProcessors).Info("specify a valid processor")
+				configOpts.Printer.Logger.Info("specify a valid processor", configOpts.Printer.Logger.Args("processors", validProcessors))
 			}
 			// Fallback to help
-			c.Help()
+			return c.Help()
 		},
 	}
 	ret := &RootCmd{
 		c: rootCmd,
 	}

-	rootCmd.PersistentPreRunE = persistentValidateFunc(ret, rootOpts)
+	rootCmd.PersistentPreRunE = persistentValidateFunc(ret, configOpts, rootOpts)

 	flags := rootCmd.Flags()

-	flags.StringVarP(&configOptions.ConfigFile, "config", "c", configOptions.ConfigFile, "config file path (default $HOME/.driverkit.yaml if exists)")
-	flags.StringVarP(&configOptions.LogLevel, "loglevel", "l", configOptions.LogLevel, "log level")
-	flags.IntVar(&configOptions.Timeout, "timeout", configOptions.Timeout, "timeout in seconds")
-	flags.BoolVar(&configOptions.DryRun, "dryrun", configOptions.DryRun, "do not actually perform the action")
-	flags.StringVar(&configOptions.ProxyURL, "proxy", configOptions.ProxyURL, "the proxy to use to download data")
+	targets := builder.Targets()
+	sort.Strings(targets)

-	flags.StringVar(&rootOpts.Output.Module, "output-module", rootOpts.Output.Module, "filepath where to save the resulting kernel module")
-	flags.StringVar(&rootOpts.Output.Probe, "output-probe", rootOpts.Output.Probe, "filepath where to save the resulting eBPF probe")
-	flags.StringVar(&rootOpts.DriverVersion, "driverversion", rootOpts.DriverVersion, "driver version as a git commit hash or as a git tag")
-	flags.Uint16Var(&rootOpts.KernelVersion, "kernelversion", rootOpts.KernelVersion, "kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v'")
-	flags.StringVar(&rootOpts.KernelRelease, "kernelrelease", rootOpts.KernelRelease, "kernel release to build the module for, it can be found by executing 'uname -v'")
-	flags.StringVarP(&rootOpts.Target, "target", "t", rootOpts.Target, "the system to target the build for")
-	flags.StringVar(&rootOpts.KernelConfigData, "kernelconfigdata", rootOpts.KernelConfigData, "base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc")
-	flags.StringVar(&rootOpts.ModuleDeviceName, "moduledevicename", rootOpts.ModuleDeviceName, "kernel module device name (the default is falco, so the device will be under /dev/falco*)")
-	flags.StringVar(&rootOpts.ModuleDriverName, "moduledrivername", rootOpts.ModuleDriverName, "kernel module driver name, i.e. the name you see when you check installed modules via lsmod")
-	viper.BindPFlags(flags)
+	configOpts.AddFlags(flags)
+	rootOpts.AddFlags(flags, targets)
+
+	if err := viper.BindPFlags(flags); err != nil {
+		panic(err)
+	}

 	// Flag annotations and custom completions
-	rootCmd.MarkFlagFilename("config", viper.SupportedExts...)
-	rootCmd.RegisterFlagCompletionFunc("target", func(c *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		targets := builder.BuilderByTarget.Targets()
-		sort.Strings(targets)
+	_ = rootCmd.MarkFlagFilename("config", viper.SupportedExts...)
+	_ = rootCmd.RegisterFlagCompletionFunc("target", func(c *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		return targets, cobra.ShellCompDirectiveDefault
 	})
+	_ = rootCmd.RegisterFlagCompletionFunc("architecture", func(c *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+		return kernelrelease.SupportedArchs.Strings(), cobra.ShellCompDirectiveDefault
+	})

 	// Subcommands
-	rootCmd.AddCommand(NewKubernetesCmd(rootOpts, flags))
-	rootCmd.AddCommand(NewDockerCmd(rootOpts, flags))
-	rootCmd.AddCommand(NewCompletionCmd())
+	rootCmd.AddCommand(NewKubernetesCmd(configOpts, rootOpts, flags))
+	rootCmd.AddCommand(NewKubernetesInClusterCmd(configOpts, rootOpts, flags))
+	rootCmd.AddCommand(NewDockerCmd(configOpts, rootOpts, flags))
+	rootCmd.AddCommand(NewLocalCmd(configOpts, rootOpts, flags))
+	rootCmd.AddCommand(NewImagesCmd(configOpts, rootOpts, flags))
+	rootCmd.AddCommand(NewCompletionCmd(configOpts, rootOpts, flags))

 	ret.StripSensitive()

@ -159,16 +188,15 @@ func (r *RootCmd) Command() *cobra.Command {
 	return r.c
 }

+// SetArgs proxies the arguments to the underlying cobra.Command.
+func (r *RootCmd) SetArgs(args []string) {
+	r.c.SetArgs(args)
+}
+
 // SetOutput sets the main command output writer.
 func (r *RootCmd) SetOutput(w io.Writer) {
 	r.c.SetOut(w)
 	r.c.SetErr(w)
-	logger.SetOutput(w)
-}
-
-// SetArgs proxies the arguments to the underlying cobra.Command.
-func (r *RootCmd) SetArgs(args []string) {
-	r.c.SetArgs(args)
 }

 // Execute proxies the cobra.Command execution.
@ -178,59 +206,30 @@ func (r *RootCmd) Execute() error {

 // Start creates the root command and runs it.
 func Start() {
-	root := NewRootCmd()
-	if err := root.Execute(); err != nil {
-		logger.WithError(err).Fatal("error executing driverkit")
-	}
-}
-
-func init() {
-	logger.SetFormatter(&logger.TextFormatter{
-		ForceColors:            true,
-		DisableLevelTruncation: false,
-		DisableTimestamp:       true,
-	})
-
-	cobra.OnInitialize(initConfig)
-}
-
-// initConfig reads in config file and ENV variables if set.
-func initConfig() {
-	if errs := configOptions.Validate(); errs != nil {
-		for _, err := range errs {
-			logger.WithError(err).Error("error validating config options")
-		}
-		// configOptions.configErrors should be true here
-	}
-	if configOptions.ConfigFile != "" {
-		viper.SetConfigFile(configOptions.ConfigFile)
-	} else {
-		// Find home directory.
-		home, err := homedir.Dir()
-		if err != nil {
-			logger.WithError(err).Debug("error getting the home directory")
-			// not setting configOptions.configErrors = true because we fallback to `$HOME/.driverkit.yaml` and try with it
-		}
-
-		viper.AddConfigPath(home)
-		viper.SetConfigName(".driverkit")
-	}
-
-	viper.AutomaticEnv()
-	viper.SetEnvPrefix("driverkit")
-	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
-
-	// If a config file is found, read it in.
-	if err := viper.ReadInConfig(); err == nil {
-		logger.WithField("file", viper.ConfigFileUsed()).Info("using config file")
-	} else {
-		if _, ok := err.(viper.ConfigFileNotFoundError); ok {
-			// Config file not found, ignore ...
-			logger.Debug("running without a configuration file")
+	configOpts, err := NewConfigOptions()
+	if err != nil {
+		// configOpts will never be nil here
+		if configOpts != nil {
+			configOpts.Printer.Logger.Fatal("error setting driverkit config options defaults",
+				configOpts.Printer.Logger.Args("err", err.Error()))
 		} else {
-			// Config file was found but another error was produced
-			logger.WithField("file", viper.ConfigFileUsed()).WithError(err).Debug("error running with config file")
-			configOptions.configErrors = true
+			os.Exit(1)
 		}
 	}
+	rootOpts, err := NewRootOptions()
+	if err != nil {
+		configOpts.Printer.Logger.Fatal("error setting driverkit root options defaults",
+			configOpts.Printer.Logger.Args("err", err.Error()))
+	}
+
+	// Cleanup spinner upon leaving if any
+	defer func() {
+		if configOpts.Printer.Spinner != nil {
+			_ = configOpts.Printer.Spinner.Stop()
+		}
+	}()
+	root := NewRootCmd(configOpts, rootOpts)
+	if err = root.Execute(); err != nil {
+		configOpts.Printer.Logger.Fatal("error executing driverkit", configOpts.Printer.Logger.Args("err", err.Error()))
+	}
 }
--- a/cmd/root_options.go
+++ b/cmd/root_options.go
@ -1,13 +1,32 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd

 import (
-	"fmt"
+	"errors"
+	"github.com/falcosecurity/falcoctl/pkg/output"
+	"github.com/spf13/pflag"
+	"os"
+	"runtime"
+	"strings"

 	"github.com/creasty/defaults"
 	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 	"github.com/falcosecurity/driverkit/validate"
 	"github.com/go-playground/validator/v10"
-	logger "github.com/sirupsen/logrus"
 )

 // OutputOptions wraps the two drivers that driverkit builds.
@ -16,17 +35,39 @@ type OutputOptions struct {
 	Probe  string `validate:"required_without=Module,filepath,omitempty,endswith=.o" name:"output probe path"`
 }

+func (oo *OutputOptions) HasOutputs() bool {
+	return oo.Module != "" || oo.Probe != ""
+}
+
+type RepoOptions struct {
+	Org  string `default:"falcosecurity" name:"organization name"`
+	Name string `default:"libs" name:"repo name"`
+}
+
+type Registry struct {
+	Name      string `validate:"required_with=Username Password" name:"registry name"`
+	Username  string `validate:"required_with=Registry Password" name:"registry username"`
+	Password  string `validate:"required_with=Username Registry" name:"registry password"`
+	PlainHTTP bool   `default:"false" name:"registry plain http"`
+}
+
 // RootOptions ...
 type RootOptions struct {
-	Architecture     string `default:"x86_64" validate:"required,oneof=x86_64" name:"architecture"`
-	DriverVersion    string `default:"master" validate:"eq=master|sha1|semver" name:"driver version"`
-	KernelVersion    uint16 `default:"1" validate:"omitempty,number" name:"kernel version"`
-	ModuleDriverName string `default:"falco" validate:"max=60" name:"kernel module driver name"`
-	ModuleDeviceName string `default:"falco" validate:"excludes=/,max=255" name:"kernel module device name"`
-	KernelRelease    string `validate:"required,ascii" name:"kernel release"`
-	Target           string `validate:"required,target" name:"target"`
-	KernelConfigData string `validate:"omitempty,base64" name:"kernel config data"` // fixme > tag "name" does not seem to work when used at struct level, but works when used at inner level
+	Architecture     string   `validate:"required,architecture" name:"architecture"`
+	DriverVersion    string   `default:"master" validate:"eq=master|sha1|semver" name:"driver version"`
+	KernelVersion    string   `default:"1" validate:"omitempty" name:"kernel version"`
+	ModuleDriverName string   `default:"falco" validate:"max=60" name:"kernel module driver name"`
+	ModuleDeviceName string   `default:"falco" validate:"excludes=/,max=255" name:"kernel module device name"`
+	KernelRelease    string   `validate:"required,ascii" name:"kernel release"`
+	Target           string   `validate:"required,target" name:"target"`
+	KernelConfigData string   `validate:"omitempty,base64" name:"kernel config data"` // fixme > tag "name" does not seem to work when used at struct level, but works when used at inner level
+	BuilderImage     string   `validate:"omitempty,imagename" name:"builder image"`
+	BuilderRepos     []string `default:"[\"docker.io/falcosecurity/driverkit-builder\"]" validate:"omitempty" name:"docker repositories to look for builder images or absolute path pointing to a yaml file containing builder images index"`
+	GCCVersion       string   `validate:"omitempty,semvertolerant" name:"gcc version"`
+	KernelUrls       []string `name:"kernel header urls"`
+	Repo             RepoOptions
 	Output           OutputOptions
+	Registry         Registry
 }

 func init() {
@ -34,74 +75,146 @@ func init() {
 }

 // NewRootOptions ...
-func NewRootOptions() *RootOptions {
+func NewRootOptions() (*RootOptions, error) {
 	rootOpts := &RootOptions{}
 	if err := defaults.Set(rootOpts); err != nil {
-		logger.WithError(err).WithField("options", "RootOptions").Fatal("error setting driverkit options defaults")
+		return nil, err
 	}
-	return rootOpts
+	return rootOpts, nil
 }

 // Validate validates the RootOptions fields.
 func (ro *RootOptions) Validate() []error {
 	if err := validate.V.Struct(ro); err != nil {
-		errors := err.(validator.ValidationErrors)
+		var errs validator.ValidationErrors
+		errors.As(err, &errs)
 		errArr := []error{}
-		for _, e := range errors {
+		for _, e := range errs {
 			// Translate each error one at a time
-			errArr = append(errArr, fmt.Errorf(e.Translate(validate.T)))
+			errArr = append(errArr, errors.New(e.Translate(validate.T)))
 		}
 		return errArr
 	}
+
+	// check that the kernel versions supports at least one of probe and module
+	kr := kernelrelease.FromString(ro.KernelRelease)
+	kr.Architecture = kernelrelease.Architecture(ro.Architecture)
+	if !kr.SupportsModule() && !kr.SupportsProbe() {
+		return []error{errors.New("both module and probe are not supported by given options")}
+	}
+
 	return nil
 }

+func (ro *RootOptions) AddFlags(flags *pflag.FlagSet, targets []string) {
+	flags.StringVar(&ro.Output.Module, "output-module", ro.Output.Module, "filepath where to save the resulting kernel module")
+	flags.StringVar(&ro.Output.Probe, "output-probe", ro.Output.Probe, "filepath where to save the resulting eBPF probe")
+	flags.StringVar(&ro.Architecture, "architecture", runtime.GOARCH, "target architecture for the built driver, one of "+kernelrelease.SupportedArchs.String())
+	flags.StringVar(&ro.DriverVersion, "driverversion", ro.DriverVersion, "driver version as a git commit hash or as a git tag")
+	flags.StringVar(&ro.KernelVersion, "kernelversion", ro.KernelVersion, "kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v'")
+	flags.StringVar(&ro.KernelRelease, "kernelrelease", ro.KernelRelease, "kernel release to build the module for, it can be found by executing 'uname -v'")
+	flags.StringVarP(&ro.Target, "target", "t", ro.Target, "the system to target the build for, one of ["+strings.Join(targets, ",")+"]")
+	flags.StringVar(&ro.KernelConfigData, "kernelconfigdata", ro.KernelConfigData, "base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc")
+	flags.StringVar(&ro.ModuleDeviceName, "moduledevicename", ro.ModuleDeviceName, "kernel module device name (the default is falco, so the device will be under /dev/falco*)")
+	flags.StringVar(&ro.ModuleDriverName, "moduledrivername", ro.ModuleDriverName, "kernel module driver name, i.e. the name you see when you check installed modules via lsmod")
+	flags.StringVar(&ro.BuilderImage, "builderimage", ro.BuilderImage, "docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.")
+	flags.StringSliceVar(&ro.BuilderRepos, "builderrepo", ro.BuilderRepos, "list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'.")
+	flags.StringVar(&ro.GCCVersion, "gccversion", ro.GCCVersion, "enforce a specific gcc version for the build")
+
+	flags.StringSliceVar(&ro.KernelUrls, "kernelurls", nil, "list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls \"<URL3>,<URL4>\")")
+
+	flags.StringVar(&ro.Repo.Org, "repo-org", ro.Repo.Org, "repository github organization")
+	flags.StringVar(&ro.Repo.Name, "repo-name", ro.Repo.Name, "repository github name")
+
+	flags.StringVar(&ro.Registry.Name, "registry-name", ro.Registry.Name, "registry name to which authenticate")
+	flags.StringVar(&ro.Registry.Username, "registry-user", ro.Registry.Username, "registry username")
+	flags.StringVar(&ro.Registry.Password, "registry-password", ro.Registry.Password, "registry password")
+	flags.BoolVar(&ro.Registry.PlainHTTP, "registry-plain-http", ro.Registry.PlainHTTP, "allows interacting with remote registry via plain http requests")
+}
+
 // Log emits a log line containing the receiving RootOptions for debugging purposes.
 //
 // Call it only after validation.
-func (ro *RootOptions) Log() {
-	fields := logger.Fields{}
-	if ro.Output.Module != "" {
-		fields["output-module"] = ro.Output.Module
-	}
-	if ro.Output.Probe != "" {
-		fields["output-probe"] = ro.Output.Probe
-
-	}
-	if ro.DriverVersion != "" {
-		fields["driverversion"] = ro.DriverVersion
-	}
-	if ro.KernelRelease != "" {
-		fields["kernelrelease"] = ro.KernelRelease
-	}
-	if ro.KernelVersion > 0 {
-		fields["kernelversion"] = ro.KernelVersion
-	}
-	if ro.Target != "" {
-		fields["target"] = ro.Target
-	}
-
-	logger.WithFields(fields).Debug("running with options")
+func (ro *RootOptions) Log(printer *output.Printer) {
+	printer.Logger.Debug("running with options",
+		printer.Logger.Args(
+			"output-module", ro.Output.Module,
+			"output-probe", ro.Output.Probe,
+			"driverversion", ro.DriverVersion,
+			"kernelrelease", ro.KernelRelease,
+			"kernelversion", ro.KernelVersion,
+			"target", ro.Target,
+			"arch", ro.Architecture,
+			"kernelurls", ro.KernelUrls,
+			"repo-org", ro.Repo.Org,
+			"repo-name", ro.Repo.Name,
+		))
 }

-func (ro *RootOptions) toBuild() *builder.Build {
+func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build {
 	kernelConfigData := ro.KernelConfigData
 	if len(kernelConfigData) == 0 {
 		kernelConfigData = "bm8tZGF0YQ==" // no-data
 	}

-	return &builder.Build{
-		TargetType:       builder.Type(ro.Target),
-		DriverVersion:    ro.DriverVersion,
-		KernelVersion:    ro.KernelVersion,
-		KernelRelease:    ro.KernelRelease,
-		Architecture:     ro.Architecture,
-		KernelConfigData: kernelConfigData,
-		ModuleFilePath:   ro.Output.Module,
-		ProbeFilePath:    ro.Output.Probe,
-		ModuleDriverName: ro.ModuleDriverName,
-		ModuleDeviceName: ro.ModuleDeviceName,
+	build := &builder.Build{
+		TargetType:        builder.Type(ro.Target),
+		DriverVersion:     ro.DriverVersion,
+		KernelVersion:     ro.KernelVersion,
+		KernelRelease:     ro.KernelRelease,
+		Architecture:      ro.Architecture,
+		KernelConfigData:  kernelConfigData,
+		ModuleFilePath:    ro.Output.Module,
+		ProbeFilePath:     ro.Output.Probe,
+		ModuleDriverName:  ro.ModuleDriverName,
+		ModuleDeviceName:  ro.ModuleDeviceName,
+		GCCVersion:        ro.GCCVersion,
+		BuilderImage:      ro.BuilderImage,
+		BuilderRepos:      ro.BuilderRepos,
+		KernelUrls:        ro.KernelUrls,
+		RepoOrg:           ro.Repo.Org,
+		RepoName:          ro.Repo.Name,
+		Images:            make(builder.ImagesMap),
+		RegistryName:      ro.Registry.Name,
+		RegistryUser:      ro.Registry.Username,
+		RegistryPassword:  ro.Registry.Password,
+		RegistryPlainHTTP: ro.Registry.PlainHTTP,
+		Printer:           printer,
 	}
+
+	// loop over BuilderRepos to build the list ImagesListers based on the value of the builderRepo:
+	// if it's a local path use FileImagesLister, otherwise use RepoImagesLister
+	var (
+		imageLister builder.ImagesLister
+		err         error
+	)
+	for _, builderRepo := range build.BuilderRepos {
+		if _, err = os.Stat(builderRepo); err == nil {
+			imageLister, err = builder.NewFileImagesLister(builderRepo, build)
+		} else {
+			imageLister, err = builder.NewRepoImagesLister(builderRepo, build)
+		}
+		if err != nil {
+			printer.Logger.Warn("skipping repo",
+				printer.Logger.Args("repo", builderRepo, "err", err.Error()))
+		} else {
+			build.ImagesListers = append(build.ImagesListers, imageLister)
+		}
+	}
+
+	// attempt the build in case it comes from an invalid config
+	kr := build.KernelReleaseFromBuildConfig()
+	if len(build.ModuleFilePath) > 0 && !kr.SupportsModule() {
+		build.ModuleFilePath = ""
+		printer.Logger.Warn("skipping build attempt of module for unsupported kernel release",
+			printer.Logger.Args("kernelrelease", kr.String()))
+	}
+	if len(build.ProbeFilePath) > 0 && !kr.SupportsProbe() {
+		build.ProbeFilePath = ""
+		printer.Logger.Warn("skipping build attempt of probe for unsupported kernel release",
+			printer.Logger.Args("kernelrelease", kr.String()))
+	}
+	return build
 }

 // RootOptionsLevelValidation validates KernelConfigData and Target at the same time.
@ -110,11 +223,20 @@ func (ro *RootOptions) toBuild() *builder.Build {
 func RootOptionsLevelValidation(level validator.StructLevel) {
 	opts := level.Current().Interface().(RootOptions)

-	if len(opts.KernelConfigData) == 0 && opts.Target == builder.TargetTypeVanilla.String() {
-		level.ReportError(opts.KernelConfigData, "kernelConfigData", "KernelConfigData", "required_kernelconfigdata_with_target_vanilla", "")
+	if opts.Target == builder.TargetTypeVanilla.String() ||
+		opts.Target == builder.TargetTypeMinikube.String() ||
+		opts.Target == builder.TargetTypeFlatcar.String() {
+		if len(opts.KernelConfigData) == 0 {
+			level.ReportError(opts.KernelConfigData, "kernelConfigData", "KernelConfigData", "required_kernelconfigdata_with_target_vanilla", "")
+		}
 	}

-	if opts.KernelVersion == 0 && (opts.Target == builder.TargetTypeUbuntuAWS.String() || opts.Target == builder.TargetTypeUbuntuGeneric.String()) {
+	if opts.KernelVersion == "" && (opts.Target == builder.TargetTypeUbuntu.String()) {
 		level.ReportError(opts.KernelVersion, "kernelVersion", "KernelVersion", "required_kernelversion_with_target_ubuntu", "")
 	}
+
+	// Target redhat requires a valid build image (has to be registered in order to download packages)
+	if opts.Target == builder.TargetTypeRedhat.String() && opts.BuilderImage == "" {
+		level.ReportError(opts.BuilderImage, "builderimage", "builderimage", "required_builderimage_with_target_redhat", "")
+	}
 }
--- a/cmd/testdata/autohelp.txt
+++ b/cmd/testdata/autohelp.txt
@ -1,32 +1,12 @@
-INFO specify a valid processor                     processors="[docker kubernetes]"
-A command line tool to build Falco kernel modules and eBPF probes.
+INFO  specify a valid processor
+    └ processors: [docker kubernetes kubernetes-in-cluster local]
+{{ .Desc }}

-Usage:
-  driverkit
-  driverkit [command]
+{{ .Usage }}

-Available Commands:
-  completion  Generates completion scripts.
-  docker      Build Falco kernel modules and eBPF probes against a docker daemon.
-  help        Help about any command
-  kubernetes  Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
+{{ .Commands }}

-Flags:
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for driverkit
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 60)
-  -v, --version                   version for driverkit
+{{ .Flags }}
+  -v, --version                    version for driverkit

-Use "driverkit [command] --help" for more information about a command.
+{{ .Info }}
--- a/cmd/testdata/completion-targets.txt
+++ b/cmd/testdata/completion-targets.txt
@ -1,10 +1,3 @@
-amazonlinux
-amazonlinux2
-centos
-debian
-rocky
-ubuntu-aws
-ubuntu-generic
-vanilla
+{{ .TargetsVerticalList }}
 :0
 Completion ended with directive: ShellCompDirectiveDefault
--- a/cmd/testdata/configs/1.yaml
+++ b/cmd/testdata/configs/1.yaml
@ -3,4 +3,5 @@ kernelversion: 59
 target: ubuntu-aws
 output:
    module: /tmp/falco-ubuntu-aws.ko
+    probe: /tmp/falco-ubuntu-aws.o
 driverversion: master
--- a/cmd/testdata/configs/2.yaml
+++ b/cmd/testdata/configs/2.yaml
@ -0,0 +1,11 @@
+kernelrelease: 4.15.0-1057-aws
+kernelversion: 59
+kernelurls: [
+    "https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb",
+    "https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb",
+]
+target: ubuntu-aws
+output:
+    module: /tmp/falco-ubuntu-aws.ko
+    probe: /tmp/falco-ubuntu-aws.o
+driverversion: master
--- a/cmd/testdata/docker-from-config-debug.txt
+++ b/cmd/testdata/docker-from-config-debug.txt
@ -1,3 +1,13 @@
-INFO using config file                             file=testdata/configs/1.yaml
-DEBU running with options                          driverversion=master kernelrelease=4.15.0-1057-aws kernelversion=59 output-module=/tmp/falco-ubuntu-aws.ko target=ubuntu-aws
-INFO driver building, it will take a few seconds   processor=docker
+INFO  using config file file: testdata/configs/1.yaml
+DEBUG running with options
+    ├ output-module: /tmp/falco-ubuntu-aws.ko
+    ├ output-probe: /tmp/falco-ubuntu-aws.o
+    ├ driverversion: master
+    ├ kernelrelease: 4.15.0-1057-aws
+    ├ kernelversion: 59
+    ├ target: ubuntu-aws
+    ├ arch: {{ .CurrentArch }}
+    ├ kernelurls: []
+    ├ repo-org: falcosecurity
+    └ repo-name: libs
+INFO  starting build processor: docker
--- a/cmd/testdata/docker-override-from-config-debug.txt
+++ b/cmd/testdata/docker-override-from-config-debug.txt
@ -1,3 +1,13 @@
-INFO using config file                             file=testdata/configs/1.yaml
-DEBU running with options                          driverversion=master kernelrelease=4.15.0-1057-aws kernelversion=229 output-module=/tmp/override.ko target=ubuntu-aws
-INFO driver building, it will take a few seconds   processor=docker
+INFO  using config file file: testdata/configs/1.yaml
+DEBUG running with options
+    ├ output-module: /tmp/override.ko
+    ├ output-probe: /tmp/falco-ubuntu-aws.o
+    ├ driverversion: master
+    ├ kernelrelease: 4.15.0-1057-aws
+    ├ kernelversion: 229
+    ├ target: ubuntu-aws
+    ├ arch: {{ .CurrentArch }}
+    ├ kernelurls: []
+    ├ repo-org: falcosecurity
+    └ repo-name: libs
+INFO  starting build processor: docker
--- a/cmd/testdata/docker-override-urls-from-config-debug.txt
+++ b/cmd/testdata/docker-override-urls-from-config-debug.txt
@ -0,0 +1,13 @@
+INFO  using config file file: testdata/configs/2.yaml
+DEBUG running with options
+    ├ output-module: /tmp/falco-ubuntu-aws.ko
+    ├ output-probe: /tmp/falco-ubuntu-aws.o
+    ├ driverversion: master
+    ├ kernelrelease: 4.15.0-1057-aws
+    ├ kernelversion: 59
+    ├ target: ubuntu-aws
+    ├ arch: {{ .CurrentArch }}
+    ├ kernelurls: [https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb]
+    ├ repo-org: falcosecurity
+    └ repo-name: libs
+INFO  starting build processor: docker
--- a/cmd/testdata/docker-related-target-debug.txt
+++ b/cmd/testdata/docker-related-target-debug.txt
@ -0,0 +1,13 @@
+DEBUG running without a configuration file 
+DEBUG running with options
+    ├ output-module: /tmp/falco-ubuntu-azure.ko
+    ├ output-probe: /tmp/falco-ubuntu-aws.o
+    ├ driverversion: master
+    ├ kernelrelease: 4.15.0-1057-azure
+    ├ kernelversion: 62
+    ├ target: ubuntu-azure
+    ├ arch: {{ .CurrentArch }}
+    ├ kernelurls: [http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-azure-headers-4.15.0-1057_4.15.0-1057.62_all.deb http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-headers-4.15.0-1057-azure_4.15.0-1057.62_amd64.deb]
+    ├ repo-org: falcosecurity
+    └ repo-name: libs
+INFO  starting build processor: docker
--- a/cmd/testdata/docker-target-redhat-validation-error-debug.txt
+++ b/cmd/testdata/docker-target-redhat-validation-error-debug.txt
@ -0,0 +1,4 @@
+DEBUG running without a configuration file 
+ERROR error validating build options
+    └ err: builder image is a required field when target is redhat
+ERROR error executing driverkit err: exiting for validation errors
--- a/cmd/testdata/docker-with-flags-debug.txt
+++ b/cmd/testdata/docker-with-flags-debug.txt
@ -1,3 +1,13 @@
-DEBU running without a configuration file         
-DEBU running with options                          driverversion=master kernelrelease=4.15.0-1057-aws kernelversion=59 output-module=/tmp/falco-ubuntu-aws.ko target=ubuntu-aws
-INFO driver building, it will take a few seconds   processor=docker
+DEBUG running without a configuration file 
+DEBUG running with options
+    ├ output-module: /tmp/falco-ubuntu-aws.ko
+    ├ output-probe: /tmp/falco-ubuntu-aws.o
+    ├ driverversion: master
+    ├ kernelrelease: 4.15.0-1057-aws
+    ├ kernelversion: 59
+    ├ target: ubuntu-aws
+    ├ arch: {{ .CurrentArch }}
+    ├ kernelurls: [https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb]
+    ├ repo-org: falcosecurity
+    └ repo-name: libs
+INFO  starting build processor: docker
--- a/cmd/testdata/docker-with-flags.txt
+++ b/cmd/testdata/docker-with-flags.txt
@ -1 +1 @@
-INFO driver building, it will take a few seconds   processor=docker
+INFO  starting build processor: docker
--- a/cmd/testdata/dockernoopts.txt
+++ b/cmd/testdata/dockernoopts.txt
@ -1,25 +1,7 @@
-ERRO error validating build options                error="kernel release is a required field"
-ERRO error validating build options                error="target is a required field"
-ERRO error validating build options                error="output module path is required when probe is missing"
-ERRO error validating build options                error="output probe path is required when module is missing"
-Error: exiting for validation errors
-Usage:
-  driverkit docker [flags]
-
-Flags:
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for docker
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 60)
-
+ERROR error validating build options err: kernel release is a required field
+ERROR error validating build options err: target is a required field
+ERROR error validating build options
+    └ err: output module path is required when probe is missing
+ERROR error validating build options
+    └ err: output probe path is required when module is missing
+ERROR error executing driverkit err: exiting for validation errors
--- a/cmd/testdata/help-flag.txt
+++ b/cmd/testdata/help-flag.txt
@ -1,31 +1,10 @@
-A command line tool to build Falco kernel modules and eBPF probes.
+{{ .Desc }}

-Usage:
-  driverkit
-  driverkit [command]
+{{ .Usage }}

-Available Commands:
-  completion  Generates completion scripts.
-  docker      Build Falco kernel modules and eBPF probes against a docker daemon.
-  help        Help about any command
-  kubernetes  Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
+{{ .Commands }}

-Flags:
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for driverkit
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 60)
-  -v, --version                   version for driverkit
+{{ .Flags }}
+  -v, --version                    version for driverkit

-Use "driverkit [command] --help" for more information about a command.
+{{ .Info }}
--- a/cmd/testdata/help.txt
+++ b/cmd/testdata/help.txt
@ -1,30 +1,10 @@
-A command line tool to build Falco kernel modules and eBPF probes.
+{{ .Desc }}

-Usage:
-  driverkit
-  driverkit [command]
+{{ .Usage }}

-Available Commands:
-  completion  Generates completion scripts.
-  docker      Build Falco kernel modules and eBPF probes against a docker daemon.
-  help        Help about any command
-  kubernetes  Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
+{{ .Commands }}

-Flags:
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for driverkit
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 60)
+{{ .Flags }}
+  -v, --version                    version for driverkit

-Use "driverkit [command] --help" for more information about a command.
+{{ .Info }}
--- a/cmd/testdata/invalid-proxyconfig.txt
+++ b/cmd/testdata/invalid-proxyconfig.txt
@ -1,32 +1,3 @@
-ERRO error validating config options               error="proxy url must start with http:// or https:// or socks5:// prefix"
-Error: exiting for validation errors
-Usage:
-  driverkit
-  driverkit [command]
-
-Available Commands:
-  completion  Generates completion scripts.
-  docker      Build Falco kernel modules and eBPF probes against a docker daemon.
-  help        Help about any command
-  kubernetes  Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
-
-Flags:
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for driverkit
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 60)
-  -v, --version                   version for driverkit
-
-Use "driverkit [command] --help" for more information about a command.
-
+ERROR error validating config options
+    └ err: proxy url must start with http:// or https:// or socks5:// prefix
+ERROR error executing driverkit err: exiting for validation errors
--- a/cmd/testdata/non-existent-processor.txt
+++ b/cmd/testdata/non-existent-processor.txt
@ -1,31 +1 @@
-Error: invalid argument "abc" for "driverkit"
-Usage:
-  driverkit
-  driverkit [command]
-
-Available Commands:
-  completion  Generates completion scripts.
-  docker      Build Falco kernel modules and eBPF probes against a docker daemon.
-  help        Help about any command
-  kubernetes  Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
-
-Flags:
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for driverkit
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 60)
-  -v, --version                   version for driverkit
-
-Use "driverkit [command] --help" for more information about a command.
-
+ERROR error executing driverkit err: invalid argument "abc" for "driverkit"
--- a/cmd/testdata/templates/commands.txt
+++ b/cmd/testdata/templates/commands.txt
@ -0,0 +1,8 @@
+Available Commands:
+  completion            Generates completion scripts.
+  docker                Build Falco kernel modules and eBPF probes against a docker daemon.
+  help                  Help about any command
+  images                List builder images
+  kubernetes            Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
+  kubernetes-in-cluster Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.
+  local                 Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.
--- a/cmd/testdata/templates/desc.txt
+++ b/cmd/testdata/templates/desc.txt
@ -0,0 +1 @@
+A command line tool to build Falco kernel modules and eBPF probes.
--- a/cmd/testdata/templates/flags.txt
+++ b/cmd/testdata/templates/flags.txt
@ -0,0 +1,27 @@
+Flags:
+      --architecture string        target architecture for the built driver, one of {{ .Architectures }} (default "{{ .CurrentArch }}")
+      --builderimage string        docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
+      --builderrepo strings        list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
+  -c, --config string              config file path (default $HOME/.driverkit.yaml if exists)
+      --driverversion string       driver version as a git commit hash or as a git tag (default "master")
+      --dryrun                     do not actually perform the action
+      --gccversion string          enforce a specific gcc version for the build
+  -h, --help                       help for {{ .Cmd }}
+      --kernelconfigdata string    base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
+      --kernelrelease string       kernel release to build the module for, it can be found by executing 'uname -v'
+      --kernelurls strings         list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
+      --kernelversion string       kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
+  -l, --loglevel string            set level for logs (info, warn, debug, trace) (default "info")
+      --moduledevicename string    kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
+      --moduledrivername string    kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
+      --output-module string       filepath where to save the resulting kernel module
+      --output-probe string        filepath where to save the resulting eBPF probe
+      --proxy string               the proxy to use to download data
+      --registry-name string       registry name to which authenticate
+      --registry-password string   registry password
+      --registry-plain-http        allows interacting with remote registry via plain http requests
+      --registry-user string       registry username
+      --repo-name string           repository github name (default "libs")
+      --repo-org string            repository github organization (default "falcosecurity")
+  -t, --target string              the system to target the build for, one of {{ .Targets }}
+      --timeout int                timeout in seconds (default 120)
--- a/cmd/testdata/templates/info.txt
+++ b/cmd/testdata/templates/info.txt
@ -0,0 +1 @@
+Use "driverkit [command] --help" for more information about a command.
--- a/cmd/testdata/templates/usage.txt
+++ b/cmd/testdata/templates/usage.txt
@ -0,0 +1,3 @@
+Usage:
+  driverkit
+  driverkit [command]
--- a/docgen/docgen.go
+++ b/docgen/docgen.go
@ -1,16 +1,28 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package main

 import (
 	"bytes"
 	"flag"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path"
 	"strings"

 	"github.com/falcosecurity/driverkit/cmd"
-	logger "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra/doc"
 )

@ -47,7 +59,22 @@ func main() {
 	flag.Parse()

 	// Get root command
-	driverkit := cmd.NewRootCmd()
+	configOpts, err := cmd.NewConfigOptions()
+	if err != nil {
+		// configOpts will never be nil here
+		if configOpts != nil {
+			configOpts.Printer.Logger.Fatal("error setting driverkit config options defaults",
+				configOpts.Printer.Logger.Args("err", err.Error()))
+		} else {
+			os.Exit(1)
+		}
+	}
+	rootOpts, err := cmd.NewRootOptions()
+	if err != nil {
+		configOpts.Printer.Logger.Fatal("error setting driverkit root options defaults",
+			configOpts.Printer.Logger.Args("err", err.Error()))
+	}
+	driverkit := cmd.NewRootCmd(configOpts, rootOpts)
 	root := driverkit.Command()
 	num := len(root.Commands()) + 1

@ -70,20 +97,20 @@ func main() {
 	}

 	// Generate markdown docs
-	err := doc.GenMarkdownTreeCustom(root, outputDir, prepender(num), linker)
+	err = doc.GenMarkdownTreeCustom(root, outputDir, prepender(num), linker)
 	if err != nil {
-		logger.WithError(err).Fatal("markdown generation")
+		configOpts.Printer.Logger.Fatal("markdown generation", configOpts.Printer.Logger.Args("err", err.Error()))
 	}

 	if targetWebsite {
-		err := os.Rename(path.Join(outputDir, "driverkit.md"), path.Join(outputDir, "_index.md"))
+		err = os.Rename(path.Join(outputDir, "driverkit.md"), path.Join(outputDir, "_index.md"))
 		if err != nil {
-			logger.WithError(err).Fatal("renaming main docs page")
+			configOpts.Printer.Logger.Fatal("renaming main docs page", configOpts.Printer.Logger.Args("err", err.Error()))
 		}
 	}

-	if err := stripSensitive(); err != nil {
-		logger.WithError(err).Fatal("error replacing sensitive data")
+	if err = stripSensitive(); err != nil {
+		configOpts.Printer.Logger.Fatal("error replacing sensitive data", configOpts.Printer.Logger.Args("err", err.Error()))
 	}
 }

@ -100,7 +127,7 @@ func stripSensitive() error {

 	for _, file := range files {
 		filePath := path.Join(outputDir, file.Name())
-		file, err := ioutil.ReadFile(filePath)
+		file, err := os.ReadFile(filePath)
 		if err != nil {
 			return err
 		}
@ -110,7 +137,7 @@ func stripSensitive() error {
 			target := []byte(os.Getenv(s))
 			file = bytes.ReplaceAll(file, target, append(envMark, []byte(s)...))
 		}
-		if err = ioutil.WriteFile(filePath, file, 0666); err != nil {
+		if err = os.WriteFile(filePath, file, 0666); err != nil {
 			return err
 		}
 	}
--- a/docker/builders/builder-amazonlinux2-x86_64_gcc10.0.0.Dockerfile
+++ b/docker/builders/builder-amazonlinux2-x86_64_gcc10.0.0.Dockerfile
@ -0,0 +1,32 @@
+FROM amazonlinux:2.0.20240529.0
+
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+
+RUN yum -y install gcc10 \
+    clang \
+    llvm \
+    bash-completion \
+    bc \
+    ca-certificates \
+    curl \
+    gnupg2 \
+    libc6-dev \
+    elfutils-libelf-devel \
+    xz \
+    cpio \
+    flex \
+    bison \
+    openssl \
+    openssl-devel \
+    wget \
+    binutils \
+    which \
+    make \
+    cmake3 \
+    tar \
+    zstd \
+    git
+
+# Properly create soft links
+RUN ln -s /usr/bin/gcc10-cc /usr/bin/gcc-10.0.0
+RUN ln -s /usr/bin/cmake3 /usr/bin/cmake
--- a/docker/builders/builder-any-aarch64_gcc10.0.0_gcc9.0.0.Dockerfile
+++ b/docker/builders/builder-any-aarch64_gcc10.0.0_gcc9.0.0.Dockerfile
@ -0,0 +1 @@
+builder-any-x86_64_gcc10.0.0_gcc9.0.0.Dockerfile
--- a/docker/builders/builder-any-aarch64_gcc12.0.0_gcc11.0.0.Dockerfile
+++ b/docker/builders/builder-any-aarch64_gcc12.0.0_gcc11.0.0.Dockerfile
@ -0,0 +1 @@
+builder-any-x86_64_gcc12.0.0_gcc11.0.0.Dockerfile
--- a/docker/builders/builder-any-aarch64_gcc13.0.0.Dockerfile
+++ b/docker/builders/builder-any-aarch64_gcc13.0.0.Dockerfile
@ -0,0 +1 @@
+builder-any-x86_64_gcc13.0.0.Dockerfile
--- a/docker/builders/builder-any-aarch64_gcc14.0.0.Dockerfile
+++ b/docker/builders/builder-any-aarch64_gcc14.0.0.Dockerfile
@ -0,0 +1 @@
+builder-any-x86_64_gcc14.0.0.Dockerfile
--- a/docker/builders/builder-any-aarch64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0.Dockerfile
+++ b/docker/builders/builder-any-aarch64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0.Dockerfile
@ -0,0 +1 @@
+builder-any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0.Dockerfile
--- a/docker/builders/builder-any-x86_64_gcc10.0.0_gcc9.0.0.Dockerfile
+++ b/docker/builders/builder-any-x86_64_gcc10.0.0_gcc9.0.0.Dockerfile
@ -0,0 +1,48 @@
+FROM debian:bullseye
+
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+
+ARG TARGETARCH
+
+RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
+
+RUN apt-get update \
+	&& apt-get install -y --no-install-recommends \
+	bash-completion \
+	bc \
+	clang \
+    llvm \
+	ca-certificates \
+	curl \
+	dkms \
+	dwarves \
+	gnupg2 \
+	gcc \
+    gcc-9 \
+	jq \
+	libc6-dev \
+	libelf-dev \
+	netcat \
+	xz-utils \
+	rpm2cpio \
+	cpio \
+	flex \
+	bison \
+	openssl \
+	libssl-dev \
+	libncurses-dev \
+	libudev-dev \
+	libpci-dev \
+	libiberty-dev \
+	lsb-release \
+	wget \
+	software-properties-common \
+	gpg \
+	zstd \
+	cmake \
+	git \
+	&& rm -rf /var/lib/apt/lists/*
+
+# Properly create soft link
+RUN ln -s /usr/bin/gcc-9 /usr/bin/gcc-9.0.0
+RUN ln -s /usr/bin/gcc-10 /usr/bin/gcc-10.0.0
--- a/docker/builders/builder-any-x86_64_gcc12.0.0_gcc11.0.0.Dockerfile
+++ b/docker/builders/builder-any-x86_64_gcc12.0.0_gcc11.0.0.Dockerfile
@ -0,0 +1,48 @@
+FROM debian:bookworm
+
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+
+ARG TARGETARCH
+
+RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
+
+RUN apt-get update \
+	&& apt-get install -y --no-install-recommends \
+	bash-completion \
+	bc \
+	clang \
+    llvm \
+	ca-certificates \
+	curl \
+	dkms \
+	dwarves \
+	gnupg2 \
+	gcc \
+    gcc-11 \
+	jq \
+	libc6-dev \
+	libelf-dev \
+	netcat-openbsd \
+	xz-utils \
+	rpm2cpio \
+	cpio \
+	flex \
+	bison \
+	openssl \
+	libssl-dev \
+	libncurses-dev \
+	libudev-dev \
+	libpci-dev \
+	libiberty-dev \
+	lsb-release \
+	wget \
+	software-properties-common \
+	gpg \
+	zstd \
+	cmake \
+	git \
+	&& rm -rf /var/lib/apt/lists/*
+
+# Properly create soft links
+RUN ln -s /usr/bin/gcc-11 /usr/bin/gcc-11.0.0
+RUN ln -s /usr/bin/gcc-12 /usr/bin/gcc-12.0.0
--- a/docker/builders/builder-any-x86_64_gcc13.0.0.Dockerfile
+++ b/docker/builders/builder-any-x86_64_gcc13.0.0.Dockerfile
@ -0,0 +1,40 @@
+FROM fedora:39
+
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+
+ARG TARGETARCH
+
+RUN dnf install -y \
+	bash-completion \
+	bc \
+	clang \
+	llvm \
+	ca-certificates \
+	curl \
+	dkms \
+	dwarves \
+	gnupg2 \
+	gcc \
+	jq \
+	glibc-devel \
+	elfutils-libelf-devel \
+	netcat \
+	xz \
+	cpio \
+	flex \
+	bison \
+	openssl \
+	openssl-devel \
+	ncurses-devel \
+	systemd-devel \
+	pciutils-devel \
+	binutils-devel \
+	lsb-release \
+	wget \
+	gpg \
+	zstd \
+	cmake \
+	git
+
+# Properly create soft links
+RUN ln -s /usr/bin/gcc /usr/bin/gcc-13.0.0
--- a/docker/builders/builder-any-x86_64_gcc14.0.0.Dockerfile
+++ b/docker/builders/builder-any-x86_64_gcc14.0.0.Dockerfile
@ -0,0 +1,40 @@
+FROM fedora:41
+
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+
+ARG TARGETARCH
+
+RUN dnf install -y \
+	bash-completion \
+	bc \
+	clang \
+	llvm \
+	ca-certificates \
+	curl \
+	dkms \
+	dwarves \
+	gnupg2 \
+	gcc \
+	jq \
+	glibc-devel \
+	elfutils-libelf-devel \
+	netcat \
+	xz \
+	cpio \
+	flex \
+	bison \
+	openssl \
+	openssl-devel \
+	ncurses-devel \
+	systemd-devel \
+	pciutils-devel \
+	binutils-devel \
+	lsb-release \
+	wget \
+	gpg \
+	zstd \
+	cmake \
+	git
+
+# Properly create soft links
+RUN ln -s /usr/bin/gcc /usr/bin/gcc-14.0.0
--- a/docker/builders/builder-any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0.Dockerfile
+++ b/docker/builders/builder-any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0.Dockerfile
@ -0,0 +1,146 @@
+FROM debian:buster
+
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+
+ARG TARGETARCH
+
+RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
+
+# Use 20250630T203427Z debian apt snapshot as it still contains support for buster.
+RUN cat <<EOF > /etc/apt/sources.list
+deb http://snapshot.debian.org/archive/debian/20250630T203427Z buster main
+deb http://snapshot.debian.org/archive/debian-security/20250630T203427Z buster/updates main
+deb http://snapshot.debian.org/archive/debian/20250630T203427Z buster-updates main
+EOF
+
+RUN apt-get update \
+	&& apt-get install -y --no-install-recommends \
+	bash-completion \
+	bc \
+	clang \
+    	llvm \
+	ca-certificates \
+	curl \
+	dkms \
+	dwarves \
+	gnupg2 \
+	gcc \
+	jq \
+	libc6-dev \
+	libelf-dev \
+	netcat \
+	xz-utils \
+	rpm2cpio \
+	cpio \
+	flex \
+	bison \
+	openssl \
+	libssl-dev \
+	libncurses-dev \
+	libudev-dev \
+	libpci-dev \
+	libiberty-dev \
+	lsb-release \
+	wget \
+	software-properties-common \
+	gpg \
+	zstd \
+	gawk \
+	mawk \
+	git \
+	&& rm -rf /var/lib/apt/lists/*
+
+RUN if [ "$TARGETARCH" = "amd64" ] ; then apt-get install -y --no-install-recommends libmpx2; fi
+
+# gcc 4.9 is required on x86 to build some 3.10+ kernels
+# note: on arm gcc 4.9 could not be found.
+RUN echo 'deb http://dk.archive.ubuntu.com/ubuntu/ xenial main' >> /etc/apt/sources.list     && \
+	echo 'deb http://dk.archive.ubuntu.com/ubuntu/ xenial universe' >> /etc/apt/sources.list
+# repo is unsigned therefore the APT options
+RUN if [ "$TARGETARCH" = "amd64" ] ; then apt-get -o Acquire::AllowInsecureRepositories=true -o Acquire::AllowDowngradeToInsecureRepositories=true update && apt-get -o APT::Get::AllowUnauthenticated=true install -y --no-install-recommends gcc-4.9; fi
+
+# gcc 6 is no longer included in debian stable, but we need it to
+# build kernel modules on the default debian-based ami used by
+# kops. So grab copies we've saved from debian snapshots with the
+# prefix https://snapshot.debian.org/archive/debian/20170517T033514Z
+# or so.
+
+RUN if [ "$TARGETARCH" = "amd64" ]; then curl -L -o libcilkrts5_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/libcilkrts5_6.3.0-18_${TARGETARCH}.deb; fi; \
+    curl -L -o cpp-6_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/cpp-6_6.3.0-18_${TARGETARCH}.deb \
+	&& curl -L -o gcc-6-base_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/gcc-6-base_6.3.0-18_${TARGETARCH}.deb \
+	&& curl -L -o gcc-6_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/gcc-6_6.3.0-18_${TARGETARCH}.deb \
+	&& curl -L -o libasan3_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/libasan3_6.3.0-18_${TARGETARCH}.deb \
+	&& curl -L -o libgcc-6-dev_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/libgcc-6-dev_6.3.0-18_${TARGETARCH}.deb \
+	&& curl -L -o libubsan0_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/libubsan0_6.3.0-18_${TARGETARCH}.deb \
+	&& curl -L -o libmpfr4_3.1.3-2_${TARGETARCH}.deb https://download.falco.org/dependencies/libmpfr4_3.1.3-2_${TARGETARCH}.deb \
+	&& curl -L -o libisl15_0.18-1_${TARGETARCH}.deb https://download.falco.org/dependencies/libisl15_0.18-1_${TARGETARCH}.deb \
+	&& dpkg -i cpp-6_6.3.0-18_${TARGETARCH}.deb gcc-6-base_6.3.0-18_${TARGETARCH}.deb gcc-6_6.3.0-18_${TARGETARCH}.deb libasan3_6.3.0-18_${TARGETARCH}.deb; \
+    if [ "$TARGETARCH" = "amd64" ]; then dpkg -i libcilkrts5_6.3.0-18_${TARGETARCH}.deb; fi; \
+    dpkg -i libgcc-6-dev_6.3.0-18_${TARGETARCH}.deb libubsan0_6.3.0-18_${TARGETARCH}.deb libmpfr4_3.1.3-2_${TARGETARCH}.deb libisl15_0.18-1_${TARGETARCH}.deb \
+	&& rm -f cpp-6_6.3.0-18_${TARGETARCH}.deb gcc-6-base_6.3.0-18_${TARGETARCH}.deb gcc-6_6.3.0-18_${TARGETARCH}.deb libasan3_6.3.0-18_${TARGETARCH}.deb libcilkrts5_6.3.0-18_${TARGETARCH}.deb libgcc-6-dev_6.3.0-18_${TARGETARCH}.deb libubsan0_6.3.0-18_${TARGETARCH}.deb libmpfr4_3.1.3-2_${TARGETARCH}.deb libisl15_0.18-1_${TARGETARCH}.deb
+
+# gcc 5 is no longer included in debian stable, but we need it to
+# build centos kernels, which are 3.x based and explicitly want a gcc
+# version 3, 4, or 5 compiler. So grab copies we've saved from debian
+# snapshots with the prefix https://snapshot.debian.org/archive/debian/20190122T000000Z.
+
+RUN if [ "$TARGETARCH" = "amd64" ]; then curl -L -o libmpx0_5.5.0-12_${TARGETARCH}.deb https://download.falco.org/dependencies/libmpx0_5.5.0-12_${TARGETARCH}.deb; fi; \
+    curl -L -o cpp-5_5.5.0-12_${TARGETARCH}.deb https://download.falco.org/dependencies/cpp-5_5.5.0-12_${TARGETARCH}.deb \
+	&& curl -L -o gcc-5-base_5.5.0-12_${TARGETARCH}.deb https://download.falco.org/dependencies/gcc-5-base_5.5.0-12_${TARGETARCH}.deb \
+	&& curl -L -o gcc-5_5.5.0-12_${TARGETARCH}.deb https://download.falco.org/dependencies/gcc-5_5.5.0-12_${TARGETARCH}.deb \
+	&& curl -L -o libasan2_5.5.0-12_${TARGETARCH}.deb	https://download.falco.org/dependencies/libasan2_5.5.0-12_${TARGETARCH}.deb \
+	&& curl -L -o libgcc-5-dev_5.5.0-12_${TARGETARCH}.deb https://download.falco.org/dependencies/libgcc-5-dev_5.5.0-12_${TARGETARCH}.deb \
+	&& curl -L -o libisl15_0.18-4_${TARGETARCH}.deb https://download.falco.org/dependencies/libisl15_0.18-4_${TARGETARCH}.deb \
+	&& dpkg -i cpp-5_5.5.0-12_${TARGETARCH}.deb gcc-5-base_5.5.0-12_${TARGETARCH}.deb gcc-5_5.5.0-12_${TARGETARCH}.deb libasan2_5.5.0-12_${TARGETARCH}.deb; \
+    if [ "$TARGETARCH" = "amd64" ]; then dpkg -i libmpx0_5.5.0-12_${TARGETARCH}.deb; fi; \
+    dpkg -i libgcc-5-dev_5.5.0-12_${TARGETARCH}.deb libisl15_0.18-4_${TARGETARCH}.deb \
+	&& rm -f cpp-5_5.5.0-12_${TARGETARCH}.deb gcc-5-base_5.5.0-12_${TARGETARCH}.deb gcc-5_5.5.0-12_${TARGETARCH}.deb libasan2_5.5.0-12_${TARGETARCH}.deb libgcc-5-dev_5.5.0-12_${TARGETARCH}.deb libisl15_0.18-4_${TARGETARCH}.deb libmpx0_5.5.0-12_${TARGETARCH}.deb
+
+# gcc 4 is no longer included in debian stable, but we need it to
+# build centos kernels, which are 2.x based and explicitly want a gcc
+# version 4 compiler. So grab copies we've saved from debian
+# snapshots with the prefix http://ftp.debian.org/debian/pool/main/g/gcc-4.8/.
+
+RUN if [ "$TARGETARCH" = "amd64" ] ; then curl -L -o libasan0_4.8.4-1_${TARGETARCH}.deb https://download.falco.org/dependencies/libasan0_4.8.4-1_${TARGETARCH}.deb && dpkg -i libasan0_4.8.4-1_${TARGETARCH}.deb; fi; \
+    curl -L -o cpp-4.8_4.8.4-1_${TARGETARCH}.deb https://download.falco.org/dependencies/cpp-4.8_4.8.4-1_${TARGETARCH}.deb \
+	&& curl -L -o gcc-4.8-base_4.8.4-1_${TARGETARCH}.deb https://download.falco.org/dependencies/gcc-4.8-base_4.8.4-1_${TARGETARCH}.deb \
+	&& curl -L -o gcc-4.8_4.8.4-1_${TARGETARCH}.deb https://download.falco.org/dependencies/gcc-4.8_4.8.4-1_${TARGETARCH}.deb \
+	&& curl -L -o libgcc-4.8-dev_4.8.4-1_${TARGETARCH}.deb https://download.falco.org/dependencies/libgcc-4.8-dev_4.8.4-1_${TARGETARCH}.deb \
+	&& curl -L -o libisl10_0.12.2-2_${TARGETARCH}.deb https://download.falco.org/dependencies/libisl10_0.12.2-2_${TARGETARCH}.deb \
+	&& curl -L -o multiarch-support_2.19-18+deb8u10_${TARGETARCH}.deb https://download.falco.org/dependencies/multiarch-support_2.19-18%2Bdeb8u10_${TARGETARCH}.deb \
+	&& curl -L -o libcloog-isl4_0.18.4-1+b1_${TARGETARCH}.deb https://download.falco.org/dependencies/libcloog-isl4_0.18.4-1%2Bb1_${TARGETARCH}.deb \
+	&& dpkg -i multiarch-support_2.19-18+deb8u10_${TARGETARCH}.deb \
+	&& dpkg -i libisl10_0.12.2-2_${TARGETARCH}.deb gcc-4.8-base_4.8.4-1_${TARGETARCH}.deb; \
+    if [ "$TARGETARCH" = "amd64" ] ; then dpkg -i libasan0_4.8.4-1_${TARGETARCH}.deb; fi; \
+    dpkg -i libgcc-4.8-dev_4.8.4-1_${TARGETARCH}.deb libcloog-isl4_0.18.4-1+b1_${TARGETARCH}.deb cpp-4.8_4.8.4-1_${TARGETARCH}.deb gcc-4.8_4.8.4-1_${TARGETARCH}.deb \
+	&& rm -f multiarch-support_2.19-18+deb8u10_${TARGETARCH}.deb libisl10_0.12.2-2_${TARGETARCH}.deb gcc-4.8-base_4.8.4-1_${TARGETARCH}.deb libasan0_4.8.4-1_${TARGETARCH}.deb libgcc-4.8-dev_4.8.4-1_${TARGETARCH}.deb libcloog-isl4_0.18.4-1+b1_${TARGETARCH}.deb cpp-4.8_4.8.4-1_${TARGETARCH}.deb gcc-4.8_4.8.4-1_${TARGETARCH}.deb
+
+# debian:stable head contains binutils 2.31, which generates
+# binaries that are incompatible with kernels < 4.16. So manually
+# forcibly install binutils 2.30-22 instead.
+
+RUN if [ "$TARGETARCH" = "amd64" ] ; then \
+    curl -L -o binutils-x86-64-linux-gnu_2.30-22_${TARGETARCH}.deb https://download.falco.org/dependencies/binutils-x86-64-linux-gnu_2.30-22_${TARGETARCH}.deb; \
+    else  \
+    curl -L -o  binutils-aarch64-linux-gnu_2.30-22_${TARGETARCH}.deb https://download.falco.org/dependencies/binutils-aarch64-linux-gnu_2.30-22_${TARGETARCH}.deb; \
+    fi
+
+RUN curl -L -o binutils_2.30-22_${TARGETARCH}.deb https://download.falco.org/dependencies/binutils_2.30-22_${TARGETARCH}.deb \
+	&& curl -L -o libbinutils_2.30-22_${TARGETARCH}.deb https://download.falco.org/dependencies/libbinutils_2.30-22_${TARGETARCH}.deb \
+	&& curl -L -o binutils-common_2.30-22_${TARGETARCH}.deb https://download.falco.org/dependencies/binutils-common_2.30-22_${TARGETARCH}.deb \
+	&& dpkg -i *binutils*.deb \
+	&& rm -f *binutils*.deb
+
+# Install a recent version of cmake (debian buster has at most 3.13)
+RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \
+    gzip -d /tmp/cmake.tar.gz; \
+    tar -xpf /tmp/cmake.tar --directory=/tmp; \
+    cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr; \
+    rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/
+
+# Properly create soft link
+RUN ln -s /usr/bin/gcc-4.8 /usr/bin/gcc-4.8.0
+RUN if [ "$TARGETARCH" = "amd64" ] ; then ln -s /usr/bin/gcc-4.9 /usr/bin/gcc-4.9.0; fi;
+RUN ln -s /usr/bin/gcc-5 /usr/bin/gcc-5.0.0
+RUN ln -s /usr/bin/gcc-6 /usr/bin/gcc-6.0.0
+RUN ln -s /usr/bin/gcc-8 /usr/bin/gcc-8.0.0
--- a/docker/builders/builder-centos-x86_64_gcc4.8.5.Dockerfile
+++ b/docker/builders/builder-centos-x86_64_gcc4.8.5.Dockerfile
@ -0,0 +1,50 @@
+FROM centos:7
+
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+
+# Fix broken mirrors - centos:7 eol
+RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \
+    sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \
+    sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo
+
+RUN yum -y install centos-release-scl
+
+# fix broken mirrors (again)
+RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \
+    sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \
+    sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo
+
+RUN yum -y install gcc \
+    llvm-toolset-7.0 \
+	bash-completion \
+	bc \
+	ca-certificates \
+	curl \
+	gnupg2 \
+	libc6-dev \
+	elfutils-libelf-devel \
+	xz \
+	cpio \
+	flex \
+	bison \
+	openssl \
+	openssl-devel \
+	wget \
+	binutils \
+	which \
+	make \
+	git
+
+# Install cmake3.x (on centos7 `cmake` package installs cmake2.x)
+RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \
+    gzip -d /tmp/cmake.tar.gz; \
+    tar -xpf /tmp/cmake.tar --directory=/tmp; \
+    cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr; \
+    rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/
+
+# Properly create soft link
+RUN ln -s /usr/bin/gcc /usr/bin/gcc-4.8.5
+
+RUN source scl_source enable llvm-toolset-7.0
+RUN echo "source scl_source enable llvm-toolset-7.0" >> /etc/bashrc
+RUN source /etc/bashrc
--- a/docker/driverkit.Dockerfile
+++ b/docker/driverkit.Dockerfile
@ -0,0 +1,6 @@
+FROM docker.io/alpine:3.16
+
+ARG TARGETARCH
+
+COPY build-${TARGETARCH}/driverkit /bin/driverkit
+CMD ["/bin/driverkit"]
--- a/docs/builder.md
+++ b/docs/builder.md
@ -0,0 +1,196 @@
+# Builders
+
+The [builder](../pkg/driverbuilder/builder) package contains all of the actual builders code, for each supported target.  
+Their bash-like build templates live under the [templates](../pkg/driverbuilder/builder/templates) subfolder.
+
+# Support a new distro
+
+You probably came here because you want to tell the [Falco Drivers Build Grid](https://github.com/falcosecurity/test-infra/tree/master/driverkit) to
+build drivers for a specific distro you care about.
+
+If that distribution is not yet supported by driverkit, the Falco Drivers Build Grid will not be able to just build it as it does for other distros.
+
+Adding support for a new distro is a multiple-step work:
+* first of all, a new builder on driverkit must be created
+* secondly, [kernel-crawler](https://github.com/falcosecurity/kernel-crawler) must also be updated to support the new distro; see [below](#5-kernel-crawler) section
+* third, [dbg-go](https://github.com/falcosecurity/dbg-go) must [bump driverkit](https://github.com/falcosecurity/dbg-go?tab=readme-ov-file#bumping-driverkit) and enable support to generate configs for the new distro: https://github.com/falcosecurity/dbg-go/blob/main/pkg/root/distro.go#L30.
+* lastly, [test-infra](https://github.com/falcosecurity/test-infra) must be updated to add the new [prow config](https://github.com/falcosecurity/test-infra/tree/master/config/jobs/build-drivers) for new distro related jobs and `dbg-go` images must be bumped, see https://github.com/falcosecurity/test-infra/tree/master/images/build-drivers and https://github.com/falcosecurity/test-infra/tree/master/images/update-dbg.
+
+Here, we will only focus about driverkit part.
+
+## Creating a new Builder
+
+To add a new supported distribution, you need to create a specific file implementing the `builder.Builder` interface.  
+Here's the [archlinux](../pkg/driverbuilder/builder/archlinux.go) one for reference.  
+Following this simple set of instructions should help you while you implement a new `builder.Builder`.
+
+### 1. Builder file
+
+Create a file, named with the name of the distro you want to add in the `pkg/driverbuilder/builder` folder.
+
+```bash
+touch pkg/driverbuilder/builder/archlinux.go
+```
+
+### 2. Target name
+
+Your builder will need a constant for the target it implements. Usually that constant
+can just be the ID of the distribution you are implementing, as taken reading `/etc/os-release` file.  
+A builder can implement more than one target at time. For example, the minikube builder is just a vanilla one.
+
+Once you have the constant, you will need to add it to the [byTarget](https://github.com/falcosecurity/driverkit/blob/master/pkg/driverbuilder/builder/target.go) map. 
+Open your file and you will need to add something like this:
+
+```go
+// TargetTypeArchLinux identifies the Arch Linux target.
+const TargetTypeArchLinux Type = "arch"
+
+type archLinux struct {
+}
+
+func init() {
+	byTarget[TargetTypeArchLinux] = &archLinux{}
+}
+```
+
+Now, you can implement the `builder.Builder` interface for the `archlinux` struct
+you just registered.
+
+Here's a very minimalistic example:
+
+```go
+func (c *archlinux) Name() string {
+    return TargetTypeArchlinux.String()
+}
+
+func (c *archlinux) TemplateKernelUrlsScript() string { 
+	return archlinuxKernelTemplate 
+}
+
+func (c *archlinux) TemplateScript() string {
+    return archlinuxTemplate
+}
+
+func (c archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+    urls := []string{}
+    if kr.Architecture == kernelrelease.ArchitectureAmd64 {
+        urls = append(urls, fmt.Sprintf("https://archive.archlinux.org/packages/l/linux-headers/linux-headers-%s.%s-%d-%s.pkg.tar.xz",
+            kr.Fullversion,
+            kr.Extraversion,
+            cfg.KernelVersion,
+            kr.Architecture.ToNonDeb()))
+    } else {
+        urls = append(urls, fmt.Sprintf("https://alaa.ad24.cz/packages/l/linux-%s-headers/linux-%s-headers-%s-%d-%s.pkg.tar.xz",
+            kr.Architecture.ToNonDeb(),
+            kr.Architecture.ToNonDeb(),
+            kr.Fullversion,
+            cfg.KernelVersion,
+            kr.Architecture.ToNonDeb()))
+    }
+    return urls, nil
+}
+
+func (c *archlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+    return archlinuxTemplateData{
+        KernelDownloadURL: urls[0],
+    }
+}
+```
+
+Essentially, the various methods that you are implementing are needed to:
+* fill the kernel download/extract script template, a `bash` script responsible to fetch and extract the kernel headers for the distro
+* fill the build script template (see below), that is a `bash` script that will be executed by driverkit at build time
+* return a list of possible kernel headers urls that will later be downloaded by the kernel download script, and then used for the driver build
+
+Under `pkg/driverbuilder/builder/templates` folder, you can find all the template scripts for the supported builders.  
+Adding a new template there and using `go:embed` to include it in your builder, allows leaner code
+without mixing up templates and builder logic.  
+For example:
+
+```go
+//go:embed templates/archlinux_kernel.sh
+var archlinuxKernelTemplate string
+
+//go:embed templates/archlinux.sh
+var archlinuxTemplate string
+```
+
+Depending on how the distro works, the "kernel" template script will fetch the kernel headers for it at the specific kernel version specified
+in the `Config` struct at `c.Build.KernelVersion`, and then extracting them.  
+Finally, the script will also `export` the `KERNELDIR` variable to be consumed by the actual build script.  
+Example kernel download template for archlinux:
+```bash
+set -xeuo pipefail
+
+# Fetch the kernel
+mkdir /tmp/kernel-download
+cd /tmp/kernel-download
+curl --silent -o kernel-devel.pkg.tar.xz -SL {{ .KernelDownloadURL }}
+tar -xf kernel-devel.pkg.tar.xz
+rm -Rf /tmp/kernel
+mkdir -p /tmp/kernel
+mv usr/lib/modules/*/build/* /tmp/kernel
+
+# exit value
+export KERNELDIR=/tmp/kernel
+```
+
+Once you have those, based on what that kernel can do and based on what was configured
+by the user, the build script will build the kernel module driver and/or the eBPF probe driver.
+Example build template for archlinux:
+```bash
+set -xeuo pipefail
+
+cd {{ .DriverBuildDir }}
+mkdir -p build && cd build
+{{ .CmakeCmd }}
+
+{{ if .BuildModule }}
+# Build the module
+make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
+strip -g {{ .ModuleFullPath }}
+# Print results
+modinfo {{ .ModuleFullPath }}
+{{ end }}
+
+{{ if .BuildProbe }}
+# Build the eBPF probe
+make bpf
+ls -l driver/bpf/probe.o
+{{ end }}
+```
+
+How does this work?
+
+If the user specifies:
+
+- `c.Build.ModuleFilePath` you will need to build the kernel module and save it in /tmp/driver/falco.ko`
+- `c.Build.ProbeFilePath` you will need to build the eBPF probe and save it in /tmp/driver/probe.o`
+
+The `/tmp/driver` MUST be interpolated from the `DriverDirectory` constant from [`builders.go`](/pkg/driverbuilder/builder/builders.go).
+
+If you look at the various builder implemented, you will see that the task of creating a new builder
+can be easy or difficult depending on how the distribution ships their artifacts.  
+Indeed, the hardest part is fetching the kernel headers urls for each distro.
+
+### 3. Customize GCC version
+
+A builder can enforce a GCC selection algorithm,  
+by implementing the `builder.GCCVersionRequestor` interface.  
+A sane default algorithm is provided, that selects a GCC version based on the kernel version.   
+The requested gcc version is then [used to find the correct builder image to be used](builder_images.md#selection-algorithm).  
+
+> **NOTE**: when implementing the `builder.GCCVersionRequestor`, returning an empty `semver.Version` means to fallback at default algorithm.
+
+However, there is no mechanism to dynamically choose a clang version, because there should never be any need of touching it.   
+The build will use the one provided by the chosen builder image.  
+Any failure must be treated as a bug, and reported on [libs](https://github.com/falcosecurity/libs) repository.
+
+### 5. kernel-crawler
+
+When creating a new builder, it is recommended to check that [kernel-crawler](https://github.com/falcosecurity/kernel-crawler)
+can also support collecting the new builders kernel versions and header package URLs. This will make sure that the latest drivers
+for the new builder are automatically built by [test-infra](https://github.com/falcosecurity/test-infra). If required, add a feature request
+for support for the new builder on the kernel-crawler repository.  
+
+> **NOTE**: be sure that the crawler you are going to add is interesting for the community as a whole.
--- a/docs/builder_images.md
+++ b/docs/builder_images.md
@ -0,0 +1,68 @@
+# Builder Images
+
+Driverkit supports multiple builder images.  
+A builder image is the docker image used to build the drivers.
+
+## Adding a builder image
+
+Adding a builder image is just a matter of adding a new dockerfile under the [docker/builders](../docker/builders) folder,  
+with a name matching the following regex: `builder-(?P<target>[a-z0-9]+)-(?P<arch>x86_64|aarch64)(?P<gccVers>(_gcc[0-9]+.[0-9]+.[0-9]+)+).Dockerfile$`.    
+For example: `builder-centos-x86_64_gcc5.8.0_gcc6.0.0.Dockerfile`.
+
+> **NOTE:** `any` is also a valid target, and means "apply as fallback for any target"
+
+The image **MUST** symlink all of its provided GCC versions to their full semver name, like:
+* `/usr/bin/gcc5` must be linked to `/usr/bin/gcc-5.0.0`
+* `/usr/bin/gcc-4.8` must be linked to `/usr/bin/gcc-4.8.0`
+
+This is needed because driverkit logic must be able to differentiate eg: between  
+an image that provides gcc4 and one that provides 4.8, in a reliable manner.
+
+The makefile will be then automatically able to collect the new docker images and pushing it as part of the CI.  
+Note: the images will be pushed under the `falcosecurity/driverkit-builder` repository, each with a tag reflecting its name, eg:  
+* `falcosecurity/driverkit-builder:centos-x86_64_gcc5.8.0_gcc6.0.0-latest`
+* `falcosecurity/driverkit-builder:any-x86_64_gcc12.0.0-454eff8fcc7d9abc615d312e9eccbd41abffb810`
+
+As you can see, the last part of the image tag is the real versioned tag (ie: `-latest` or `-$commithash`).
+
+## Selection algorithm
+
+Once pushed, driverkit will be able to correctly load the image during startup, using [falcoctl](https://github.com/falcosecurity/falcoctl/) OCI utilities.  
+Then, it will map images whose target and architecture are correct for the current build, storing the provided GCCs list.  
+Moreover, it will also take care of only using images with correct tag (ie: `latest` or `commithash`), as requested by user or automatically set by Makefile.
+The algorithm goes as follows:
+* load any image for the build arch, tag and target
+* load any image for the build arch, tag and "any" target
+* if any of the target-specific image provides the targetGCC for the build, we are over
+* if any of the "any" fallback image provides the targetGCC for the build, we are over
+* else, find the image between target-specific and fallback ones, that provides nearest GCC.  
+In this latest step, there is no distinction between/different priority given to target specific or fallback images.
+
+## Customize builder images repos
+
+Moreover, users can also ship their own builder images in their own docker repositories, by using `--builderrepo` CLI option.  
+
+Instead of passing a docker repo, one can also pass the full path to a so-called builder images index yaml file.  
+It is mostly convenient in "static" scenarios, but it also gives the ability to freely define images name since all required infos are explicitly stated in the index file.  
+For an example of such a file, see [index.yaml](./index.yaml).
+
+One can use this option multiple times; builder repos are a priority first list of docker repositories or builder images indexes (they can be mixed too!).
+
+## Force use a builder image
+
+Users can also force-specify the builder image to be used for the current build,  
+instead of relying on the internal algorithm, by using `--builderimage` CLI option.  
+
+> **NOTE**: builderimage MUST provide the selected gcc for the build
+
+A special value for builder image is available:
+* `auto:$tag`, that is used to tell driverkit to use the automatic algorithm, but forcing a certain image tag
+
+## Force use a gcc version
+
+Users can specify the target gcc version of the build, using `--gccversion` option.  
+As seen above, this needs to be a fully expanded gcc version, like `4.8.0`, or `8.0.0`.  
+When set, the image selection algorithm will pick the best builder image, 
+ie: the one that provides the nearest gcc version.  
+One can also play with both `--gccversion` and `--builderimage` options to enforce the  
+usage of a specific builder image that ships a specific gcc version.
--- a/docs/driverkit.md
+++ b/docs/driverkit.md
@ -2,10 +2,6 @@

 A command line tool to build Falco kernel modules and eBPF probes.

-### Synopsis
-
-A command line tool to build Falco kernel modules and eBPF probes.
-
 ```
 driverkit
 ```
@ -13,26 +9,40 @@ driverkit
 ### Options

 ```
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for driverkit
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 60)
+      --architecture string        target architecture for the built driver, one of [amd64,arm64] (default "amd64")
+      --builderimage string        docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
+      --builderrepo strings        list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
+  -c, --config string              config file path (default $HOME/.driverkit.yaml if exists)
+      --driverversion string       driver version as a git commit hash or as a git tag (default "master")
+      --dryrun                     do not actually perform the action
+      --gccversion string          enforce a specific gcc version for the build
+  -h, --help                       help for driverkit
+      --kernelconfigdata string    base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
+      --kernelrelease string       kernel release to build the module for, it can be found by executing 'uname -v'
+      --kernelurls strings         list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
+      --kernelversion string       kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
+  -l, --loglevel string            set level for logs (info, warn, debug, trace) (default "info")
+      --moduledevicename string    kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
+      --moduledrivername string    kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
+      --output-module string       filepath where to save the resulting kernel module
+      --output-probe string        filepath where to save the resulting eBPF probe
+      --proxy string               the proxy to use to download data
+      --registry-name string       registry name to which authenticate
+      --registry-password string   registry password
+      --registry-plain-http        allows interacting with remote registry via plain http requests
+      --registry-user string       registry username
+      --repo-name string           repository github name (default "libs")
+      --repo-org string            repository github organization (default "falcosecurity")
+  -t, --target string              the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
+      --timeout int                timeout in seconds (default 120)
 ```

 ### SEE ALSO

 * [driverkit completion](driverkit_completion.md)	 - Generates completion scripts.
 * [driverkit docker](driverkit_docker.md)	 - Build Falco kernel modules and eBPF probes against a docker daemon.
+* [driverkit images](driverkit_images.md)	 - List builder images
 * [driverkit kubernetes](driverkit_kubernetes.md)	 - Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
+* [driverkit kubernetes-in-cluster](driverkit_kubernetes-in-cluster.md)	 - Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.
+* [driverkit local](driverkit_local.md)	 - Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.

--- a/docs/driverkit_docker.md
+++ b/docs/driverkit_docker.md
@ -2,10 +2,6 @@

 Build Falco kernel modules and eBPF probes against a docker daemon.

-### Synopsis
-
-Build Falco kernel modules and eBPF probes against a docker daemon.
-
 ```
 driverkit docker [flags]
 ```
@ -13,21 +9,32 @@ driverkit docker [flags]
 ### Options

 ```
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for docker
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 60)
+      --architecture string        target architecture for the built driver, one of [amd64,arm64] (default "amd64")
+      --builderimage string        docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
+      --builderrepo strings        list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
+  -c, --config string              config file path (default $HOME/.driverkit.yaml if exists)
+      --driverversion string       driver version as a git commit hash or as a git tag (default "master")
+      --dryrun                     do not actually perform the action
+      --gccversion string          enforce a specific gcc version for the build
+  -h, --help                       help for docker
+      --kernelconfigdata string    base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
+      --kernelrelease string       kernel release to build the module for, it can be found by executing 'uname -v'
+      --kernelurls strings         list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
+      --kernelversion string       kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
+  -l, --loglevel string            set level for logs (info, warn, debug, trace) (default "info")
+      --moduledevicename string    kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
+      --moduledrivername string    kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
+      --output-module string       filepath where to save the resulting kernel module
+      --output-probe string        filepath where to save the resulting eBPF probe
+      --proxy string               the proxy to use to download data
+      --registry-name string       registry name to which authenticate
+      --registry-password string   registry password
+      --registry-plain-http        allows interacting with remote registry via plain http requests
+      --registry-user string       registry username
+      --repo-name string           repository github name (default "libs")
+      --repo-org string            repository github organization (default "falcosecurity")
+  -t, --target string              the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
+      --timeout int                timeout in seconds (default 120)
 ```

 ### SEE ALSO
--- a/docs/driverkit_images.md
+++ b/docs/driverkit_images.md
@ -0,0 +1,43 @@
+## driverkit images
+
+List builder images
+
+```
+driverkit images [flags]
+```
+
+### Options
+
+```
+      --architecture string        target architecture for the built driver, one of [amd64,arm64] (default "amd64")
+      --builderimage string        docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
+      --builderrepo strings        list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
+  -c, --config string              config file path (default $HOME/.driverkit.yaml if exists)
+      --driverversion string       driver version as a git commit hash or as a git tag (default "master")
+      --dryrun                     do not actually perform the action
+      --gccversion string          enforce a specific gcc version for the build
+  -h, --help                       help for images
+      --kernelconfigdata string    base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
+      --kernelrelease string       kernel release to build the module for, it can be found by executing 'uname -v'
+      --kernelurls strings         list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
+      --kernelversion string       kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
+  -l, --loglevel string            set level for logs (info, warn, debug, trace) (default "info")
+      --moduledevicename string    kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
+      --moduledrivername string    kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
+      --output-module string       filepath where to save the resulting kernel module
+      --output-probe string        filepath where to save the resulting eBPF probe
+      --proxy string               the proxy to use to download data
+      --registry-name string       registry name to which authenticate
+      --registry-password string   registry password
+      --registry-plain-http        allows interacting with remote registry via plain http requests
+      --registry-user string       registry username
+      --repo-name string           repository github name (default "libs")
+      --repo-org string            repository github organization (default "falcosecurity")
+  -t, --target string              the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
+      --timeout int                timeout in seconds (default 120)
+```
+
+### SEE ALSO
+
+* [driverkit](driverkit.md)	 - A command line tool to build Falco kernel modules and eBPF probes.
+
--- a/docs/driverkit_kubernetes-in-cluster.md
+++ b/docs/driverkit_kubernetes-in-cluster.md
@ -0,0 +1,46 @@
+## driverkit kubernetes-in-cluster
+
+Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.
+
+```
+driverkit kubernetes-in-cluster [flags]
+```
+
+### Options
+
+```
+      --architecture string        target architecture for the built driver, one of [amd64,arm64] (default "amd64")
+      --builderimage string        docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
+      --builderrepo strings        list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
+  -c, --config string              config file path (default $HOME/.driverkit.yaml if exists)
+      --driverversion string       driver version as a git commit hash or as a git tag (default "master")
+      --dryrun                     do not actually perform the action
+      --gccversion string          enforce a specific gcc version for the build
+  -h, --help                       help for kubernetes-in-cluster
+      --image-pull-secret string   ImagePullSecret
+      --kernelconfigdata string    base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
+      --kernelrelease string       kernel release to build the module for, it can be found by executing 'uname -v'
+      --kernelurls strings         list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
+      --kernelversion string       kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
+  -l, --loglevel string            set level for logs (info, warn, debug, trace) (default "info")
+      --moduledevicename string    kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
+      --moduledrivername string    kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
+  -n, --namespace string           If present, the namespace scope for the pods and its config  (default "default")
+      --output-module string       filepath where to save the resulting kernel module
+      --output-probe string        filepath where to save the resulting eBPF probe
+      --proxy string               the proxy to use to download data
+      --registry-name string       registry name to which authenticate
+      --registry-password string   registry password
+      --registry-plain-http        allows interacting with remote registry via plain http requests
+      --registry-user string       registry username
+      --repo-name string           repository github name (default "libs")
+      --repo-org string            repository github organization (default "falcosecurity")
+      --run-as-user int            Pods runner user
+  -t, --target string              the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
+      --timeout int                timeout in seconds (default 120)
+```
+
+### SEE ALSO
+
+* [driverkit](driverkit.md)	 - A command line tool to build Falco kernel modules and eBPF probes.
+
--- a/docs/driverkit_kubernetes.md
+++ b/docs/driverkit_kubernetes.md
@ -2,10 +2,6 @@

 Build Falco kernel modules and eBPF probes against a Kubernetes cluster.

-### Synopsis
-
-Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
-
 ```
 driverkit kubernetes [flags]
 ```
@ -13,34 +9,50 @@ driverkit kubernetes [flags]
 ### Options

 ```
-      --as string                      username to impersonate for the operation
+      --architecture string            target architecture for the built driver, one of [amd64,arm64] (default "amd64")
+      --as string                      username to impersonate for the operation, user could be a regular user or a service account in a namespace
      --as-group stringArray           group to impersonate for the operation, this flag can be repeated to specify multiple groups
-      --cache-dir string               default HTTP cache directory (default "$HOME/.kube/http-cache")
+      --as-uid string                  uID to impersonate for the operation
+      --builderimage string            docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
+      --builderrepo strings            list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
+      --cache-dir string               default cache directory (default "$HOME/.kube/cache")
      --certificate-authority string   path to a cert file for the certificate authority
      --client-certificate string      path to a client certificate file for TLS
      --client-key string              path to a client key file for TLS
      --cluster string                 the name of the kubeconfig cluster to use
  -c, --config string                  config file path (default $HOME/.driverkit.yaml if exists)
      --context string                 the name of the kubeconfig context to use
+      --disable-compression            if true, opt-out of response compression for all requests to the server
      --driverversion string           driver version as a git commit hash or as a git tag (default "master")
      --dryrun                         do not actually perform the action
+      --gccversion string              enforce a specific gcc version for the build
  -h, --help                           help for kubernetes
+      --image-pull-secret string       ImagePullSecret
      --insecure-skip-tls-verify       if true, the server's certificate will not be checked for validity, this will make your HTTPS connections insecure
      --kernelconfigdata string        base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
      --kernelrelease string           kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelversion uint16           kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
+      --kernelurls strings             list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
+      --kernelversion string           kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
      --kubeconfig string              path to the kubeconfig file to use for CLI requests
-  -l, --loglevel string                log level (default "info")
+  -l, --loglevel string                set level for logs (info, warn, debug, trace) (default "info")
      --moduledevicename string        kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
      --moduledrivername string        kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-  -n, --namespace string               if present, the namespace scope for this CLI request
+  -n, --namespace string               If present, the namespace scope for the pods and its config  (default "default")
      --output-module string           filepath where to save the resulting kernel module
      --output-probe string            filepath where to save the resulting eBPF probe
      --proxy string                   the proxy to use to download data
+      --registry-name string           registry name to which authenticate
+      --registry-password string       registry password
+      --registry-plain-http            allows interacting with remote registry via plain http requests
+      --registry-user string           registry username
+      --repo-name string               repository github name (default "libs")
+      --repo-org string                repository github organization (default "falcosecurity")
      --request-timeout string         the length of time to wait before giving up on a single server request, non-zero values should contain a corresponding time unit (e.g, 1s, 2m, 3h), a value of zero means don't timeout requests (default "0")
+      --run-as-user int                Pods runner user
  -s, --server string                  the address and port of the Kubernetes API server
-  -t, --target string                  the system to target the build for
-      --timeout int                    timeout in seconds (default 60)
+  -t, --target string                  the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
+      --timeout int                    timeout in seconds (default 120)
+      --tls-server-name string         server name to use for server certificate validation, if it is not provided, the hostname used to contact the server is used
      --token string                   bearer token for authentication to the API server
      --user string                    the name of the kubeconfig user to use
 ```
--- a/docs/driverkit_local.md
+++ b/docs/driverkit_local.md
@ -0,0 +1,36 @@
+## driverkit local
+
+Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.
+
+```
+driverkit local [flags]
+```
+
+### Options
+
+```
+  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
+      --dkms                      Enforce usage of DKMS to build the kernel module.
+      --download-headers          Try to automatically download kernel headers.
+      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
+      --dryrun                    do not actually perform the action
+      --env stringToString        Env variables to be enforced during the driver build. (default [])
+  -h, --help                      help for local
+      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
+      --kernelversion string      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
+  -l, --loglevel string           set level for logs (info, warn, debug, trace) (default "info")
+      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
+      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
+      --output-module string      filepath where to save the resulting kernel module
+      --output-probe string       filepath where to save the resulting eBPF probe
+      --repo-name string          repository github name (default "libs")
+      --repo-org string           repository github organization (default "falcosecurity")
+      --src-dir string            Enforce usage of local source dir to build drivers.
+  -t, --target string             the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
+      --timeout int               timeout in seconds (default 120)
+```
+
+### SEE ALSO
+
+* [driverkit](driverkit.md)	 - A command line tool to build Falco kernel modules and eBPF probes.
+
--- a/docs/index.yaml
+++ b/docs/index.yaml
@ -0,0 +1,31 @@
+images:
+  - name: docker.io/falcosecurity/driverkit-builder:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest
+    target: any
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+      - 6.0.0
+      - 5.0.0
+      - 4.9.0
+      - 4.8.0
+  # Name is just the image name that will be used to download the image.
+  # Contrarily to normal repo lister there is no constraint on it,
+  # since all fields are already explicitly available
+  - name: docker.io/foo/bar:mytag
+    target: arch
+    arch: x86_64
+    tag: mytag
+    gcc_versions:
+      - 13.1.1
+
+  # Image name tag ("mytag" in this case)
+  # is not even required to match "tag" property below,
+  # since the latter is used to match against the desired builder image tag for the build,
+  # while the former is the real image tag that will be used.
+  - name: docker.io/foo/baz:mytag
+    target: arch
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 13.1.1
--- a/go.mod
+++ b/go.mod
@ -1,33 +1,162 @@
 module github.com/falcosecurity/driverkit

-go 1.13
+go 1.24.1
+
+toolchain go1.24.2

 require (
-	github.com/Masterminds/semver/v3 v3.0.3
-	github.com/Microsoft/go-winio v0.4.14 // indirect
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/creasty/defaults v1.3.0
-	github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0
-	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/docker/go-units v0.4.0 // indirect
-	github.com/go-playground/locales v0.13.0
-	github.com/go-playground/universal-translator v0.17.0
-	github.com/go-playground/validator/v10 v10.2.0
-	github.com/gorilla/mux v1.7.4 // indirect
-	github.com/mattn/go-sqlite3 v2.0.3+incompatible
+	github.com/blang/semver/v4 v4.0.0
+	github.com/creasty/defaults v1.7.0
+	github.com/docker/docker v28.3.3+incompatible
+	github.com/falcosecurity/falcoctl v0.11.1
+	github.com/go-playground/locales v0.14.1
+	github.com/go-playground/universal-translator v0.18.1
+	github.com/go-playground/validator/v10 v10.24.0
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/morikuni/aec v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.0.1 // indirect
-	github.com/sirupsen/logrus v1.5.0
-	github.com/spf13/cobra v1.0.0
-	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.6.3
-	golang.org/x/sys v0.0.0-20191210023423-ac6580df4449 // indirect
+	github.com/olekukonko/tablewriter v0.0.5
+	github.com/opencontainers/image-spec v1.1.1
+	github.com/pterm/pterm v0.12.80
+	github.com/spf13/cobra v1.9.1
+	github.com/spf13/pflag v1.0.6
+	github.com/spf13/viper v1.20.0
+	gopkg.in/yaml.v3 v3.0.1
 	gotest.tools v2.2.0+incompatible
-	k8s.io/api v0.17.3
-	k8s.io/apimachinery v0.17.3
-	k8s.io/cli-runtime v0.17.3
-	k8s.io/client-go v0.17.3
-	k8s.io/kubectl v0.17.3
-	k8s.io/utils v0.0.0-20191114184206-e782cd3c129f
+	k8s.io/api v0.32.3
+	k8s.io/apimachinery v0.32.3
+	k8s.io/cli-runtime v0.30.0
+	k8s.io/client-go v0.32.3
+	k8s.io/kubectl v0.30.0
+	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
+	modernc.org/sqlite v1.29.9
+	oras.land/oras-go/v2 v2.5.0
+)
+
+require (
+	atomicgo.dev/cursor v0.2.0 // indirect
+	atomicgo.dev/keyboard v0.2.9 // indirect
+	atomicgo.dev/schedule v0.1.0 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
+	github.com/MakeNowJust/heredoc v1.0.0 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/chai2010/gettext-go v1.0.3 // indirect
+	github.com/containerd/console v1.0.4 // indirect
+	github.com/containerd/errdefs v1.0.0 // indirect
+	github.com/containerd/errdefs/pkg v0.3.0 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect
+	github.com/creack/pty v1.1.21 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.0 // indirect
+	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
+	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
+	github.com/fatih/camelcase v1.0.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
+	github.com/fvbommel/sortorder v1.1.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
+	github.com/go-errors/errors v1.5.1 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/btree v1.1.3 // indirect
+	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/gookit/color v1.5.4 // indirect
+	github.com/gorilla/websocket v1.5.1 // indirect
+	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
+	github.com/lithammer/fuzzysearch v1.1.8 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
+	github.com/moby/go-archive v0.1.0 // indirect
+	github.com/moby/patternmatcher v0.6.0 // indirect
+	github.com/moby/spdystream v0.5.0 // indirect
+	github.com/moby/sys/atomicwriter v0.1.0 // indirect
+	github.com/moby/sys/sequential v0.6.0 // indirect
+	github.com/moby/sys/user v0.4.0 // indirect
+	github.com/moby/sys/userns v0.1.0 // indirect
+	github.com/moby/term v0.5.2 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/sagikazarmark/locafero v0.7.0 // indirect
+	github.com/sergi/go-diff v1.3.1 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.12.0 // indirect
+	github.com/spf13/cast v1.7.1 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	github.com/xlab/treeprint v1.2.0 // indirect
+	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect
+	go.opentelemetry.io/otel v1.34.0 // indirect
+	go.opentelemetry.io/otel/metric v1.34.0 // indirect
+	go.opentelemetry.io/otel/trace v1.34.0 // indirect
+	go.starlark.net v0.0.0-20240507195648-35fe9f26b4bc // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/crypto v0.36.0 // indirect
+	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
+	golang.org/x/net v0.38.0 // indirect
+	golang.org/x/oauth2 v0.28.0 // indirect
+	golang.org/x/sync v0.12.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/term v0.30.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gotest.tools/v3 v3.5.2 // indirect
+	k8s.io/component-base v0.30.0 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
+	modernc.org/gc/v3 v3.0.0-20240304020402-f0dba7c97c2b // indirect
+	modernc.org/libc v1.50.5 // indirect
+	modernc.org/mathutil v1.6.0 // indirect
+	modernc.org/memory v1.8.0 // indirect
+	modernc.org/strutil v1.2.0 // indirect
+	modernc.org/token v1.1.0 // indirect
+	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
+	sigs.k8s.io/kustomize/api v0.17.1 // indirect
+	sigs.k8s.io/kustomize/kyaml v0.17.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,481 +1,482 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
-github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
-github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
-github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
-github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
-github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
-github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
-github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd h1:sjQovDkwrZp8u+gxLtPgKGjk5hCxuy2hrRejBTA9xFU=
-github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E=
-github.com/Masterminds/semver/v3 v3.0.3 h1:znjIyLfpXEDQjOIEWh+ehwpTU14UzUPub3c3sm36u14=
-github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+atomicgo.dev/assert v0.0.2 h1:FiKeMiZSgRrZsPo9qn/7vmr7mCsh5SZyXY4YGYiYwrg=
+atomicgo.dev/assert v0.0.2/go.mod h1:ut4NcI3QDdJtlmAxQULOmA13Gz6e2DWbSAS8RUOmNYQ=
+atomicgo.dev/cursor v0.2.0 h1:H6XN5alUJ52FZZUkI7AlJbUc1aW38GWZalpYRPpoPOw=
+atomicgo.dev/cursor v0.2.0/go.mod h1:Lr4ZJB3U7DfPPOkbH7/6TOtJ4vFGHlgj1nc+n900IpU=
+atomicgo.dev/keyboard v0.2.9 h1:tOsIid3nlPLZ3lwgG8KZMp/SFmr7P0ssEN5JUsm78K8=
+atomicgo.dev/keyboard v0.2.9/go.mod h1:BC4w9g00XkxH/f1HXhW2sXmJFOCWbKn9xrOunSFtExQ=
+atomicgo.dev/schedule v0.1.0 h1:nTthAbhZS5YZmgYbb2+DH8uQIZcTlIrd4eYr3UQxEjs=
+atomicgo.dev/schedule v0.1.0/go.mod h1:xeUa3oAkiuHYh8bKiQBRojqAMq3PXXbJujjb0hw8pEU=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
+github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
+github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
+github.com/MarvinJWendt/testza v0.1.0/go.mod h1:7AxNvlfeHP7Z/hDQ5JtE3OKYT3XFUeLCDE2DQninSqs=
+github.com/MarvinJWendt/testza v0.2.1/go.mod h1:God7bhG8n6uQxwdScay+gjm9/LnO4D3kkcZX4hv9Rp8=
+github.com/MarvinJWendt/testza v0.2.8/go.mod h1:nwIcjmr0Zz+Rcwfh3/4UhBp7ePKVhuBExvZqnKYWlII=
+github.com/MarvinJWendt/testza v0.2.10/go.mod h1:pd+VWsoGUiFtq+hRKSU1Bktnn+DMCSrDrXDpX2bG66k=
+github.com/MarvinJWendt/testza v0.2.12/go.mod h1:JOIegYyV7rX+7VZ9r77L/eH6CfJHHzXjB69adAhzZkI=
+github.com/MarvinJWendt/testza v0.3.0/go.mod h1:eFcL4I0idjtIx8P9C6KkAuLgATNKpX4/2oUqKc6bF2c=
+github.com/MarvinJWendt/testza v0.4.2/go.mod h1:mSdhXiKH8sg/gQehJ63bINcCKp7RtYewEjXsvsVUPbE=
+github.com/MarvinJWendt/testza v0.5.2 h1:53KDo64C1z/h/d/stCYCPY69bt/OSwjq5KpFNwi+zB4=
+github.com/MarvinJWendt/testza v0.5.2/go.mod h1:xu53QFE5sCdjtMCKk8YMQ2MnymimEctc4n3EjyIYvEY=
+github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
+github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 h1:7aWHqerlJ41y6FOsEUvknqgXnGmJyJSbjhAWq5pO4F8=
-github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1qXHoty45bqomnu2LM+VVyAEdWN+vtSHGlQgyxbw=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk=
-github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
-github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creasty/defaults v1.3.0 h1:uG+RAxYbJgOPCOdKEcec9ZJXeva7Y6mj/8egdzwmLtw=
-github.com/creasty/defaults v1.3.0/go.mod h1:CIEEvs7oIVZm30R8VxtFJs+4k201gReYyuYHJxZc68I=
-github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/atomicgo/cursor v0.0.1/go.mod h1:cBON2QmmrysudxNBFthvMtN32r3jxVRIvzkUiF/RuIk=
+github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
+github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnTiM80=
+github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
+github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
+github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro=
+github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk=
+github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
+github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
+github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
+github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
+github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
+github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0=
+github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
+github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
+github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
+github.com/creasty/defaults v1.7.0 h1:eNdqZvc5B509z18lD8yc212CAqJNvfT1Jq6L8WowdBA=
+github.com/creasty/defaults v1.7.0/go.mod h1:iGzKe6pbEHnpMPtfDXZEr0NVxWnPTjb1bbDy08fPzYM=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
-github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0 h1:w3NnFcKR5241cfmQU5ZZAsf0xcpId6mWOupTvJlUX2U=
-github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
-github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
-github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
-github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96 h1:cenwrSVm+Z7QLSV/BsnenAOcDXdX4cMv4wP0B/5QbPg=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
-github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e h1:p1yVGRW3nmb85p1Sh1ZJSDm4A4iKLS5QNbvUHMgGu/M=
-github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/evanphx/json-patch v4.2.0+incompatible h1:fUDGZCv/7iAN7u0puUVhvKCcsR6vRfwrJatElLBEf0I=
-github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM=
-github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
+github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI=
+github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
+github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
+github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
+github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk=
+github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
+github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
+github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
+github.com/falcosecurity/falcoctl v0.11.1 h1:slBPwAPs5n5CO2Lro1w7ugemu8WuCOoKnfnL45IHhmQ=
+github.com/falcosecurity/falcoctl v0.11.1/go.mod h1:sD9ghf9R/uFeY8X9fimecMwtvqLbrMn5+jcpwQfPeJQ=
 github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8=
 github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
-github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
-github.com/go-openapi/jsonpointer v0.19.3 h1:gihV7YNZK1iK6Tgwwsxo2rJbD1GTbdm72325Bq8FI3w=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
-github.com/go-openapi/jsonreference v0.19.3 h1:5cxNfTy0UVC3X8JL5ymxzyoUZmo8iZb+jeTWn7tUa8o=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/spec v0.19.3 h1:0XRyw8kguri6Yw4SxhsQA/atC88yqrk0+G4YhI2wabc=
-github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.5 h1:lTz6Ys4CmqqCQmZPBlbQENR1/GucA2bzYTE12Pw4tFY=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
-github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
-github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no=
-github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
-github.com/go-playground/validator/v10 v10.2.0 h1:KgJ0snyC2R9VXYN2rneOtQcw5aHQB1Vv0sFl1UcHBOY=
-github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef h1:veQD95Isof8w9/WXiA+pa3tz3fJXkt5B7QaRBrM62gk=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golangplus/bytes v0.0.0-20160111154220-45c989fe5450/go.mod h1:Bk6SMAONeMXrxql8uvOKuAZSu8aM5RUGv+1C6IJaEho=
-github.com/golangplus/fmt v0.0.0-20150411045040-2a5d6d7d2995/go.mod h1:lJgMEyOkYFkPcDKwRXegd+iM6E7matEszMG5HhwytU8=
-github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
-github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
+github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQmYw=
+github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
+github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
+github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.24.0 h1:KHQckvo8G6hlWnrPX4NJJ+aBfWNAE/HH+qdL2cBpCmg=
+github.com/go-playground/validator/v10 v10.24.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/go-viper/mapstructure/v2 v2.3.0 h1:27XbWsHIqhbdR5TIC911OfYvgSaW93HM+dX7970Q7jk=
+github.com/go-viper/mapstructure/v2 v2.3.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU=
+github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d h1:7XGaL1e6bYS1yIonGp9761ExpPPV1ui0SAC59Yube9k=
-github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
-github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc=
-github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/imdario/mergo v0.3.5 h1:JboBksRwiiAJWvIYJVo46AfV+IAIKZpfrSzVKj42R4Q=
-github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok=
-github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg=
+github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gookit/color v1.4.2/go.mod h1:fqRyamkC1W8uxl+lxCQxOT09l/vYfZ+QeiX3rKQHCoQ=
+github.com/gookit/color v1.5.0/go.mod h1:43aQb+Zerm/BWh2GnrgOQm7ffz7tvQXEKV6BFMl7wAo=
+github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
+github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w=
+github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
+github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
+github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
+github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 h1:VNqngBF40hVlDloBruUehVYC3ArSgIyScOAyMRqBxRg=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1/go.mod h1:RBRO7fro65R6tjKzYgLAFo0t1QEXY1Dp+i/bvpRiqiQ=
+github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
+github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.0.10/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c=
+github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c=
+github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
+github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
-github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
-github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4=
-github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
-github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
-github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/lithammer/fuzzysearch v1.1.8 h1:/HIuJnjHuXS8bKaiTMeeDlW2/AyIWk2brx1V8LFgLN4=
+github.com/lithammer/fuzzysearch v1.1.8/go.mod h1:IdqeyBClc3FFqSzYq/MXESsS4S0FsZ5ajtkr5xPLts4=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
+github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
-github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
-github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
+github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
+github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
+github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
+github.com/moby/go-archive v0.1.0 h1:Kk/5rdW/g+H8NHdJW2gsXyZ7UnzvJNOy6VKJqueWdcQ=
+github.com/moby/go-archive v0.1.0/go.mod h1:G9B+YoujNohJmrIYFBpSd54GTUB4lt9S+xVQvsJyFuo=
+github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
+github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
+github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
+github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
+github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
+github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
+github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
+github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
+github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs=
+github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
+github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
+github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
+github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
+github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
+github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo=
-github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
-github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
-github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
+github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
+github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
+github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
+github.com/onsi/ginkgo/v2 v2.23.3 h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0=
+github.com/onsi/ginkgo/v2 v2.23.3/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
+github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU=
+github.com/onsi/gomega v1.36.3/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
+github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
+github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
+github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
+github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 h1:S/YWwWx/RA8rT8tKFRuGUZhuA90OyIBpPCXkcbwU8DE=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo=
-github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
-github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.5.0 h1:1N5EYkVAPEywqZRJd7cwnRtCb6xJx7NH3T3WUTF980Q=
-github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v0.0.5 h1:f0B+LkLX6DtmRH1isoNA9VTtNUK9K8xYd28JNNfOv/s=
-github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
-github.com/spf13/cobra v1.0.0 h1:6m/oheQuQ13N9ks4hubMG6BnvwOeaJrqSPLahSnczz8=
-github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
-github.com/spf13/viper v1.6.3 h1:pDDu1OyEDTKzpJwdq4TiuLyMsUgRa/BT5cn5O62NoHs=
-github.com/spf13/viper v1.6.3/go.mod h1:jUMtyi0/lB5yZH/FjyGAoH7IMNrIhlBf6pXZmbMDvzw=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pterm/pterm v0.12.27/go.mod h1:PhQ89w4i95rhgE+xedAoqous6K9X+r6aSOI2eFF7DZI=
+github.com/pterm/pterm v0.12.29/go.mod h1:WI3qxgvoQFFGKGjGnJR849gU0TsEOvKn5Q8LlY1U7lg=
+github.com/pterm/pterm v0.12.30/go.mod h1:MOqLIyMOgmTDz9yorcYbcw+HsgoZo3BQfg2wtl3HEFE=
+github.com/pterm/pterm v0.12.31/go.mod h1:32ZAWZVXD7ZfG0s8qqHXePte42kdz8ECtRyEejaWgXU=
+github.com/pterm/pterm v0.12.33/go.mod h1:x+h2uL+n7CP/rel9+bImHD5lF3nM9vJj80k9ybiiTTE=
+github.com/pterm/pterm v0.12.36/go.mod h1:NjiL09hFhT/vWjQHSj1athJpx6H8cjpHXNAK5bUw8T8=
+github.com/pterm/pterm v0.12.40/go.mod h1:ffwPLwlbXxP+rxT0GsgDTzS3y3rmpAO1NMjUkGTYf8s=
+github.com/pterm/pterm v0.12.80 h1:mM55B+GnKUnLMUSqhdINe4s6tOuVQIetQ3my8JGyAIg=
+github.com/pterm/pterm v0.12.80/go.mod h1:c6DeF9bSnOSeFPZlfs4ZRAFcf5SCoTwvwQ5xaKGQlHo=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a h1:w3tdWGKbLGBPtR/8/oO74W6hmz0qE5q0z9aqSAewaaM=
+github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a/go.mod h1:S8kfXMp+yh77OxPD4fdM6YUknrZpQxLhvxzS4gDHENY=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo=
+github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k=
+github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
+github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
+github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs=
+github.com/spf13/afero v1.12.0/go.mod h1:ZTlWwG4/ahT8W7T0WQ5uYmjI9duaLQGy3Q2OAl4sk/4=
+github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=
+github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
+github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.20.0 h1:zrxIyR3RQIOsarIrgL8+sAvALXul9jeEPa06Y0Ph6vY=
+github.com/spf13/viper v1.20.0/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
-github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
-github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1/go.mod h1:QcJo0QPSfTONNIgpN5RA8prR7fF8nkF6cTWTcNerRO8=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.uber.org/atomic v1.4.0 h1:cxzIVoETapQEqDhQu3QfnvXAV4AlzcvUCxkVUFw3+EU=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
+github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
+github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
+github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs=
+github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
+github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I=
+go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=
+go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0/go.mod h1:7Bept48yIeqxP2OZ9/AqIpYS94h2or0aB4FypJTc8ZM=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0 h1:wpMfgF8E1rkrT1Z6meFh1NDtownE9Ii3n3X2GJYjsaU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0/go.mod h1:wAy0T/dUbs468uOlkT31xjvqQgEVXv58BRFWEgn5v/0=
+go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ=
+go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
+go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
+go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
+go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
+go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
+go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4=
+go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4=
+go.starlark.net v0.0.0-20240507195648-35fe9f26b4bc h1:WMJEq47tB89BoJ5HUfoMZVtN+0u6f32LgIfQlu3mMF8=
+go.starlark.net v0.0.0-20240507195648-35fe9f26b4bc/go.mod h1:YKMCv9b1WrfWmeqdV5MAuEHWsu5iC+fe6kYl2sQjdI8=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586 h1:7KByu05hhLed2MO29w7p1XfZvZ13m8mub3shuVftRs0=
-golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
+golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
+golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
+golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456 h1:ng0gs1AKnRRuEMZoTLLlbOd+C17zUDepwGQBb/n+JVg=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191210023423-ac6580df4449 h1:gSbV7h1NRL2G1xTg/owz62CST1oJBmxy4QpMMregXVQ=
-golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
+golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
+golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
-gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
-gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7 h1:ZUjXAXmrAyrmmCPHgCA/vChHcpsX27MZ3yBonD/z1KE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.21.0 h1:G+97AoqBnmZIT91cLG/EkCoK9NSelj64P8bOHHNmGn0=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb h1:ITgPrl429bc6+2ZraNSzMDk3I95nmQln2fuPstKwFDE=
+google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb h1:p31xT4yrYrSM/G4Sn2+TNUkVhFCbG9y8itM2S6Th950=
+google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:jbe3Bkdp+Dh2IrslsFCklNhweNTBgSYanP1UXhJDhKg=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 h1:iK2jbkWL86DXjEx0qiHcRE9dE4/Ahua5k6V8OWFb//c=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=
+google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg=
+google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno=
-gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.17.3 h1:XAm3PZp3wnEdzekNkcmj/9Y1zdmQYJ1I4GKSBBZ8aG0=
-k8s.io/api v0.17.3/go.mod h1:YZ0OTkuw7ipbe305fMpIdf3GLXZKRigjtZaV5gzC2J0=
-k8s.io/apimachinery v0.17.3 h1:f+uZV6rm4/tHE7xXgLyToprg6xWairaClGVkm2t8omg=
-k8s.io/apimachinery v0.17.3/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g=
-k8s.io/cli-runtime v0.17.3 h1:0ZlDdJgJBKsu77trRUynNiWsRuAvAVPBNaQfnt/1qtc=
-k8s.io/cli-runtime v0.17.3/go.mod h1:X7idckYphH4SZflgNpOOViSxetiMj6xI0viMAjM81TA=
-k8s.io/client-go v0.17.3 h1:deUna1Ksx05XeESH6XGCyONNFfiQmDdqeqUvicvP6nU=
-k8s.io/client-go v0.17.3/go.mod h1:cLXlTMtWHkuK4tD360KpWz2gG2KtdWEr/OT02i3emRQ=
-k8s.io/code-generator v0.17.3/go.mod h1:l8BLVwASXQZTo2xamW5mQNFCe1XPiAesVq7Y1t7PiQQ=
-k8s.io/component-base v0.17.3 h1:hQzTSshY14aLSR6WGIYvmw+w+u6V4d+iDR2iDGMrlUg=
-k8s.io/component-base v0.17.3/go.mod h1:GeQf4BrgelWm64PXkIXiPh/XS0hnO42d9gx9BtbZRp8=
-k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
-k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
-k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
-k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
-k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a h1:UcxjrRMyNx/i/y8G7kPvLyy7rfbeuf1PYyBf973pgyU=
-k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
-k8s.io/kubectl v0.17.3 h1:9HHYj07kuFkM+sMJMOyQX29CKWq4lvKAG1UIPxNPMQ4=
-k8s.io/kubectl v0.17.3/go.mod h1:NUn4IBY7f7yCMwSop2HCXlw/MVYP4HJBiUmOR3n9w28=
-k8s.io/metrics v0.17.3/go.mod h1:HEJGy1fhHOjHggW9rMDBJBD3YuGroH3Y1pnIRw9FFaI=
-k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo=
-k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
-modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
-modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
-modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
-modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
-modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
-sigs.k8s.io/kustomize v2.0.3+incompatible h1:JUufWFNlI44MdtnjUqVnvh29rR37PQFzPbLXqhyOyX0=
-sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU=
-sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
-sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI=
+gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
+gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
+k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls=
+k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k=
+k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
+k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48=
+k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg=
+k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU=
+k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY=
+k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o=
+k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
+k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk=
+k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI=
+k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
+k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+modernc.org/cc/v4 v4.21.0 h1:D/gLKtcztomvWbsbvBKo3leKQv+86f+DdqEZBBXhnag=
+modernc.org/cc/v4 v4.21.0/go.mod h1:HM7VJTZbUCR3rV8EYBi9wxnJ0ZBRiGE5OeGXNA0IsLQ=
+modernc.org/ccgo/v4 v4.17.3 h1:t2CQci84jnxKw3GGnHvjGKjiNZeZqyQx/023spkk4hU=
+modernc.org/ccgo/v4 v4.17.3/go.mod h1:1FCbAtWYJoKuc+AviS+dH+vGNtYmFJqBeRWjmnDWsIg=
+modernc.org/fileutil v1.3.0 h1:gQ5SIzK3H9kdfai/5x41oQiKValumqNTDXMvKo62HvE=
+modernc.org/fileutil v1.3.0/go.mod h1:XatxS8fZi3pS8/hKG2GH/ArUogfxjpEKs3Ku3aK4JyQ=
+modernc.org/gc/v2 v2.4.1 h1:9cNzOqPyMJBvrUipmynX0ZohMhcxPtMccYgGOJdOiBw=
+modernc.org/gc/v2 v2.4.1/go.mod h1:wzN5dK1AzVGoH6XOzc3YZ+ey/jPgYHLuVckd62P0GYU=
+modernc.org/gc/v3 v3.0.0-20240304020402-f0dba7c97c2b h1:BnN1t+pb1cy61zbvSUV7SeI0PwosMhlAEi/vBY4qxp8=
+modernc.org/gc/v3 v3.0.0-20240304020402-f0dba7c97c2b/go.mod h1:Qz0X07sNOR1jWYCrJMEnbW/X55x206Q7Vt4mz6/wHp4=
+modernc.org/libc v1.50.5 h1:ZzeUd0dIc/sUtoPTCYIrgypkuzoGzNu6kbEWj2VuEmk=
+modernc.org/libc v1.50.5/go.mod h1:rhzrUx5oePTSTIzBgM0mTftwWHK8tiT9aNFUt1mldl0=
+modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4=
+modernc.org/mathutil v1.6.0/go.mod h1:Ui5Q9q1TR2gFm0AQRqQUaBWFLAhQpCwNcuhBOSedWPo=
+modernc.org/memory v1.8.0 h1:IqGTL6eFMaDZZhEWwcREgeMXYwmW83LYW8cROZYkg+E=
+modernc.org/memory v1.8.0/go.mod h1:XPZ936zp5OMKGWPqbD3JShgd/ZoQ7899TUuQqxY+peU=
+modernc.org/opt v0.1.3 h1:3XOZf2yznlhC+ibLltsDGzABUGVx8J6pnFMS3E4dcq4=
+modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
+modernc.org/sortutil v1.2.0 h1:jQiD3PfS2REGJNzNCMMaLSp/wdMNieTbKX920Cqdgqc=
+modernc.org/sortutil v1.2.0/go.mod h1:TKU2s7kJMf1AE84OoiGppNHJwvB753OYfNl2WRb++Ss=
+modernc.org/sqlite v1.29.9 h1:9RhNMklxJs+1596GNuAX+O/6040bvOwacTxuFcRuQow=
+modernc.org/sqlite v1.29.9/go.mod h1:ItX2a1OVGgNsFh6Dv60JQvGfJfTPHPVpV6DF59akYOA=
+modernc.org/strutil v1.2.0 h1:agBi9dp1I+eOnxXeiZawM8F4LawKv4NzGWSaLfyeNZA=
+modernc.org/strutil v1.2.0/go.mod h1:/mdcBmfOibveCTBxUl5B5l6W+TTH1FXPLHZE6bTosX0=
+modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
+modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
+oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c=
+oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZHg=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
+sigs.k8s.io/kustomize/api v0.17.1 h1:MYJBOP/yQ3/5tp4/sf6HiiMfNNyO97LmtnirH9SLNr4=
+sigs.k8s.io/kustomize/api v0.17.1/go.mod h1:ffn5491s2EiNrJSmgqcWGzQUVhc/pB0OKNI0HsT/0tA=
+sigs.k8s.io/kustomize/kyaml v0.17.0 h1:G2bWs03V9Ur2PinHLzTUJ8Ded+30SzXZKiO92SRDs3c=
+sigs.k8s.io/kustomize/kyaml v0.17.0/go.mod h1:6lxkYF1Cv9Ic8g/N7I86cvxNc5iinUo/P2vKsHNmpyE=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
--- a/main.go
+++ b/main.go
@ -1,3 +1,17 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package main

 import (
--- a/pkg/driverbuilder/builder/aliyunlinux.go
+++ b/pkg/driverbuilder/builder/aliyunlinux.go
@ -0,0 +1,84 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/alinux_kernel.sh
+var alinuxKernelTemplate string
+
+//go:embed templates/alinux.sh
+var alinuxTemplate string
+
+// TargetTypeAlinux identifies the AliyunLinux 2 and 3 target.
+const TargetTypeAlinux Type = "alinux"
+
+func init() {
+	byTarget[TargetTypeAlinux] = &alinux{}
+}
+
+type alinuxTemplateData struct {
+	KernelDownloadURL string
+}
+
+type alinux struct {
+}
+
+func (c *alinux) Name() string {
+	return TargetTypeAlinux.String()
+}
+
+func (c *alinux) TemplateKernelUrlsScript() string {
+	return alinuxKernelTemplate
+}
+
+func (c *alinux) TemplateScript() string {
+	return alinuxTemplate
+}
+
+func (c *alinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchAlinuxKernelURLS(kr), nil
+}
+
+func (c *alinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return alinuxTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}
+
+func fetchAlinuxKernelURLS(kr kernelrelease.KernelRelease) []string {
+	alinuxReleases := []string{
+		"2",
+		"2.1903",
+		"3",
+	}
+
+	urls := []string{}
+	for _, r := range alinuxReleases {
+		urls = append(urls, fmt.Sprintf(
+			"http://mirrors.aliyun.com/alinux/%s/os/%s/Packages/kernel-devel-%s%s.rpm",
+			r,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		))
+	}
+	return urls
+}
--- a/pkg/driverbuilder/builder/almalinux.go
+++ b/pkg/driverbuilder/builder/almalinux.go
@ -0,0 +1,96 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/almalinux_kernel.sh
+var almaKernelTemplate string
+
+//go:embed templates/almalinux.sh
+var almaTemplate string
+
+// TargetTypeAlma identifies the AlmaLinux target.
+const TargetTypeAlma Type = "almalinux"
+
+func init() {
+	byTarget[TargetTypeAlma] = &alma{}
+}
+
+type almaTemplateData struct {
+	KernelDownloadURL string
+}
+
+// alma is a driverkit target.
+type alma struct {
+}
+
+func (c *alma) Name() string {
+	return TargetTypeAlma.String()
+}
+
+func (c *alma) TemplateKernelUrlsScript() string {
+	return almaKernelTemplate
+}
+
+func (c *alma) TemplateScript() string {
+	return almaTemplate
+}
+
+func (c *alma) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchAlmaKernelURLS(kr), nil
+}
+
+func (c *alma) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return almaTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}
+
+func fetchAlmaKernelURLS(kr kernelrelease.KernelRelease) []string {
+	almaReleases := []string{
+		"8",
+		"8.6",
+		"9",
+		"9.0",
+	}
+
+	urls := []string{}
+	for _, r := range almaReleases {
+		if r >= "9" {
+			urls = append(urls, fmt.Sprintf(
+				"https://repo.almalinux.org/almalinux/%s/AppStream/%s/os/Packages/kernel-devel-%s%s.rpm",
+				r,
+				kr.Architecture.ToNonDeb(),
+				kr.Fullversion,
+				kr.FullExtraversion,
+			))
+		} else {
+			urls = append(urls, fmt.Sprintf(
+				"https://repo.almalinux.org/almalinux/%s/BaseOS/%s/os/Packages/kernel-devel-%s%s.rpm",
+				r,
+				kr.Architecture.ToNonDeb(),
+				kr.Fullversion,
+				kr.FullExtraversion,
+			))
+		}
+	}
+	return urls
+}
--- a/pkg/driverbuilder/builder/amazonlinux.go
+++ b/pkg/driverbuilder/builder/amazonlinux.go
@ -1,3 +1,17 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder

 import (
@ -5,28 +19,55 @@ import (
 	"bytes"
 	"compress/bzip2"
 	"compress/gzip"
+	"database/sql"
+	_ "embed"
 	"fmt"
+	"github.com/blang/semver/v4"
 	"io"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
 	"strings"
-	"text/template"

-	"database/sql"
+	_ "modernc.org/sqlite"

 	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
-	_ "github.com/mattn/go-sqlite3" // Why do you want me to justify? Leave me alone :)
-	logger "github.com/sirupsen/logrus"
 )

-type amazonlinux2 struct {
+//go:embed templates/amazonlinux_kernel.sh
+var amazonlinuxKernelTemplate string
+
+//go:embed templates/amazonlinux.sh
+var amazonlinuxTemplate string
+
+type amazonBuilder interface {
+	Builder
+	repos() []string
+	baseUrl() string
+	ext() string
 }

 type amazonlinux struct {
 }

+type amazonlinux2 struct {
+	amazonlinux
+}
+
+type amazonlinux2022 struct {
+	amazonlinux
+}
+
+type amazonlinux2023 struct {
+	amazonlinux
+}
+
+// TargetTypeAmazonLinux2023 identifies the AmazonLinux2023 target.
+const TargetTypeAmazonLinux2023 Type = "amazonlinux2023"
+
+// TargetTypeAmazonLinux2022 identifies the AmazonLinux2022 target.
+const TargetTypeAmazonLinux2022 Type = "amazonlinux2022"
+
 // TargetTypeAmazonLinux2 identifies the AmazonLinux2 target.
 const TargetTypeAmazonLinux2 Type = "amazonlinux2"

@ -34,130 +75,38 @@ const TargetTypeAmazonLinux2 Type = "amazonlinux2"
 const TargetTypeAmazonLinux Type = "amazonlinux"

 func init() {
-	BuilderByTarget[TargetTypeAmazonLinux2] = &amazonlinux2{}
-	BuilderByTarget[TargetTypeAmazonLinux] = &amazonlinux{}
+	byTarget[TargetTypeAmazonLinux2023] = &amazonlinux2023{}
+	byTarget[TargetTypeAmazonLinux2022] = &amazonlinux2022{}
+	byTarget[TargetTypeAmazonLinux2] = &amazonlinux2{}
+	byTarget[TargetTypeAmazonLinux] = &amazonlinux{}
 }

-const amazonlinuxTemplate = `
-#!/bin/bash
-set -xeuo pipefail
-
-rm -Rf {{ .DriverBuildDir }}
-mkdir {{ .DriverBuildDir }}
-rm -Rf /tmp/module-download
-mkdir -p /tmp/module-download
-
-curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
-mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
-
-cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
-bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
-
-# Fetch the kernel
-mkdir /tmp/kernel-download
-cd /tmp/kernel-download
-{{ range $url := .KernelDownloadURLs }}
-curl --silent -o kernel.rpm -SL {{ $url }}
-rpm2cpio kernel.rpm | cpio --extract --make-directories
-rm -rf kernel.rpm
-{{ end }}
-rm -Rf /tmp/kernel
-mkdir -p /tmp/kernel
-mv usr/src/kernels/*/* /tmp/kernel
-
-# Change current gcc
-ln -sf /usr/bin/gcc /usr/bin/gcc-{{ .GCCVersion }}
-
-{{ if .BuildModule }}
-# Build the kernel module
-cd {{ .DriverBuildDir }}
-
-make KERNELDIR=/tmp/kernel CC=/usr/bin/gcc-{{ .GCCVersion }} LD=/usr/bin/ld.bfd CROSS_COMPILE=""
-mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
-# Print results
-modinfo {{ .ModuleFullPath }}
-{{ end }}
-
-{{ if .BuildProbe }}
-# Build the eBPF probe
-cd {{ .DriverBuildDir }}/bpf
-make LLC=/usr/bin/llc-{{ .LLVMVersion }} CLANG=/usr/bin/clang-{{ .LLVMVersion }} CC=/usr/bin/gcc KERNELDIR=/tmp/kernel
-ls -l probe.o
-{{ end }}
-`
-
 type amazonlinuxTemplateData struct {
-	DriverBuildDir     string
-	ModuleDownloadURL  string
 	KernelDownloadURLs []string
-	GCCVersion         string
-	ModuleDriverName   string
-	ModuleFullPath     string
-	BuildModule        bool
-	BuildProbe         bool
-	LLVMVersion        string
 }

-// Script compiles the script to build the kernel module and/or the eBPF probe.
-func (a amazonlinux2) Script(c Config) (string, error) {
-	return script(c, TargetTypeAmazonLinux2)
+func (a *amazonlinux) Name() string {
+	return TargetTypeAmazonLinux.String()
 }

-// Script compiles the script to build the kernel module and/or the eBPF probe.
-func (a amazonlinux) Script(c Config) (string, error) {
-	return script(c, TargetTypeAmazonLinux)
+func (a *amazonlinux) TemplateKernelUrlsScript() string { return amazonlinuxKernelTemplate }
+
+func (a *amazonlinux) TemplateScript() string {
+	return amazonlinuxTemplate
 }

-func script(c Config, targetType Type) (string, error) {
-	t := template.New(string(targetType))
-	parsed, err := t.Parse(amazonlinuxTemplate)
-	if err != nil {
-		return "", err
-	}
+func (a *amazonlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchAmazonLinuxPackagesURLs(a, kr)
+}

-	kv := kernelrelease.FromString(c.Build.KernelRelease)
-
-	// Check (and filter) existing kernels before continuing
-	packages, err := fetchAmazonLinuxPackagesURLs(kv, c.Build.Architecture, targetType)
-	if err != nil {
-		return "", err
-	}
-	if len(packages) != 2 {
-		return "", fmt.Errorf("target %s needs to find both kernel and kernel-devel packages", targetType)
-	}
-	urls, err := getResolvingURLs(packages)
-	if err != nil {
-		return "", err
-	}
-
-	td := amazonlinuxTemplateData{
-		DriverBuildDir:     DriverDirectory,
-		ModuleDownloadURL:  moduleDownloadURL(c),
+func (a *amazonlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return amazonlinuxTemplateData{
 		KernelDownloadURLs: urls,
-		GCCVersion:         amazonGccVersionFromKernelRelease(kv),
-		ModuleDriverName:   c.DriverName,
-		ModuleFullPath:     ModuleFullPath,
-		BuildModule:        len(c.Build.ModuleFilePath) > 0,
-		BuildProbe:         len(c.Build.ProbeFilePath) > 0,
-		LLVMVersion:        amazonLLVMVersionFromKernelRelease(kv),
 	}
-
-	buf := bytes.NewBuffer(nil)
-	err = parsed.Execute(buf, td)
-	if err != nil {
-		return "", err
-	}
-	return buf.String(), nil
 }

-var reposByTarget = map[Type][]string{
-	TargetTypeAmazonLinux2: []string{
-		"core/2.0",
-		"core/latest",
-		"extras/kernel-5.4/latest",
-		"extras/kernel-5.10/latest",
-	},
-	TargetTypeAmazonLinux: []string{
+func (a *amazonlinux) repos() []string {
+	return []string{
 		"latest/updates",
 		"latest/main",
 		"2017.03/updates",
@ -166,126 +115,216 @@ var reposByTarget = map[Type][]string{
 		"2017.09/main",
 		"2018.03/updates",
 		"2018.03/main",
-	},
+	}
 }

-var baseByTarget = map[Type]string{
-	TargetTypeAmazonLinux:  "http://repo.us-east-1.amazonaws.com/%s",
-	TargetTypeAmazonLinux2: "http://amazonlinux.us-east-1.amazonaws.com/2/core/%s/%s",
+func (a *amazonlinux) baseUrl() string {
+	return "http://repo.us-east-1.amazonaws.com"
 }

-func fetchAmazonLinuxPackagesURLs(kv kernelrelease.KernelRelease, arch string, targetType Type) ([]string, error) {
+func (a *amazonlinux) ext() string {
+	return "bz2"
+}
+
+func (a *amazonlinux2022) Name() string {
+	return TargetTypeAmazonLinux2022.String()
+}
+
+func (a *amazonlinux2022) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchAmazonLinuxPackagesURLs(a, kr)
+}
+
+func (a *amazonlinux2022) repos() []string {
+	return []string{
+		"2022.0.20220202",
+		"2022.0.20220315",
+	}
+}
+
+func (a *amazonlinux2022) baseUrl() string {
+	return "https://al2022-repos-us-east-1-9761ab97.s3.dualstack.us-east-1.amazonaws.com/core/mirrors"
+}
+
+func (a *amazonlinux2022) ext() string {
+	return "gz"
+}
+
+func (a *amazonlinux2023) Name() string {
+	return TargetTypeAmazonLinux2023.String()
+}
+
+func (a *amazonlinux2023) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchAmazonLinuxPackagesURLs(a, kr)
+}
+
+func (a *amazonlinux2023) repos() []string {
+	return []string{
+		"latest",
+	}
+}
+
+func (a *amazonlinux2023) baseUrl() string {
+	return "https://cdn.amazonlinux.com/al2023/core/mirrors"
+}
+
+func (a *amazonlinux2023) ext() string {
+	return "gz"
+}
+
+func (a *amazonlinux2) Name() string {
+	return TargetTypeAmazonLinux2.String()
+}
+
+func (a *amazonlinux2) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchAmazonLinuxPackagesURLs(a, kr)
+}
+
+func (a *amazonlinux2) GCCVersion(kr kernelrelease.KernelRelease) semver.Version {
+	// 5.10 amazonlinux2 kernels need gcc 10
+	if kr.Major == 5 && kr.Minor == 10 {
+		return semver.Version{Major: 10}
+	}
+	return semver.Version{}
+}
+
+func (a *amazonlinux2) repos() []string {
+	return []string{
+		"core/2.0",
+		"core/latest",
+		"extras/kernel-5.4/latest",
+		"extras/kernel-5.10/latest",
+		"extras/kernel-5.15/latest",
+	}
+}
+
+func (a *amazonlinux2) baseUrl() string {
+	return "http://amazonlinux.us-east-1.amazonaws.com/2"
+}
+
+func (a *amazonlinux2) ext() string {
+	return "gz"
+}
+
+func buildMirror(a amazonBuilder, r string, kv kernelrelease.KernelRelease) (string, error) {
+	var baseURL string
+	switch a.(type) {
+	case *amazonlinux:
+		baseURL = fmt.Sprintf("%s/%s", a.baseUrl(), r)
+	case *amazonlinux2, *amazonlinux2022, *amazonlinux2023:
+		baseURL = fmt.Sprintf("%s/%s/%s", a.baseUrl(), r, kv.Architecture.ToNonDeb())
+	default:
+		return "", fmt.Errorf("unsupported target")
+	}
+
+	mirror := fmt.Sprintf("%s/%s", baseURL, "mirror.list")
+	return mirror, nil
+}
+
+type unzipFunc func(io.Reader) ([]byte, error)
+
+func unzipFuncFromBuilder(a amazonBuilder) (unzipFunc, error) {
+	switch a.ext() {
+	case "gz":
+		return gunzip, nil
+	case "bz2":
+		return bunzip, nil
+	}
+	return nil, fmt.Errorf("unsupported extension: %s", a.ext())
+}
+
+func fetchAmazonLinuxPackagesURLs(a amazonBuilder, kv kernelrelease.KernelRelease) ([]string, error) {
 	urls := []string{}
-	visited := map[string]bool{}
-	amazonlinux2baseURL := "http://amazonlinux.us-east-1.amazonaws.com"
+	visited := make(map[string]struct{})

-	for _, v := range reposByTarget[targetType] {
-		var baseURL string
-		switch targetType {
-		case TargetTypeAmazonLinux:
-			baseURL = fmt.Sprintf("http://repo.us-east-1.amazonaws.com/%s", v)
-		case TargetTypeAmazonLinux2:
-			baseURL = fmt.Sprintf("%s/2/%s/%s", amazonlinux2baseURL, v, arch)
-		default:
-			return nil, fmt.Errorf("unsupported target")
-		}
-
-		mirror := fmt.Sprintf("%s/%s", baseURL, "mirror.list")
-		logger.WithField("url", mirror).WithField("version", v).Debug("looking for repo...")
-		// Obtain the repo URL by getting mirror URL content
-		mirrorRes, err := http.Get(mirror)
-		if err != nil {
-			return nil, err
-		}
-		defer mirrorRes.Body.Close()
-
-		var repo string
-		scanner := bufio.NewScanner(mirrorRes.Body)
-		if scanner.Scan() {
-			repo = scanner.Text()
-		}
-		if repo == "" {
-			return nil, fmt.Errorf("repository not found")
-		}
-		repo = strings.ReplaceAll(strings.TrimSuffix(string(repo), "\n"), "$basearch", arch)
-
-		ext := "gz"
-		if targetType == TargetTypeAmazonLinux {
-			ext = "bz2"
-		}
-		repoDatabaseURL := fmt.Sprintf("%s/repodata/primary.sqlite.%s", repo, ext)
-		if _, ok := visited[repoDatabaseURL]; ok {
-			continue
-		}
-		// Download the repo database
-		repoRes, err := http.Get(repoDatabaseURL)
-		logger.WithField("url", repoDatabaseURL).Debug("downloading...")
-		if err != nil {
-			return nil, err
-		}
-		defer repoRes.Body.Close()
-		visited[repoDatabaseURL] = true
-		// Decompress the database
-		var unzipFunc func(io.Reader) ([]byte, error)
-		if targetType == TargetTypeAmazonLinux {
-			unzipFunc = bunzip
-		} else {
-			unzipFunc = gunzip
-		}
-		dbBytes, err := unzipFunc(repoRes.Body)
-		if err != nil {
-			return nil, err
-		}
-		// Create the temporary database file
-		dbFile, err := ioutil.TempFile(os.TempDir(), fmt.Sprintf("%s-*.sqlite", targetType))
-		if err != nil {
-			return nil, err
-		}
-		defer os.Remove(dbFile.Name())
-		if _, err := dbFile.Write(dbBytes); err != nil {
-			return nil, err
-		}
-		// Open the database
-		db, err := sql.Open("sqlite3", dbFile.Name())
-		if err != nil {
-			return nil, err
-		}
-		defer db.Close()
-		logger.WithField("db", dbFile.Name()).Debug("connecting to database...")
-		// Query the database
-		rel := strings.TrimPrefix(strings.TrimSuffix(kv.FullExtraversion, fmt.Sprintf(".%s", arch)), "-")
-		q := fmt.Sprintf("SELECT location_href FROM packages WHERE name LIKE 'kernel%%' AND name NOT LIKE 'kernel-livepatch%%' AND name NOT LIKE '%%doc%%' AND name NOT LIKE '%%tools%%' AND name NOT LIKE '%%headers%%' AND version='%s' AND release='%s'", kv.Fullversion, rel)
-		stmt, err := db.Prepare(q)
-		if err != nil {
-			return nil, err
-		}
-		defer stmt.Close()
-		rows, err := stmt.Query()
-		if err != nil {
-			return nil, err
-		}
-		defer rows.Close()
-		for rows.Next() {
-			var href string
-			err = rows.Scan(&href)
+	for _, v := range a.repos() {
+		err := func() error {
+			mirror, err := buildMirror(a, v, kv)
 			if err != nil {
-				log.Fatal(err)
+				return err
 			}
-			base := repo
-			if targetType == TargetTypeAmazonLinux2 {
-				base = amazonlinux2baseURL
-			}
-			href = strings.ReplaceAll(href, "../", "")
-			urls = append(urls, fmt.Sprintf("%s/%s", base, href))
-		}

-		if err := dbFile.Close(); err != nil {
+			// Obtain the repo URL by getting mirror URL content
+			mirrorRes, err := http.Get(mirror)
+			if err != nil {
+				return err
+			}
+			defer mirrorRes.Body.Close()
+
+			var repo string
+			scanner := bufio.NewScanner(mirrorRes.Body)
+			if scanner.Scan() {
+				repo = scanner.Text()
+			}
+			if repo == "" {
+				return fmt.Errorf("repository not found")
+			}
+			repo = strings.ReplaceAll(strings.TrimSuffix(repo, "\n"), "$basearch", kv.Architecture.ToNonDeb())
+			repo = strings.TrimSuffix(repo, "/")
+			repoDatabaseURL := fmt.Sprintf("%s/repodata/primary.sqlite.%s", repo, a.ext())
+			if _, ok := visited[repoDatabaseURL]; ok {
+				return nil
+			}
+			// Download the repo database
+			repoRes, err := http.Get(repoDatabaseURL)
+			if err != nil {
+				return err
+			}
+			defer repoRes.Body.Close()
+			visited[repoDatabaseURL] = struct{}{}
+
+			unzip, err := unzipFuncFromBuilder(a)
+			if err != nil {
+				return err
+			}
+
+			dbBytes, err := unzip(repoRes.Body)
+			if err != nil {
+				return err
+			}
+			// Create the temporary database file
+			dbFile, err := os.CreateTemp(os.TempDir(), fmt.Sprintf("%s-*.sqlite", a.Name()))
+			if err != nil {
+				return err
+			}
+			defer os.Remove(dbFile.Name())
+			if _, err := dbFile.Write(dbBytes); err != nil {
+				return err
+			}
+			// Open the database
+			db, err := sql.Open("sqlite", dbFile.Name())
+			if err != nil {
+				return err
+			}
+			defer db.Close()
+			// Query the database
+			rel := strings.TrimPrefix(strings.TrimSuffix(kv.FullExtraversion, fmt.Sprintf(".%s", kv.Architecture.ToNonDeb())), "-")
+			q := fmt.Sprintf("SELECT location_href FROM packages WHERE name LIKE 'kernel-devel%%' AND version='%s' AND release='%s'", kv.Fullversion, rel)
+			stmt, err := db.Prepare(q)
+			if err != nil {
+				return err
+			}
+			defer stmt.Close()
+			rows, err := stmt.Query()
+			if err != nil {
+				return err
+			}
+			defer rows.Close()
+			for rows.Next() {
+				var href string
+				err = rows.Scan(&href)
+				if err != nil {
+					log.Fatal(err)
+				}
+				urls = append(urls, fmt.Sprintf("%s/%s", repo, href))
+			}
+			return dbFile.Close()
+		}()
+		if err != nil {
 			return nil, err
 		}

 		// Found, do not continue
-		// todo > verify amazonlinux always needs 2 packages (kernel and kernel-devel) too
-		if len(urls) == 2 {
+		if len(urls) > 0 {
 			break
 		}
 	}
@ -325,23 +364,3 @@ func bunzip(data io.Reader) (res []byte, err error) {

 	return
 }
-
-func amazonGccVersionFromKernelRelease(kr kernelrelease.KernelRelease) string {
-	switch kr.Version {
-	case "5":
-		return "10"
-	}
-	return "8"
-}
-
-func amazonLLVMVersionFromKernelRelease(kr kernelrelease.KernelRelease) string {
-	switch kr.Version {
-	case "5":
-		switch kr.PatchLevel {
-		case "10":
-			return "12"
-		}
-		return "7"
-	}
-	return "7"
-}
--- a/pkg/driverbuilder/builder/archlinux.go
+++ b/pkg/driverbuilder/builder/archlinux.go
@ -0,0 +1,157 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+	"strings"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/archlinux_kernel.sh
+var archlinuxKernelTemplate string
+
+//go:embed templates/archlinux.sh
+var archlinuxTemplate string
+
+// TargetTypeArchlinux identifies the Archlinux target.
+const TargetTypeArchlinux Type = "arch"
+
+func init() {
+	byTarget[TargetTypeArchlinux] = &archlinux{}
+}
+
+// archlinux is a driverkit target.
+type archlinux struct {
+}
+
+type archlinuxTemplateData struct {
+	KernelDownloadURL string
+}
+
+func (c *archlinux) Name() string {
+	return TargetTypeArchlinux.String()
+}
+
+func (c *archlinux) TemplateKernelUrlsScript() string { return archlinuxKernelTemplate }
+
+func (c *archlinux) TemplateScript() string {
+	return archlinuxTemplate
+}
+
+func (c *archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	// uname -r returns "6.8.1-arch1-1" but headers URL is "6.8.1.arch1-1"
+	// Also, for 0-patch releases, like: "6.8.0-arch1-1", headers url is "6.8.arch1-1"
+	kr.FullExtraversion = strings.Replace(kr.FullExtraversion, "-arch", ".arch", 1)
+	if kr.Patch == 0 {
+		kr.Fullversion = strings.TrimSuffix(kr.Fullversion, ".0")
+	}
+
+	urls := []string{}
+	possibleCompressionSuffixes := []string{
+		"xz",
+		"zst",
+	}
+
+	// check the architecture, which limits the mirror options
+	if kr.Architecture.ToNonDeb() == "x86_64" {
+		if strings.Contains(kr.FullExtraversion, "arch") { // arch stable kernel
+			baseURL := "https://archive.archlinux.org/packages/l/linux-headers"
+			for _, compressionAlgo := range possibleCompressionSuffixes {
+				urls = append(
+					urls,
+					fmt.Sprintf(
+						"%s/linux-headers-%s-%s-%s.pkg.tar.%s",
+						baseURL,
+						kr.String(),
+						kr.KernelVersion,
+						kr.Architecture.ToNonDeb(),
+						compressionAlgo,
+					),
+				)
+			}
+		} else if strings.Contains(kr.FullExtraversion, "hardened") || strings.Contains(kr.FullExtraversion, ".a-1") { // arch hardened kernel ("a-1" is old naming standard)
+			baseURL := "https://archive.archlinux.org/packages/l/linux-hardened-headers"
+			for _, compressionAlgo := range possibleCompressionSuffixes {
+				urls = append(
+					urls,
+					fmt.Sprintf(
+						"%s/linux-hardened-headers-%s-%s-%s.pkg.tar.%s",
+						baseURL,
+						kr.String(),
+						kr.KernelVersion,
+						kr.Architecture.ToNonDeb(),
+						compressionAlgo,
+					),
+				)
+			}
+		} else if strings.Contains(kr.FullExtraversion, "zen") { // arch zen kernel
+			baseURL := "https://archive.archlinux.org/packages/l/linux-zen-headers"
+			for _, compressionAlgo := range possibleCompressionSuffixes {
+				urls = append(
+					urls,
+					fmt.Sprintf(
+						"%s/linux-zen-headers-%s-%s-%s.pkg.tar.%s",
+						baseURL,
+						kr.String(),
+						kr.KernelVersion,
+						kr.Architecture.ToNonDeb(),
+						compressionAlgo,
+					),
+				)
+			}
+		} else { // arch LTS kernel
+			baseURL := "https://archive.archlinux.org/packages/l/linux-lts-headers"
+			for _, compressionAlgo := range possibleCompressionSuffixes {
+				urls = append(
+					urls,
+					fmt.Sprintf(
+						"%s/linux-lts-headers-%s-%s-%s.pkg.tar.%s",
+						baseURL,
+						kr.String(),
+						kr.KernelVersion,
+						kr.Architecture.ToNonDeb(),
+						compressionAlgo,
+					),
+				)
+			}
+		}
+	} else if kr.Architecture.ToNonDeb() == "aarch64" {
+		baseURL := "https://alaa.ad24.cz/packages/l/linux-aarch64-headers/"
+		for _, compressionAlgo := range possibleCompressionSuffixes {
+			urls = append(
+				urls,
+				fmt.Sprintf(
+					"%s/linux-aarch64-headers-%s-%s-%s.pkg.tar.%s",
+					baseURL,
+					kr.String(),
+					kr.KernelVersion,
+					kr.Architecture.ToNonDeb(),
+					compressionAlgo,
+				),
+			)
+		}
+	}
+
+	return urls, nil
+}
+
+func (c *archlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return archlinuxTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}
--- a/pkg/driverbuilder/builder/bottlerocket.go
+++ b/pkg/driverbuilder/builder/bottlerocket.go
@ -0,0 +1,43 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+// TargetTypeBottlerocket identifies the Bottlerocket target.
+const TargetTypeBottlerocket Type = "bottlerocket"
+
+func init() {
+	byTarget[TargetTypeBottlerocket] = &bottlerocket{
+		vanilla{},
+	}
+}
+
+type bottlerocket struct {
+	vanilla
+}
+
+func (b *bottlerocket) Name() string {
+	return TargetTypeBottlerocket.String()
+}
+
+func (b *bottlerocket) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
+	return vanillaTemplateData{
+		KernelDownloadURL:  urls[0],
+		KernelLocalVersion: kr.FullExtraversion,
+	}
+}
--- a/pkg/driverbuilder/builder/build.go
+++ b/pkg/driverbuilder/builder/build.go
@ -1,15 +1,113 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder

+import (
+	"context"
+	"fmt"
+	"github.com/falcosecurity/falcoctl/pkg/output"
+	"strings"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+	"oras.land/oras-go/v2/registry/remote/auth"
+)
+
+var defaultImageTag = "latest" // This is overwritten when using the Makefile to build
+
 // Build contains the info about the on-going build.
 type Build struct {
-	TargetType       Type
-	KernelConfigData string
-	KernelRelease    string
-	KernelVersion    uint16
-	DriverVersion    string
-	Architecture     string
-	ModuleFilePath   string
-	ProbeFilePath    string
-	ModuleDriverName string
-	ModuleDeviceName string
+	TargetType        Type
+	KernelConfigData  string
+	KernelRelease     string
+	KernelVersion     string
+	DriverVersion     string
+	Architecture      string
+	ModuleFilePath    string
+	ProbeFilePath     string
+	ModuleDriverName  string
+	ModuleDeviceName  string
+	BuilderImage      string
+	BuilderRepos      []string
+	ImagesListers     []ImagesLister
+	KernelUrls        []string
+	GCCVersion        string
+	RepoOrg           string
+	RepoName          string
+	Images            ImagesMap
+	RegistryName      string
+	RegistryUser      string
+	RegistryPassword  string
+	RegistryPlainHTTP bool
+
+	*output.Printer
+}
+
+func (b *Build) KernelReleaseFromBuildConfig() kernelrelease.KernelRelease {
+	kv := kernelrelease.FromString(b.KernelRelease)
+	kv.Architecture = kernelrelease.Architecture(b.Architecture)
+	kv.KernelVersion = b.KernelVersion
+	return kv
+}
+
+func (b *Build) toGithubRepoArchive() string {
+	return fmt.Sprintf("https://github.com/%s/%s/archive", b.RepoOrg, b.RepoName)
+}
+
+func (b *Build) ToConfig() Config {
+	return Config{
+		DriverName:      b.ModuleDriverName,
+		DeviceName:      b.ModuleDeviceName,
+		DownloadBaseURL: b.toGithubRepoArchive(),
+		Build:           b,
+	}
+}
+
+// hasCustomBuilderImage return true if a custom builder image has been set by the user.
+func (b *Build) hasCustomBuilderImage() bool {
+	if len(b.BuilderImage) > 0 {
+		customNames := strings.Split(b.BuilderImage, ":")
+		return customNames[0] != "auto"
+	}
+	return false
+}
+
+// builderImageTag returns the tag(latest, master or hash) to be used for the builder image.
+func (b *Build) builderImageTag() string {
+	if len(b.BuilderImage) > 0 {
+		customNames := strings.Split(b.BuilderImage, ":")
+		// Updated image tag if "auto:tag" is passed
+		if len(customNames) > 1 {
+			return customNames[1]
+		}
+	}
+	return defaultImageTag
+}
+
+func (b *Build) ClientForRegistry(registry string) *auth.Client {
+	client := auth.DefaultClient
+	client.SetUserAgent("driverkit")
+	client.Credential = func(ctx context.Context, reg string) (auth.Credential, error) {
+		if b.RegistryName == registry {
+			return auth.Credential{
+				Username: b.RegistryUser,
+				Password: b.RegistryPassword,
+			}, nil
+		}
+
+		return auth.EmptyCredential, nil
+	}
+
+	return client
 }
--- a/pkg/driverbuilder/builder/builders.go
+++ b/pkg/driverbuilder/builder/builders.go
@ -1,27 +1,60 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder

 import (
+	"bytes"
+	_ "embed"
+	"errors"
 	"fmt"
+	"github.com/falcosecurity/falcoctl/pkg/output"
 	"net/http"
+	"net/url"
 	"path"
+	"strings"
+	"text/template"

-	"github.com/sirupsen/logrus"
+	"github.com/blang/semver/v4"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 )

 // DriverDirectory is the directory the processor uses to store the driver.
-const DriverDirectory = "/tmp/driver"
+const (
+	DriverDirectory = "/tmp/driver"
+	cmakeCmdFmt     = `cmake -Wno-dev \
+  -DUSE_BUNDLED_DEPS=On \
+  -DCREATE_TEST_TARGETS=Off \
+  -DBUILD_LIBSCAP_GVISOR=Off \
+  -DBUILD_LIBSCAP_MODERN_BPF=Off \
+  -DENABLE_DRIVERS_TESTS=Off \
+  -DDRIVER_NAME=%s \
+  -DPROBE_NAME=%s \
+  -DBUILD_BPF=On \
+  -DDRIVER_VERSION=%s \
+  -DPROBE_VERSION=%s \
+  -DGIT_COMMIT=%s \
+  -DDRIVER_DEVICE_NAME=%s \
+  -DPROBE_DEVICE_NAME=%s \
+  .. && \
+  sed -i s/'DRIVER_COMMIT ""'/'DRIVER_COMMIT "%s"'/g driver/src/driver_config.h`
+)

-// ModuleFileName is the standard file name for the kernel module.
-const ModuleFileName = "module.ko"
+//go:embed templates/libs_download.sh
+var libsDownloadTemplate string

-// ProbeFileName is the standard file name for the eBPF probe.
-const ProbeFileName = "probe.o"
-
-// ModuleFullPath is the standard path for the kernel module. Builders must place the compiled module at this location.
-var ModuleFullPath = path.Join(DriverDirectory, ModuleFileName)
-
-// ProbeFullPath is the standard path for the eBPF probe. Builders must place the compiled probe at this location.
-var ProbeFullPath = path.Join(DriverDirectory, "bpf", ProbeFileName)
+var HeadersNotFoundErr = errors.New("kernel headers not found")

 // Config contains all the configurations needed to build the kernel module or the eBPF probe.
 type Config struct {
@ -31,38 +64,370 @@ type Config struct {
 	*Build
 }

+func (c Config) ToDriverFullPath() string {
+	return path.Join(DriverDirectory, "build", "driver", fmt.Sprintf("%s.ko", c.DriverName))
+}
+
+func (c Config) ToProbeFullPath() string {
+	return path.Join(DriverDirectory, "build", "driver", "bpf", "probe.o")
+}
+
+type commonTemplateData struct {
+	DriverBuildDir   string
+	ModuleDriverName string
+	ModuleFullPath   string
+	BuildModule      bool
+	BuildProbe       bool
+	GCCVersion       string
+	CmakeCmd         string
+}
+
 // Builder represents a builder capable of generating a script for a driverkit target.
 type Builder interface {
-	Script(c Config) (string, error)
+	Name() string
+	TemplateKernelUrlsScript() string
+	TemplateScript() string
+	URLs(kr kernelrelease.KernelRelease) ([]string, error)
+	KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} // error return type is managed
+}
+
+// MinimumURLsBuilder is an optional interface implemented by builders
+// to specify minimum number of requested headers urls
+type MinimumURLsBuilder interface {
+	MinimumURLs() int
+}
+
+// TemplateDataSpecifier is an optional interface implemented by builders
+// to specify a custom template data instead of the default one.
+type TemplateDataSpecifier interface {
+	TemplateData(c Config, kr kernelrelease.KernelRelease) interface{}
+}
+
+type libsDownloadTemplateData struct {
+	DriverBuildDir    string
+	ModuleDownloadURL string
+}
+
+// LibsDownloadScript returns the script that downloads and configures libs repo at requested commit/tag
+func LibsDownloadScript(c Config) (string, error) {
+	t := template.New("download-libs")
+	parsed, err := t.Parse(libsDownloadTemplate)
+	if err != nil {
+		return "", err
+	}
+
+	td := libsDownloadTemplateData{
+		DriverBuildDir:    DriverDirectory,
+		ModuleDownloadURL: fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.DriverVersion),
+	}
+
+	buf := bytes.NewBuffer(nil)
+	err = parsed.Execute(buf, td)
+	if err != nil {
+		return "", err
+	}
+
+	return buf.String(), nil
+}
+
+// KernelDownloadScript returns the script that will download and extract kernel headers
+func KernelDownloadScript(b Builder,
+	kernelurls []string,
+	kr kernelrelease.KernelRelease,
+	printer *output.Printer,
+) (string, error) {
+	t := template.New("download-kernel")
+	parsed, err := t.Parse(b.TemplateKernelUrlsScript())
+	if err != nil {
+		return "", err
+	}
+
+	var urls []string
+	minimumURLs := 1
+	if bb, ok := b.(MinimumURLsBuilder); ok {
+		minimumURLs = bb.MinimumURLs()
+	}
+
+	if kernelurls == nil {
+		urls, err = b.URLs(kr)
+		if err != nil {
+			return "", err
+		}
+		// Only if returned urls array is not empty
+		// Otherwise, it is up to the builder to return an error
+		if len(urls) > 0 {
+			// Check (and filter) existing kernels before continuing
+			urls, err = GetResolvingURLs(urls)
+		}
+	} else {
+		urls, err = GetResolvingURLs(kernelurls)
+	}
+	if err != nil {
+		return "", err
+	}
+
+	if len(urls) < minimumURLs {
+		return "", fmt.Errorf("not enough headers packages found; expected %d, found %d", minimumURLs, len(urls))
+	}
+
+	printer.Logger.Debug("kernel headers found",
+		printer.Logger.Args("urls", urls))
+
+	td := b.KernelTemplateData(kr, urls)
+	if tdErr, ok := td.(error); ok {
+		return "", tdErr
+	}
+
+	buf := bytes.NewBuffer(nil)
+	err = parsed.Execute(buf, td)
+	if err != nil {
+		return "", err
+	}
+
+	return buf.String(), nil
+}
+
+// Script retrieves the actually drivers building script
+func Script(b Builder, c Config, kr kernelrelease.KernelRelease) (string, error) {
+	t := template.New(b.Name())
+	parsed, err := t.Parse(b.TemplateScript())
+	if err != nil {
+		return "", err
+	}
+
+	var td interface{}
+	if bb, ok := b.(TemplateDataSpecifier); ok {
+		td = bb.TemplateData(c, kr)
+	} else {
+		td = c.toTemplateData(b, kr)
+	}
+
+	buf := bytes.NewBuffer(nil)
+	err = parsed.Execute(buf, td)
+	if err != nil {
+		return "", err
+	}
+
+	return buf.String(), nil
+}
+
+type GCCVersionRequestor interface {
+	// GCCVersion returns the GCC version to be used.
+	// If the returned value is empty, the default algorithm will be enforced.
+	GCCVersion(kr kernelrelease.KernelRelease) semver.Version
+}
+
+func defaultGCC(kr kernelrelease.KernelRelease) semver.Version {
+	switch kr.Major {
+	case 6:
+		if kr.Minor >= 9 {
+			return semver.Version{Major: 14}
+		}
+		if kr.Minor >= 5 {
+			return semver.Version{Major: 13}
+		}
+		return semver.Version{Major: 12}
+	case 5:
+		if kr.Minor >= 15 {
+			return semver.Version{Major: 12}
+		}
+		return semver.Version{Major: 11}
+	case 4:
+		return semver.Version{Major: 8}
+	case 3:
+		if kr.Minor >= 18 {
+			return semver.Version{Major: 5}
+		}
+		return semver.Version{Major: 4, Minor: 9}
+	case 2:
+		return semver.Version{Major: 4, Minor: 8}
+	default:
+		return semver.Version{Major: 14}
+	}
+}
+
+func mustParseTolerant(gccStr string) semver.Version {
+	g, err := semver.ParseTolerant(gccStr)
+	if err != nil {
+		panic(err)
+	}
+	return g
+}
+
+// Algorithm.
+// * always load images (note that it loads only images that provide gccversion, if set by user)
+// * if user set a fixed gccversion, we are good to go
+// * otherwise, try to fix the best-match gcc version provided by any of the loaded images;
+// see below for algorithm explanation
+func (b *Build) setGCCVersion(builder Builder, kr kernelrelease.KernelRelease) {
+	if !b.hasCustomBuilderImage() {
+		b.LoadImages()
+	}
+
+	if len(b.GCCVersion) > 0 {
+		// If set from user, go on
+		return
+	}
+
+	b.GCCVersion = "8" // default value
+
+	// if builder implements "GCCVersionRequestor" interface -> use it
+	// Else, fetch the best builder available from the kernelrelease version
+	// using the deadly simple defaultGCC() algorithm
+	// Always returns the nearest one
+	var targetGCC semver.Version
+	if bb, ok := builder.(GCCVersionRequestor); ok {
+		targetGCC = bb.GCCVersion(kr)
+	}
+	// If builder implements GCCVersionRequestor but returns an empty semver.Version
+	// it means that it does not want to manage this kernelrelease,
+	// and instead wants to fallback to default algorithm
+	if targetGCC.EQ(semver.Version{}) {
+		targetGCC = defaultGCC(kr)
+	}
+
+	if b.hasCustomBuilderImage() {
+		b.GCCVersion = targetGCC.String()
+		return
+	}
+
+	// Step 1:
+	// If we are able to either find a specific-target image,
+	// or "any" target image that provide desired gcc,
+	// we are over.
+	image, ok := b.Images.findImage(b.TargetType, targetGCC)
+	if ok {
+		b.GCCVersion = image.GCCVersion.String()
+	} else {
+		// Step 2:
+		// Build the list of "proposed" GCC versions,
+		// that is, the list of available gccs from images
+		// for each builder image
+		proposedGCCs := make([]semver.Version, 0)
+		for _, img := range b.Images {
+			proposedGCCs = append(proposedGCCs, img.GCCVersion)
+			b.Logger.Debug("proposed GCC",
+				b.Logger.Args("image", img.Name,
+					"targetGCC", targetGCC.String(),
+					"proposedGCC", img.GCCVersion.String()))
+		}
+
+		// Now, sort versions and fetch
+		// the nearest gcc, that is also < targetGCC
+		semver.Sort(proposedGCCs)
+		lastGCC := proposedGCCs[0]
+		for _, gcc := range proposedGCCs {
+			if gcc.GT(targetGCC) {
+				break
+			}
+			lastGCC = gcc
+		}
+		b.GCCVersion = lastGCC.String()
+	}
+	b.Logger.Debug("found GCC",
+		b.Logger.Args("targetGCC", targetGCC.String(), "version", b.GCCVersion))
+}
+
+type BuilderImageNetworkMode interface {
+	// sets the network mode of the builder image, allows individual builders to override
+	BuilderImageNetMode() string
+}
+
+func (b *Build) GetBuilderImage() string {
+	if b.hasCustomBuilderImage() {
+		// BuilderImage MUST have requested GCC installed inside
+		return b.BuilderImage
+	}
+
+	// NOTE: here below we are already sure that we are going
+	// to find an image, because setGCCVersion()
+	// has already set an existent gcc version
+	// (ie: one provided by an image) for us
+	image, _ := b.Images.findImage(b.TargetType, mustParseTolerant(b.GCCVersion))
+	return image.Name
 }

 // Factory returns a builder for the given target.
 func Factory(target Type) (Builder, error) {
-	b, ok := BuilderByTarget[target]
+	// Workaround for "local" target (that is not exposed to users,
+	// nor registered in byTarget map)".
+	if target.String() == "local" {
+		return &LocalBuilder{}, nil
+	}
+
+	// Driverkit builder is named "ubuntu"; there is no ubuntu-foo
+	if strings.HasPrefix(target.String(), "ubuntu") {
+		target = Type("ubuntu")
+	}
+
+	b, ok := byTarget[target]
 	if !ok {
 		return nil, fmt.Errorf("no builder found for target: %s", target)
 	}
 	return b, nil
 }

-func moduleDownloadURL(c Config) string {
-	return fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.DriverVersion)
+// Targets returns the list of all the supported targets.
+func Targets() []string {
+	res := []string{}
+	for k := range byTarget {
+		res = append(res, k.String())
+	}
+	return res
 }

-func getResolvingURLs(urls []string) ([]string, error) {
-	results := []string{}
+func (c Config) toTemplateData(b Builder, kr kernelrelease.KernelRelease) commonTemplateData {
+	c.setGCCVersion(b, kr)
+	return commonTemplateData{
+		DriverBuildDir:   DriverDirectory,
+		ModuleDriverName: c.DriverName,
+		ModuleFullPath:   c.ToDriverFullPath(),
+		BuildModule:      len(c.ModuleFilePath) > 0,
+		BuildProbe:       len(c.ProbeFilePath) > 0,
+		GCCVersion:       c.GCCVersion,
+		CmakeCmd: fmt.Sprintf(cmakeCmdFmt,
+			c.DriverName,
+			c.DriverName,
+			c.DriverVersion,
+			c.DriverVersion,
+			c.DriverVersion,
+			c.DeviceName,
+			c.DeviceName,
+			c.DriverVersion),
+	}
+}
+
+func resolveURLReference(u string) string {
+	uu, err := url.Parse(u)
+	if err != nil {
+		panic(err)
+	}
+	base, err := url.Parse(uu.Host)
+	if err != nil {
+		panic(err)
+	}
+	return base.ResolveReference(uu).String()
+}
+
+func GetResolvingURLs(urls []string) ([]string, error) {
+	var results []string
 	for _, u := range urls {
+		// in case url has some relative paths
+		// (kernel-crawler does not resolve them for us,
+		// neither it is expected, because they are effectively valid urls),
+		// resolve the absolute one.
+		// HEAD would fail otherwise.
+		u = resolveURLReference(u)
 		res, err := http.Head(u)
 		if err != nil {
 			continue
 		}
 		if res.StatusCode == http.StatusOK {
 			results = append(results, u)
-			logrus.WithField("url", u).Debug("kernel header url found")
 		}
 	}
 	if len(results) == 0 {
-		return nil, fmt.Errorf("kernel not found")
+		return nil, HeadersNotFoundErr
 	}
 	return results, nil
 }
--- a/pkg/driverbuilder/builder/builders_test.go
+++ b/pkg/driverbuilder/builder/builders_test.go
@ -0,0 +1,107 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	"testing"
+
+	"github.com/blang/semver/v4"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+var gccTests = []struct {
+	config      kernelrelease.KernelRelease
+	expectedGCC semver.Version
+}{
+	{
+		config: kernelrelease.KernelRelease{
+			Fullversion: "4.15.0",
+			Version: semver.Version{
+				Major: 4,
+				Minor: 15,
+				Patch: 0,
+			},
+			Extraversion:     "188",
+			FullExtraversion: "-188",
+			Architecture:     kernelrelease.ArchitectureAmd64,
+		},
+		expectedGCC: semver.Version{
+			Major: 8,
+		},
+	},
+	{
+		config: kernelrelease.KernelRelease{
+			Fullversion: "5.15.0",
+			Version: semver.Version{
+				Major: 5,
+				Minor: 15,
+				Patch: 0,
+			},
+			Extraversion:     "1004-intel-iotg",
+			FullExtraversion: "-1004-intel-iotg",
+			Architecture:     kernelrelease.ArchitectureAmd64,
+		},
+		expectedGCC: semver.Version{
+			Major: 12,
+		},
+	},
+	{
+		config: kernelrelease.KernelRelease{
+			Fullversion: "3.13.0",
+			Version: semver.Version{
+				Major: 3,
+				Minor: 13,
+				Patch: 0,
+			},
+			Extraversion:     "100",
+			FullExtraversion: "-100",
+			Architecture:     kernelrelease.ArchitectureAmd64,
+		},
+		expectedGCC: semver.Version{
+			Major: 4,
+			Minor: 9,
+		},
+	},
+	{
+		config: kernelrelease.KernelRelease{
+			Fullversion: "5.18.0",
+			Version: semver.Version{
+				Major: 5,
+				Minor: 18,
+				Patch: 0,
+			},
+			Extraversion:     "1001-kvm",
+			FullExtraversion: "-1001-kvm",
+			Architecture:     kernelrelease.ArchitectureAmd64,
+		},
+		expectedGCC: semver.Version{
+			Major: 12,
+		},
+	},
+}
+
+func TestDefaultGCC(t *testing.T) {
+	for _, test := range gccTests {
+		// call function
+		selectedGCC := defaultGCC(test.config)
+
+		// compare errors
+		// there are no official errors, so comparing fmt.Errorf() doesn't really work
+		// compare error message text instead
+		if test.expectedGCC.NE(selectedGCC) {
+			t.Fatalf("SelectedGCC (%s) != expectedGCC (%s) with kernelrelease: '%v'", selectedGCC, test.expectedGCC, test.config)
+		}
+	}
+}
--- a/pkg/driverbuilder/builder/centos.go
+++ b/pkg/driverbuilder/builder/centos.go
@ -1,60 +1,59 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder

 import (
-	"bytes"
+	_ "embed"
 	"fmt"
-	"text/template"

+	"github.com/blang/semver/v4"
 	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 )

+//go:embed templates/centos_kernel.sh
+var centosKernelTemplate string
+
+//go:embed templates/centos.sh
+var centosTemplate string
+
 // TargetTypeCentos identifies the Centos target.
 const TargetTypeCentos Type = "centos"

 func init() {
-	BuilderByTarget[TargetTypeCentos] = &centos{}
+	byTarget[TargetTypeCentos] = &centos{}
 }

 // centos is a driverkit target.
 type centos struct {
 }

-// Script compiles the script to build the kernel module and/or the eBPF probe.
-func (c centos) Script(cfg Config) (string, error) {
-	t := template.New(string(TargetTypeCentos))
-	parsed, err := t.Parse(centosTemplate)
-	if err != nil {
-		return "", err
-	}
-
-	kr := kernelrelease.FromString(cfg.Build.KernelRelease)
-
-	// Check (and filter) existing kernels before continuing
-	urls, err := getResolvingURLs(fetchCentosKernelURLS(kr))
-	if err != nil {
-		return "", err
-	}
-
-	td := centosTemplateData{
-		DriverBuildDir:    DriverDirectory,
-		ModuleDownloadURL: moduleDownloadURL(cfg),
-		KernelDownloadURL: urls[0],
-		GCCVersion:        centosGccVersionFromKernelRelease(kr),
-		ModuleDriverName:  cfg.DriverName,
-		ModuleFullPath:    ModuleFullPath,
-		BuildModule:       len(cfg.Build.ModuleFilePath) > 0,
-		BuildProbe:        len(cfg.Build.ProbeFilePath) > 0,
-	}
-
-	buf := bytes.NewBuffer(nil)
-	err = parsed.Execute(buf, td)
-	if err != nil {
-		return "", err
-	}
-	return buf.String(), nil
+type centosTemplateData struct {
+	KernelDownloadURL string
 }

-func fetchCentosKernelURLS(kr kernelrelease.KernelRelease) []string {
+func (c *centos) Name() string {
+	return TargetTypeCentos.String()
+}
+
+func (c *centos) TemplateKernelUrlsScript() string { return centosKernelTemplate }
+
+func (c *centos) TemplateScript() string {
+	return centosTemplate
+}
+
+func (c *centos) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
 	vaultReleases := []string{
 		"6.0/os",
 		"6.0/updates",
@ -125,104 +124,77 @@ func fetchCentosKernelURLS(kr kernelrelease.KernelRelease) []string {
 		"8-stream/BaseOS",
 	}

+	stream9Releases := []string{
+		"9-stream/AppStream",
+		"9-stream/BaseOS",
+	}
+
 	urls := []string{}
 	for _, r := range edgeReleases {
 		urls = append(urls, fmt.Sprintf(
-			"https://mirrors.edge.kernel.org/centos/%s/x86_64/Packages/kernel-devel-%s%s.rpm",
+			"https://mirrors.edge.kernel.org/centos/%s/%s/Packages/kernel-devel-%s%s.rpm",
 			r,
+			kr.Architecture.ToNonDeb(),
 			kr.Fullversion,
 			kr.FullExtraversion,
 		))
 	}
 	for _, r := range streamReleases {
 		urls = append(urls, fmt.Sprintf(
-			"https://mirrors.edge.kernel.org/centos/%s/x86_64/os/Packages/kernel-devel-%s%s.rpm",
+			"https://mirrors.edge.kernel.org/centos/%s/%s/os/Packages/kernel-devel-%s%s.rpm",
 			r,
+			kr.Architecture.ToNonDeb(),
 			kr.Fullversion,
 			kr.FullExtraversion,
 		))
 	}
 	for _, r := range vaultReleases {
 		urls = append(urls, fmt.Sprintf(
-			"http://vault.centos.org/%s/x86_64/Packages/kernel-devel-%s%s.rpm",
+			"http://vault.centos.org/%s/%s/Packages/kernel-devel-%s%s.rpm",
 			r,
+			kr.Architecture.ToNonDeb(),
 			kr.Fullversion,
 			kr.FullExtraversion,
 		))
 	}
 	for _, r := range centos8VaultReleases {
 		urls = append(urls, fmt.Sprintf(
-			"http://vault.centos.org/%s/x86_64/os/Packages/kernel-devel-%s%s.rpm",
+			"http://vault.centos.org/%s/%s/os/Packages/kernel-devel-%s%s.rpm",
 			r,
+			kr.Architecture.ToNonDeb(),
 			kr.Fullversion,
 			kr.FullExtraversion,
 		))
 	}
-	return urls
-}

-type centosTemplateData struct {
-	DriverBuildDir    string
-	ModuleDownloadURL string
-	KernelDownloadURL string
-	GCCVersion        string
-	ModuleDriverName  string
-	ModuleFullPath    string
-	BuildModule       bool
-	BuildProbe        bool
-}
-
-const centosTemplate = `
-#!/bin/bash
-set -xeuo pipefail
-
-rm -Rf {{ .DriverBuildDir }}
-mkdir {{ .DriverBuildDir }}
-rm -Rf /tmp/module-download
-mkdir -p /tmp/module-download
-
-curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
-mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
-
-cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
-bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
-
-# Fetch the kernel
-mkdir /tmp/kernel-download
-cd /tmp/kernel-download
-curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
-rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
-rm -Rf /tmp/kernel
-mkdir -p /tmp/kernel
-mv usr/src/kernels/*/* /tmp/kernel
-
-# Change current gcc
-ln -sf /usr/bin/gcc-{{ .GCCVersion }} /usr/bin/gcc
-
-{{ if .BuildModule }}
-# Build the module
-cd {{ .DriverBuildDir }}
-make KERNELDIR=/tmp/kernel
-mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
-strip -g {{ .ModuleFullPath }}
-# Print results
-modinfo {{ .ModuleFullPath }}
-{{ end }}
-
-{{ if .BuildProbe }}
-# Build the eBPF probe
-cd {{ .DriverBuildDir }}/bpf
-make LLC=/usr/bin/llc-7 CLANG=/usr/bin/clang-7 CC=/usr/bin/gcc KERNELDIR=/tmp/kernel
-ls -l probe.o
-{{ end }}
-`
-
-func centosGccVersionFromKernelRelease(kr kernelrelease.KernelRelease) string {
-	switch kr.Version {
-	case "3":
-		return "5"
-	case "2":
-		return "4.8"
+	for _, r := range stream9Releases {
+		urls = append(urls, fmt.Sprintf(
+			"http://mirror.stream.centos.org/%s/%s/os/Packages/kernel-devel-%s%s.rpm",
+			r,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		))
 	}
-	return "8"
+
+	return urls, nil
+}
+
+func (c *centos) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return centosTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}
+
+func (c *centos) GCCVersion(kr kernelrelease.KernelRelease) semver.Version {
+	// 4.18+ centos 8 kernels need gcc 9
+	if kr.Major == 4 && kr.Minor >= 18 {
+		return semver.Version{Major: 9}
+	}
+	// 3.10.X kernels need 4.8.5 gcc version; see:
+	// https://github.com/falcosecurity/driverkit/issues/236
+	if kr.Major == 3 && kr.Minor == 10 {
+		return semver.Version{Major: 4, Minor: 8, Patch: 5}
+	}
+	return semver.Version{}
 }
--- a/pkg/driverbuilder/builder/debian.go
+++ b/pkg/driverbuilder/builder/debian.go
@ -1,72 +1,96 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder

 import (
-	"bytes"
+	_ "embed"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"net/http"
 	"regexp"
 	"strings"
-	"text/template"

 	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 )

+//go:embed templates/debian_kernel.sh
+var debianKernelTemplate string
+
+//go:embed templates/debian.sh
+var debianTemplate string
+
 // TargetTypeDebian identifies the Debian target.
 const TargetTypeDebian Type = "debian"

+// We need:
+// kernel devel
+// kernel devel common
+// kbuild package
+const debianRequiredURLs = 3
+
 func init() {
-	BuilderByTarget[TargetTypeDebian] = &debian{}
+	byTarget[TargetTypeDebian] = &debian{}
+}
+
+type debianTemplateData struct {
+	KernelDownloadURLS   []string
+	KernelLocalVersion   string
+	KernelHeadersPattern string
 }

 // debian is a driverkit target.
 type debian struct {
 }

-// Script compiles the script to build the kernel module and/or the eBPF probe.
-func (v debian) Script(c Config) (string, error) {
-	t := template.New(string(TargetTypeDebian))
-	parsed, err := t.Parse(debianTemplate)
-	if err != nil {
-		return "", err
-	}
-
-	kr := kernelrelease.FromString(c.Build.KernelRelease)
-
-	kurls, err := fetchDebianKernelURLs(kr, c.Build.KernelVersion)
-	if err != nil {
-		return "", err
-	}
-
-	urls, err := getResolvingURLs(kurls)
-	if err != nil {
-		return "", err
-	}
-	if len(urls) < 2 {
-		return "", fmt.Errorf("specific kernel headers not found")
-	}
-
-	td := debianTemplateData{
-		DriverBuildDir:     DriverDirectory,
-		ModuleDownloadURL:  fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.Build.DriverVersion),
-		KernelDownloadURLS: urls,
-		KernelLocalVersion: kr.FullExtraversion,
-		ModuleDriverName:   c.DriverName,
-		ModuleFullPath:     ModuleFullPath,
-		BuildModule:        len(c.Build.ModuleFilePath) > 0,
-		BuildProbe:         len(c.Build.ProbeFilePath) > 0,
-		LLVMVersion:        debianLLVMVersionFromKernelRelease(kr),
-	}
-
-	buf := bytes.NewBuffer(nil)
-	err = parsed.Execute(buf, td)
-	if err != nil {
-		return "", err
-	}
-	return buf.String(), nil
+func (v *debian) Name() string {
+	return TargetTypeDebian.String()
 }

-func fetchDebianKernelURLs(kr kernelrelease.KernelRelease, kernelVersion uint16) ([]string, error) {
+func (v *debian) TemplateKernelUrlsScript() string { return debianKernelTemplate }
+
+func (v *debian) TemplateScript() string {
+	return debianTemplate
+}
+
+func (v *debian) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchDebianKernelURLs(kr)
+}
+
+func (v *debian) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
+	var KernelHeadersPattern string
+	if strings.HasSuffix(kr.Extraversion, "pve") {
+		KernelHeadersPattern = "linux-headers-*pve"
+	} else if strings.Contains(kr.FullExtraversion, "rpi") {
+		KernelHeadersPattern = "linux-headers-*-rpi-v*"
+	} else {
+		KernelHeadersPattern = "linux-headers-*" + kr.Architecture.String()
+	}
+
+	return debianTemplateData{
+		KernelDownloadURLS:   urls,
+		KernelLocalVersion:   kr.FullExtraversion,
+		KernelHeadersPattern: KernelHeadersPattern,
+	}
+}
+
+func (v *debian) MinimumURLs() int {
+	return debianRequiredURLs
+}
+
+func fetchDebianKernelURLs(kr kernelrelease.KernelRelease) ([]string, error) {
 	kbuildURL, err := debianKbuildURLFromRelease(kr)
 	if err != nil {
 		return nil, err
@ -81,71 +105,6 @@ func fetchDebianKernelURLs(kr kernelrelease.KernelRelease, kernelVersion uint16)
 	return urls, nil
 }

-type debianTemplateData struct {
-	DriverBuildDir     string
-	ModuleDownloadURL  string
-	KernelDownloadURLS []string
-	KernelLocalVersion string
-	ModuleDriverName   string
-	ModuleFullPath     string
-	BuildModule        bool
-	BuildProbe         bool
-	LLVMVersion        string
-}
-
-const debianTemplate = `
-#!/bin/bash
-set -xeuo pipefail
-
-rm -Rf {{ .DriverBuildDir }}
-mkdir {{ .DriverBuildDir }}
-rm -Rf /tmp/module-download
-mkdir -p /tmp/module-download
-
-curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
-mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
-
-cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
-bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
-
-# Fetch the kernel
-mkdir /tmp/kernel-download
-cd /tmp/kernel-download
-{{ range $url := .KernelDownloadURLS }}
-curl --silent -o kernel.deb -SL {{ $url }}
-ar x kernel.deb
-tar -xvf data.tar.xz
-{{ end }}
-ls -la /tmp/kernel-download
-
-cd /tmp/kernel-download/
-
-cp -r usr/* /usr
-cp -r lib/* /lib
-
-cd /usr/src
-sourcedir=$(find . -type d -name "linux-headers-*amd64" | head -n 1 | xargs readlink -f)
-
-ls -la $sourcedir
-
-{{ if .BuildModule }}
-# Build the module
-cd {{ .DriverBuildDir }}
-make CC=/usr/bin/gcc-8 KERNELDIR=$sourcedir
-mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
-strip -g {{ .ModuleFullPath }}
-# Print results
-modinfo {{ .ModuleFullPath }}
-{{ end }}
-
-{{ if .BuildProbe }}
-# Build the eBPF probe
-cd {{ .DriverBuildDir }}/bpf
-make LLC=/usr/bin/llc-{{ .LLVMVersion }} CLANG=/usr/bin/clang-{{ .LLVMVersion }} CC=/usr/bin/gcc-8 KERNELDIR=$sourcedir
-ls -l probe.o
-{{ end }}
-`
-
 func debianHeadersURLFromRelease(kr kernelrelease.KernelRelease) ([]string, error) {
 	baseURLS := []string{
 		"http://security-cdn.debian.org/pool/main/l/linux/",
@ -161,21 +120,33 @@ func debianHeadersURLFromRelease(kr kernelrelease.KernelRelease) ([]string, erro
 		}
 	}

-	return nil, fmt.Errorf("kernel headers not found")
+	return nil, HeadersNotFoundErr
 }

 func fetchDebianHeadersURLFromRelease(baseURL string, kr kernelrelease.KernelRelease) ([]string, error) {
-	rmatch := `href="(linux-headers-%s\.%s\.%s%s-(%s)_.*(amd64|all)\.deb)"`
+	extraVersionPartial := strings.TrimSuffix(kr.FullExtraversion, "-"+kr.Architecture.String())
+	matchExtraGroup := kr.Architecture.String()
+	rmatch := `href="(linux-headers-%d\.%d\.%d%s-(%s)_.*(%s|all)\.deb)"`
+
+	// For urls like: http://security.debian.org/pool/updates/main/l/linux/linux-headers-5.10.0-12-amd64_5.10.103-1_amd64.deb
+	// when 5.10.103-1 is passed as kernel version
+	rmatchNew := `href="(linux-headers-[0-9]+\.[0-9]+\.[0-9]+-[0-9]+-(%s)_%d\.%d\.%d%s_(%s|all)\.deb)"`

-	// match for kernel versions like 4.19.0-6-amd64
-	extraVersionPartial := strings.TrimSuffix(kr.FullExtraversion, "-amd64")
-	matchExtraGroup := "amd64"
 	matchExtraGroupCommon := "common"

 	// match for kernel versions like 4.19.0-6-cloud-amd64
-	if strings.Contains(kr.FullExtraversion, "-cloud") {
-		extraVersionPartial = strings.TrimSuffix(extraVersionPartial, "-cloud")
-		matchExtraGroup = "cloud-amd64"
+	supportedExtraFlavors := []string{"cloud", "rt", "rpi"}
+	for _, supportedExtraFlavor := range supportedExtraFlavors {
+		if strings.Contains(kr.FullExtraversion, "-"+supportedExtraFlavor) {
+			extraVersionPartial = strings.TrimSuffix(extraVersionPartial, "-"+supportedExtraFlavor)
+			matchExtraGroup = supportedExtraFlavor + "-" + matchExtraGroup
+
+			// rpi and rt have a different common package, named `common-{rt,rpi}`
+			if supportedExtraFlavor == "rt" || supportedExtraFlavor == "rpi" {
+				matchExtraGroupCommon += "-" + supportedExtraFlavor
+			}
+			break
+		}
 	}

 	// download index
@ -184,26 +155,40 @@ func fetchDebianHeadersURLFromRelease(baseURL string, kr kernelrelease.KernelRel
 		return nil, err
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
 	bodyStr := string(body)

 	// look for kernel headers
-	fullregex := fmt.Sprintf(rmatch, kr.Version, kr.PatchLevel, kr.Sublevel, extraVersionPartial, matchExtraGroup)
+	fullregex := fmt.Sprintf(rmatch, kr.Major, kr.Minor, kr.Patch,
+		extraVersionPartial, matchExtraGroup, kr.Architecture.String())
 	pattern := regexp.MustCompile(fullregex)
 	matches := pattern.FindStringSubmatch(bodyStr)
 	if len(matches) < 1 {
-		return nil, fmt.Errorf("kernel headers not found")
+		fullregex = fmt.Sprintf(rmatchNew, matchExtraGroup, kr.Major, kr.Minor, kr.Patch,
+			extraVersionPartial, kr.Architecture.String())
+		pattern = regexp.MustCompile(fullregex)
+		matches = pattern.FindStringSubmatch(bodyStr)
+		if len(matches) < 1 {
+			return nil, fmt.Errorf("kernel headers not found")
+		}
 	}

 	// look for kernel headers common
-	fullregexCommon := fmt.Sprintf(rmatch, kr.Version, kr.PatchLevel, kr.Sublevel, extraVersionPartial, matchExtraGroupCommon)
+	fullregexCommon := fmt.Sprintf(rmatch, kr.Major, kr.Minor, kr.Patch,
+		extraVersionPartial, matchExtraGroupCommon, kr.Architecture.String())
 	patternCommon := regexp.MustCompile(fullregexCommon)
 	matchesCommon := patternCommon.FindStringSubmatch(bodyStr)
 	if len(matchesCommon) < 1 {
-		return nil, fmt.Errorf("kernel headers common not found")
+		fullregexCommon = fmt.Sprintf(rmatchNew, matchExtraGroupCommon, kr.Major, kr.Minor, kr.Patch,
+			extraVersionPartial, kr.Architecture.String())
+		patternCommon = regexp.MustCompile(fullregexCommon)
+		matchesCommon = patternCommon.FindStringSubmatch(bodyStr)
+		if len(matchesCommon) < 1 {
+			return nil, fmt.Errorf("kernel headers common not found")
+		}
 	}

 	foundURLs := []string{fmt.Sprintf("%s%s", baseURL, matches[1])}
@ -213,10 +198,11 @@ func fetchDebianHeadersURLFromRelease(baseURL string, kr kernelrelease.KernelRel
 }

 func debianKbuildURLFromRelease(kr kernelrelease.KernelRelease) (string, error) {
-	rmatch := `href="(linux-kbuild-%s\.%s.*amd64\.deb)"`
-	kbuildPattern := regexp.MustCompile(fmt.Sprintf(rmatch, kr.Version, kr.PatchLevel))
+	rmatch := `href="(linux-kbuild-%d\.%d.*%s\.deb)"`
+
+	kbuildPattern := regexp.MustCompile(fmt.Sprintf(rmatch, kr.Major, kr.Minor, kr.Architecture.String()))
 	baseURL := "http://mirrors.kernel.org/debian/pool/main/l/linux/"
-	if kr.Version == "3" {
+	if kr.Major == 3 {
 		baseURL = "http://mirrors.kernel.org/debian/pool/main/l/linux-tools/"
 	}

@ -237,11 +223,3 @@ func debianKbuildURLFromRelease(kr kernelrelease.KernelRelease) (string, error)

 	return fmt.Sprintf("%s%s", baseURL, match[1]), nil
 }
-
-func debianLLVMVersionFromKernelRelease(kr kernelrelease.KernelRelease) string {
-	switch kr.Version {
-	case "5":
-		return "12"
-	}
-	return "7"
-}
--- a/pkg/driverbuilder/builder/fedora.go
+++ b/pkg/driverbuilder/builder/fedora.go
@ -0,0 +1,105 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+	"strings"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/fedora_kernel.sh
+var fedoraKernelTemplate string
+
+//go:embed templates/fedora.sh
+var fedoraTemplate string
+
+// TargetTypeFedora identifies the Fedora target.
+const TargetTypeFedora Type = "fedora"
+
+func init() {
+	byTarget[TargetTypeFedora] = &fedora{}
+}
+
+// fedora is a driverkit target.
+type fedora struct {
+}
+
+type fedoraTemplateData struct {
+	KernelDownloadURL string
+}
+
+func (c *fedora) Name() string {
+	return TargetTypeFedora.String()
+}
+
+func (c *fedora) TemplateKernelUrlsScript() string { return fedoraKernelTemplate }
+
+func (c *fedora) TemplateScript() string {
+	return fedoraTemplate
+}
+
+func (c *fedora) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+
+	// fedora FullExtraversion looks like "-200.fc36.x86_64"
+	// need to get the "fc36" out of the middle
+	fedoraVersion := strings.Split(kr.FullExtraversion, ".")[1]
+
+	// trim off the "fc" from fedoraVersion
+	version := strings.Trim(fedoraVersion, "fc")
+
+	// template the kernel info into all possible URL strings
+	urls := []string{
+		fmt.Sprintf( // updates
+			"https://mirrors.kernel.org/fedora/updates/%s/Everything/%s/Packages/k/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+		fmt.Sprintf( // releases
+			"https://mirrors.kernel.org/fedora/releases/%s/Everything/%s/os/Packages/k/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+		fmt.Sprintf( // development
+			"https://mirrors.kernel.org/fedora/development/%s/Everything/%s/os/Packages/k/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+		fmt.Sprintf( // updates-archive
+			"https://fedoraproject-updates-archive.fedoraproject.org/fedora/%s/%s/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+	}
+
+	// return out all possible urls
+	return urls, nil
+}
+
+func (c *fedora) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return fedoraTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}
--- a/pkg/driverbuilder/builder/flatcar.go
+++ b/pkg/driverbuilder/builder/flatcar.go
@ -0,0 +1,172 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+
+	"github.com/blang/semver/v4"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/flatcar_kernel.sh
+var flatcarKernelTemplate string
+
+//go:embed templates/flatcar.sh
+var flatcarTemplate string
+
+// TargetTypeFlatcar identifies the Flatcar target.
+const TargetTypeFlatcar Type = "flatcar"
+
+func init() {
+	byTarget[TargetTypeFlatcar] = &flatcar{}
+}
+
+type flatcarTemplateData struct {
+	KernelDownloadURL string
+}
+
+// flatcar is a driverkit target.
+type flatcar struct {
+	info *flatcarReleaseInfo
+}
+
+func (f *flatcar) Name() string {
+	return TargetTypeFlatcar.String()
+}
+
+func (f *flatcar) TemplateKernelUrlsScript() string {
+	return flatcarKernelTemplate
+}
+
+func (f *flatcar) TemplateScript() string {
+	return flatcarTemplate
+}
+
+func (f *flatcar) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	if err := f.fillFlatcarInfos(kr); err != nil {
+		return nil, err
+	}
+	return fetchFlatcarKernelURLS(f.info.KernelVersion), nil
+}
+
+func (f *flatcar) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
+	// This happens when `kernelurls` option is passed,
+	// therefore URLs() method is not called.
+	if f.info == nil {
+		if err := f.fillFlatcarInfos(kr); err != nil {
+			return err
+		}
+	}
+
+	return flatcarTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}
+
+func (f *flatcar) GCCVersion(_ kernelrelease.KernelRelease) semver.Version {
+	return f.info.GCCVersion
+}
+
+func (f *flatcar) fillFlatcarInfos(kr kernelrelease.KernelRelease) error {
+	if kr.Extraversion != "" {
+		return fmt.Errorf("unexpected extraversion: %s", kr.Extraversion)
+	}
+
+	// convert string to int
+	if kr.Major < 1500 {
+		return fmt.Errorf("not a valid flatcar release version: %d", kr.Major)
+	}
+
+	var err error
+	f.info, err = fetchFlatcarMetadata(kr)
+	return err
+}
+
+func fetchFlatcarKernelURLS(kernelVersion string) []string {
+	kv := kernelrelease.FromString(kernelVersion)
+	return []string{fetchVanillaKernelURLFromKernelVersion(kv)}
+}
+
+func fetchFlatcarMetadata(kr kernelrelease.KernelRelease) (*flatcarReleaseInfo, error) {
+	flatcarInfo := flatcarReleaseInfo{}
+	flatcarVersion := kr.Fullversion
+	packageIndexUrl, err := GetResolvingURLs(fetchFlatcarPackageListURL(kr.Architecture, flatcarVersion))
+	if err != nil {
+		return nil, err
+	}
+	// first part of the URL is the channel
+	flatcarInfo.Channel = strings.Split(packageIndexUrl[0], ".")[0][len("https://"):]
+	resp, err := http.Get(packageIndexUrl[0])
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+	packageListBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	packageList := string(packageListBytes)
+	if len(packageListBytes) == 0 {
+		return nil, fmt.Errorf("missing package list for %s", flatcarVersion)
+	}
+
+	gccVersion := ""
+	kernelVersion := ""
+	// structure of a package line is: category/name-version(-revision)::repository
+	for _, pkg := range strings.Split(string(packageList), "\n") {
+		if strings.HasPrefix(pkg, "sys-devel/gcc") {
+			gccVersion = pkg[len("sys-devel/gcc-"):]
+			gccVersion = strings.Split(gccVersion, "::")[0]
+			gccVersion = strings.Split(gccVersion, "-")[0]
+		}
+		if strings.HasPrefix(pkg, "sys-kernel/coreos-kernel") {
+			kernelVersion = pkg[len("sys-kernel/coreos-kernel-"):]
+			kernelVersion = strings.Split(kernelVersion, "::")[0]
+			kernelVersion = strings.Split(kernelVersion, "-")[0]
+		}
+	}
+	flatcarInfo.GCCVersion, err = semver.ParseTolerant(gccVersion)
+	if err != nil {
+		return nil, err
+	}
+	flatcarInfo.KernelVersion = kernelVersion
+
+	return &flatcarInfo, nil
+}
+
+func fetchFlatcarPackageListURL(architecture kernelrelease.Architecture, flatcarVersion string) []string {
+	pattern := "https://%s.release.flatcar-linux.net/%s-usr/%s/flatcar_production_image_packages.txt"
+	channels := []string{
+		"stable",
+		"beta",
+		"alpha",
+	}
+	urls := []string{}
+	for _, channel := range channels {
+		urls = append(urls, fmt.Sprintf(pattern, channel, architecture.String(), flatcarVersion))
+	}
+	return urls
+}
+
+type flatcarReleaseInfo struct {
+	Channel       string
+	GCCVersion    semver.Version
+	KernelVersion string
+}
--- a/pkg/driverbuilder/builder/image.go
+++ b/pkg/driverbuilder/builder/image.go
@ -0,0 +1,263 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	"context"
+	"fmt"
+	"github.com/falcosecurity/falcoctl/pkg/output"
+	"os"
+	"regexp"
+	"strings"
+
+	"github.com/blang/semver/v4"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+	"github.com/falcosecurity/falcoctl/pkg/oci/repository"
+	"gopkg.in/yaml.v3"
+)
+
+type YAMLImage struct {
+	Target      string   `yaml:"target"`
+	GCCVersions []string `yaml:"gcc_versions"` // we expect images to internally link eg: gcc5 to gcc5.0.0
+	Name        string   `yaml:"name"`
+	Arch        string   `yaml:"arch"`
+	Tag         string   `yaml:"tag"`
+}
+
+type YAMLImagesList struct {
+	Images []YAMLImage `yaml:"images"`
+}
+
+type Image struct {
+	Target     Type
+	GCCVersion semver.Version // we expect images to internally link eg: gcc5 to gcc5.0.0
+	Name       string
+}
+
+type ImagesLister interface {
+	LoadImages(printer *output.Printer) []Image
+}
+
+type FileImagesLister struct {
+	FilePath string
+	Arch     string
+	Tag      string
+	Target   string
+}
+
+type RepoImagesLister struct {
+	*repository.Repository
+}
+
+type ImageKey string
+
+func (i *Image) toKey() ImageKey {
+	return ImageKey(i.Target.String() + "_" + i.GCCVersion.String())
+}
+
+type ImagesMap map[ImageKey]Image
+
+var tagReg *regexp.Regexp
+
+func (im ImagesMap) findImage(target Type, gccVers semver.Version) (Image, bool) {
+	targetImage := Image{
+		Target:     target,
+		GCCVersion: gccVers,
+	}
+	// Try to find specific image for specific target first
+	if img, ok := im[targetImage.toKey()]; ok {
+		return img, true
+	}
+
+	// Fallback at "any" target that offers specific gcc
+	targetImage.Target = "any"
+	if img, ok := im[targetImage.toKey()]; ok {
+		return img, true
+	}
+	return Image{}, false
+}
+
+func NewFileImagesLister(filePath string, build *Build) (*FileImagesLister, error) {
+	return &FileImagesLister{
+		FilePath: filePath,
+		Arch:     kernelrelease.Architecture(build.Architecture).ToNonDeb(),
+		Tag:      build.builderImageTag(),
+		Target:   build.TargetType.String(),
+	}, nil
+}
+
+func (f *FileImagesLister) LoadImages(printer *output.Printer) []Image {
+	var (
+		res       []Image
+		imageList YAMLImagesList
+	)
+
+	// loop over lines in file to print them
+	fileData, err := os.ReadFile(f.FilePath)
+	if err != nil {
+		printer.Logger.Warn("error opening builder repo file",
+			printer.Logger.Args("err", err.Error(), "filepath", f.FilePath))
+		return res
+	}
+
+	err = yaml.Unmarshal(fileData, &imageList)
+	if err != nil {
+		printer.Logger.Warn("error unmarshalling builder repo file",
+			printer.Logger.Args("err", err.Error(), "filepath", f.FilePath))
+		return res
+	}
+
+	for _, image := range imageList.Images {
+		// Values checks
+		if image.Arch != f.Arch {
+			printer.Logger.Debug("skipping wrong-arch image",
+				printer.Logger.Args("filepath", f.FilePath, "image", image))
+			continue
+		}
+		if image.Tag != f.Tag {
+			printer.Logger.Debug("skipping wrong-tag image",
+				printer.Logger.Args("filepath", f.FilePath, "image", image))
+			continue
+		}
+		if image.Target != "any" && image.Target != f.Target {
+			printer.Logger.Debug("skipping wrong-target image",
+				printer.Logger.Args("filepath", f.FilePath, "image", image))
+			continue
+		}
+		if image.Name == "" {
+			printer.Logger.Debug("skipping empty name image",
+				printer.Logger.Args("filepath", f.FilePath, "image", image))
+			continue
+		}
+		if len(image.GCCVersions) == 0 {
+			printer.Logger.Debug("expected at least 1 gcc version",
+				printer.Logger.Args("filepath", f.FilePath, "image", image))
+			continue
+		}
+
+		for _, gcc := range image.GCCVersions {
+			buildImage := Image{
+				Name:       image.Name,
+				Target:     Type(image.Target),
+				GCCVersion: mustParseTolerant(gcc),
+			}
+			res = append(res, buildImage)
+		}
+	}
+	return res
+}
+
+func NewRepoImagesLister(repo string, build *Build) (*RepoImagesLister, error) {
+	// Lazy inizialization
+	if tagReg == nil {
+		imageTag := build.builderImageTag()
+		// Create the proper regexes to load "any" and target-specific images for requested arch
+		arch := kernelrelease.Architecture(build.Architecture).ToNonDeb()
+		targetFmt := fmt.Sprintf("^(?P<target>%s|any)-%s(?P<gccVers>(_gcc[0-9]+.[0-9]+.[0-9]+)+)-%s$", build.TargetType.String(), arch, imageTag)
+		tagReg = regexp.MustCompile(targetFmt)
+	}
+
+	// Get the registry URL from repository.
+	registry, err := getRegistryFromRef(repo)
+	if err != nil {
+		return nil, err
+	}
+
+	repoOCI, err := repository.NewRepository(repo,
+		repository.WithPlainHTTP(build.RegistryPlainHTTP),
+		repository.WithClient(build.ClientForRegistry(registry)))
+	if err != nil {
+		return nil, err
+	}
+	return &RepoImagesLister{repoOCI}, nil
+}
+
+func (repo *RepoImagesLister) LoadImages(printer *output.Printer) []Image {
+	tags, err := repo.Tags(context.Background())
+	if err != nil {
+		printer.Logger.Warn("skipping repo",
+			printer.Logger.Args("repo", repo.Reference, "err", err.Error()))
+		return nil
+	}
+
+	var res []Image
+	for _, t := range tags {
+		img := fmt.Sprintf("%s:%s", repo.Reference, t)
+		match := tagReg.FindStringSubmatch(t)
+		if len(match) == 0 {
+			continue
+		}
+
+		var (
+			target  string
+			gccVers []string
+		)
+		for i, name := range tagReg.SubexpNames() {
+			if i > 0 && i <= len(match) {
+				switch name {
+				case "gccVers":
+					gccVers = strings.Split(match[i], "_gcc")
+					gccVers = gccVers[1:] // remove initial whitespace
+				case "target":
+					target = match[i]
+				}
+			}
+		}
+
+		// Note: we store "any" target images as "any",
+		// instead of adding them to the target,
+		// because we always prefer specific target images,
+		// and we cannot guarantee here that any subsequent docker repos
+		// does not provide a target-specific image that offers same gcc version
+		for _, gccVer := range gccVers {
+			// If user set a fixed gcc version, only load images that provide it.
+			buildImage := Image{
+				GCCVersion: mustParseTolerant(gccVer),
+				Name:       img,
+				Target:     Type(target),
+			}
+			res = append(res, buildImage)
+		}
+	}
+	return res
+}
+
+func (b *Build) LoadImages() {
+	for _, imagesLister := range b.ImagesListers {
+		for _, image := range imagesLister.LoadImages(b.Printer) {
+			// User forced a gcc version? Only load images matching the requested gcc version.
+			if b.GCCVersion != "" && b.GCCVersion != image.GCCVersion.String() {
+				continue
+			}
+			// Skip if key already exists: we have a descending prio list of docker repos!
+			if _, ok := b.Images[image.toKey()]; !ok {
+				b.Images[image.toKey()] = image
+			}
+		}
+	}
+	if len(b.Images) == 0 {
+		b.Printer.Logger.Fatal("Could not load any builder image. Leaving.")
+	}
+}
+
+// getRegistryFromRef extracts the registry from a ref string.
+func getRegistryFromRef(ref string) (string, error) {
+	index := strings.Index(ref, "/")
+	if index <= 0 {
+		return "", fmt.Errorf("cannot extract registry name from ref %q", ref)
+	}
+
+	return ref[0:index], nil
+}
--- a/pkg/driverbuilder/builder/image_test.go
+++ b/pkg/driverbuilder/builder/image_test.go
@ -0,0 +1,311 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	"github.com/falcosecurity/falcoctl/pkg/output"
+	"github.com/pterm/pterm"
+	"io"
+	"net/http"
+	"os"
+	"testing"
+
+	"github.com/blang/semver/v4"
+	"github.com/docker/docker/testutil/registry"
+	"gotest.tools/assert"
+)
+
+var imagesTests = []struct {
+	yamlData string
+	jsonData string
+	expected []Image
+}{
+	// Test that multiple gcc versions are correctly mapped to multiple images
+	{
+		yamlData: `
+images:
+  - name: foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest
+    target: any
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+      - 6.0.0
+      - 5.0.0
+      - 4.9.0
+      - 4.8.0
+`,
+		jsonData: `
+{
+  "name": "foo/test",
+  "tags": [
+    "any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest"
+  ]
+}
+`,
+		expected: []Image{
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("8.0.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
+			},
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("6.0.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
+			},
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("5.0.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
+			},
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("4.9.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
+			},
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("4.8.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
+			},
+		},
+	},
+	// Test that arm64 is correctly skipped on amd64 images listing
+	{
+		yamlData: `
+images:
+  - name: foo/test:any-x86_64_gcc8.0.0-latest
+    target: any
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+  - name: foo/test:any-aarch64_gcc8.0.0-latest
+    target: any
+    arch: aarch64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+`,
+		jsonData: `
+{
+  "name": "foo/test",
+  "tags": [
+    "any-x86_64_gcc8.0.0-latest",
+	"any-aarch64_gcc8.0.0-latest"
+  ]
+}
+`,
+		expected: []Image{
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("8.0.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0-latest",
+			},
+		},
+	},
+	// Test empty gcc versions image is skipped
+	{
+		yamlData: `
+images:
+  - name: foo/test:any-x86_64_gcc8.0.0-latest
+    target: any
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+  - name: bar/test:any-x86_64-latest
+    target: any
+    arch: x86_64
+    tag: latest
+`,
+		jsonData: `
+{
+  "name": "foo/test",
+  "tags": [
+    "any-x86_64_gcc8.0.0-latest",
+    "any-x86_64-latest"
+  ]
+}
+`,
+		expected: []Image{
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("8.0.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0-latest",
+			},
+		},
+	},
+	// Test wrong target image is skipped
+	{
+		yamlData: `
+images:
+  - name: foo/test:centos-x86_64_gcc8.0.0-latest
+    target: centos
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+  - name: foo/test:wrongtarget-x86_64_gcc6.0.0-latest
+    target: wrongtarget
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 6.0.0
+`,
+		jsonData: `
+{
+  "name": "foo/test",
+  "tags": [
+    "centos-x86_64_gcc8.0.0-latest",
+    "wrongtarget-x86_64_gcc8.0.0-latest"
+  ]
+}
+`,
+		expected: []Image{
+			{
+				Target:     "centos",
+				GCCVersion: semver.MustParse("8.0.0"),
+				Name:       "foo/test:centos-x86_64_gcc8.0.0-latest",
+			},
+		},
+	},
+	// Test empty name image is skipped
+	{
+		yamlData: `
+images:
+  - name: foo/test:any-x86_64_gcc8.0.0-latest
+    target: any
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+  - target: any
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 6.0.0
+`,
+		jsonData: "",
+		expected: []Image{
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("8.0.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0-latest",
+			},
+		},
+	},
+	// Test empty list returned for yaml/json with no images
+	{
+		yamlData: `
+images:
+`,
+		jsonData: `
+{
+  "name": "foo/test",
+  "tags": [
+  ]
+}
+`,
+		expected: nil,
+	},
+	// Test empty list returned for malformed yaml/json answer
+	{
+		yamlData: `
+images:
+  * name: foo/test
+    target: any
+    arch: x86_64
+    gcc_versions:
+      * 8.0.0
+`,
+		jsonData: "malformedresponse",
+		expected: nil,
+	},
+}
+
+func TestFileImagesLister(t *testing.T) {
+	printer := output.NewPrinter(pterm.LogLevelInfo, pterm.LogFormatterColorful, os.Stdout)
+
+	// setup images file
+	f, err := os.CreateTemp(t.TempDir(), "imagetest")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(f.Name())
+
+	lister, err := NewFileImagesLister(f.Name(), &Build{
+		TargetType:   Type("centos"),
+		Architecture: "amd64",
+		BuilderImage: "auto:latest",
+	})
+	assert.NilError(t, err)
+
+	for _, test := range imagesTests {
+		if test.yamlData == "" {
+			t.Log("Skipping unsuitable test for FileImagesLister")
+			continue
+		}
+
+		err = f.Truncate(0)
+		if err != nil {
+			t.Fatal(err)
+		}
+		_, err = f.Seek(0, io.SeekStart)
+		if err != nil {
+			t.Fatal(err)
+		}
+		_, err = f.WriteString(test.yamlData)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		assert.DeepEqual(t, test.expected, lister.LoadImages(printer))
+	}
+}
+
+func TestRepoImagesLister(t *testing.T) {
+	printer := output.NewPrinter(pterm.LogLevelInfo, pterm.LogFormatterColorful, os.Stdout)
+
+	mock, err := registry.NewMock(t)
+	assert.NilError(t, err)
+	defer mock.Close()
+
+	lister, err := NewRepoImagesLister(mock.URL()+"/foo/test", &Build{
+		TargetType:        Type("centos"),
+		Architecture:      "amd64",
+		BuilderImage:      "auto:latest",
+		RegistryPlainHTTP: true,
+	})
+	assert.NilError(t, err)
+
+	for _, test := range imagesTests {
+		if test.jsonData == "" {
+			t.Log("Skipping unsuitable test for RepoImagesLister")
+			continue
+		}
+
+		// Update expected names adding the mocked server URL as prefix
+		for idx, _ := range test.expected {
+			test.expected[idx].Name = mock.URL() + "/" + test.expected[idx].Name
+		}
+
+		mock.RegisterHandler("/v2/foo/test/tags/list", func(w http.ResponseWriter, r *http.Request) {
+			w.Write([]byte(test.jsonData))
+		})
+		assert.DeepEqual(t, test.expected, lister.LoadImages(printer))
+	}
+}
--- a/pkg/driverbuilder/builder/local.go
+++ b/pkg/driverbuilder/builder/local.go
@ -0,0 +1,106 @@
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+	"path/filepath"
+)
+
+// NOTE: since this is only used by local build,
+// it is not exposed in `target` array,
+// so no init() function to register it is present.
+
+//go:embed templates/local.sh
+var localTemplate string
+
+type LocalBuilder struct {
+	GccPath string
+	UseDKMS bool
+	SrcDir  string
+}
+
+func (l *LocalBuilder) Name() string {
+	return "local"
+}
+
+func (l *LocalBuilder) TemplateKernelUrlsScript() string {
+	panic("cannot be called on local builder")
+}
+
+func (l *LocalBuilder) TemplateScript() string {
+	return localTemplate
+}
+
+func (l *LocalBuilder) URLs(_ kernelrelease.KernelRelease) ([]string, error) {
+	return nil, nil
+}
+
+func (l *LocalBuilder) MinimumURLs() int {
+	// We don't need any url
+	return 0
+}
+
+type localTemplateData struct {
+	commonTemplateData
+	UseDKMS       bool
+	DownloadSrc   bool
+	DriverVersion string
+	KernelRelease string
+}
+
+func (l *LocalBuilder) KernelTemplateData(_ kernelrelease.KernelRelease, _ []string) interface{} {
+	panic("cannot be called on local builder")
+}
+
+func (l *LocalBuilder) TemplateData(c Config, kr kernelrelease.KernelRelease) interface{} {
+	return localTemplateData{
+		commonTemplateData: commonTemplateData{
+			DriverBuildDir:   l.GetDriverBuildDir(),
+			ModuleDriverName: c.DriverName,
+			ModuleFullPath:   l.GetModuleFullPath(c, kr),
+			BuildModule:      len(c.ModuleFilePath) > 0,
+			BuildProbe:       len(c.ProbeFilePath) > 0,
+			GCCVersion:       l.GccPath,
+			CmakeCmd: fmt.Sprintf(cmakeCmdFmt,
+				c.DriverName,
+				c.DriverName,
+				c.DriverVersion,
+				c.DriverVersion,
+				c.DriverVersion,
+				c.DeviceName,
+				c.DeviceName,
+				c.DriverVersion),
+		},
+		UseDKMS:       l.UseDKMS,
+		DownloadSrc:   len(l.SrcDir) == 0, // if no srcdir is provided, download src!
+		DriverVersion: c.DriverVersion,
+		KernelRelease: c.KernelRelease,
+	}
+}
+
+func (l *LocalBuilder) GetModuleFullPath(c Config, kr kernelrelease.KernelRelease) string {
+	if l.UseDKMS {
+		// When using dkms, we will use a GLOB to match the pattern; ModuleFullPath won't be used in the templated script anyway.
+		return fmt.Sprintf("/var/lib/dkms/%s/%s/%s/%s/module/%s.*", c.DriverName, c.DriverVersion, kr.String(), kr.Architecture.ToNonDeb(), c.DriverName)
+	}
+	if l.SrcDir != "" {
+		return filepath.Join(l.SrcDir, fmt.Sprintf("%s.ko", c.DriverName))
+	}
+	return c.ToDriverFullPath()
+}
+
+func (l *LocalBuilder) GetProbeFullPath(c Config) string {
+	if l.SrcDir != "" {
+		return filepath.Join(l.SrcDir, "bpf", "probe.o")
+	}
+	return c.ToProbeFullPath()
+}
+
+func (l *LocalBuilder) GetDriverBuildDir() string {
+	driverBuildDir := DriverDirectory
+	if l.SrcDir != "" {
+		driverBuildDir = l.SrcDir
+	}
+	return driverBuildDir
+}
--- a/pkg/driverbuilder/builder/minikube.go
+++ b/pkg/driverbuilder/builder/minikube.go
@ -0,0 +1,56 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	"github.com/blang/semver/v4"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+// TargetTypeMinikube identifies the Minikube target.
+const TargetTypeMinikube Type = "minikube"
+
+func init() {
+	byTarget[TargetTypeMinikube] = &minikube{
+		vanilla{},
+	}
+}
+
+type minikube struct {
+	vanilla
+}
+
+func (m *minikube) Name() string {
+	return TargetTypeMinikube.String()
+}
+
+func (m *minikube) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
+	return vanillaTemplateData{
+		KernelDownloadURL:  urls[0],
+		KernelLocalVersion: kr.FullExtraversion,
+	}
+}
+
+func (m *minikube) GCCVersion(kr kernelrelease.KernelRelease) semver.Version {
+	// The supported versions of minikube use kernels > 4.19.
+	switch kr.Major {
+	case 5:
+		return semver.Version{Major: 10}
+	case 4:
+		return semver.Version{Major: 8}
+	default:
+		return semver.Version{Major: 12}
+	}
+}
--- a/pkg/driverbuilder/builder/opensuse.go
+++ b/pkg/driverbuilder/builder/opensuse.go
@ -0,0 +1,272 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+	"strings"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/opensuse_kernel.sh
+var opensuseKernelTemplate string
+
+//go:embed templates/opensuse.sh
+var opensuseTemplate string
+
+// TargetTypeOpenSUSE identifies the OpenSUSE target.
+const TargetTypeOpenSUSE Type = "opensuse"
+
+// We need:
+// kernel-default-devel-*-{arch}
+// kernel-devel-*-noarch
+const opensuseMinimumURLs = 2
+
+// base URLs to begin searches
+var baseURLs []string = []string{
+	// general releases, leap releases
+	"https://mirrors.edge.kernel.org/opensuse/distribution",
+	"http://download.opensuse.org/distribution",
+	"https://download.opensuse.org/repositories/Kernel:",
+	// some releases are stored at the top level specifically
+	"http://download.opensuse.org",
+}
+
+// all known releases - will need to expand as more are added
+var releases = []string{
+	// openSUSE leap
+	"43.2",
+	"15.0",
+	"15.1",
+	"15.2",
+	"15.3",
+	"15.4",
+	"15.5",
+	"15.6",
+	// other releases
+	"HEAD",
+	"stable",
+	"tumbleweed",
+}
+
+func init() {
+	byTarget[TargetTypeOpenSUSE] = &opensuse{}
+}
+
+// opensuse is a driverkit target.
+type opensuse struct {
+}
+
+type opensuseTemplateData struct {
+	KernelDownloadURLs []string
+}
+
+func (o *opensuse) MinimumURLs() int {
+	return opensuseMinimumURLs
+}
+
+func (o *opensuse) Name() string {
+	return TargetTypeOpenSUSE.String()
+}
+
+func (o *opensuse) TemplateKernelUrlsScript() string {
+	return opensuseKernelTemplate
+}
+
+func (o *opensuse) TemplateScript() string {
+	return opensuseTemplate
+}
+
+func (o *opensuse) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+
+	// SUSE requires 2 urls: a kernel-default-devel*{arch}.rpm and a kernel-devel*noarch.rpm
+	kernelDefaultDevelPattern := fmt.Sprintf("kernel-default-devel-%s%s.rpm", kr.Fullversion, kr.FullExtraversion)
+	kernelDevelNoArchPattern := strings.ReplaceAll( // need to replace architecture string with "noarch"
+		fmt.Sprintf("kernel-devel-%s%s.rpm", kr.Fullversion, kr.FullExtraversion),
+		kr.Architecture.ToNonDeb(),
+		"noarch",
+	)
+
+	// get all possible URLs
+	possibleURLs := buildURLs(kr, kernelDefaultDevelPattern, kernelDevelNoArchPattern)
+
+	// trim the list to only resolving URLs
+	urls, err := GetResolvingURLs(possibleURLs)
+	if err != nil {
+		return nil, err
+	}
+
+	// ensure there is at least one URL of each required package type
+	if validateURLs(urls, kernelDefaultDevelPattern, kernelDevelNoArchPattern) {
+		return urls, nil
+	} else {
+		return nil, fmt.Errorf(
+			"missing one of the required package types: [ kernel-default-devel, kernel-devel*noarch ]: %v",
+			urls,
+		)
+	}
+}
+
+// build all possible url combinations from base URLs and releases
+func buildURLs(kr kernelrelease.KernelRelease, kernelDefaultDevelPattern string, kernelDevelNoArchPattern string) []string {
+
+	possibleURLs := []string{}
+	for _, release := range releases {
+		for _, baseURL := range baseURLs {
+
+			possibleURLs = append(
+				possibleURLs,
+				// leap urls
+				fmt.Sprintf(
+					"%s/leap/%s/repo/oss/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf( // noarch
+					"%s/leap/%s/repo/oss/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				// other urls
+				fmt.Sprintf(
+					"%s/%s/repo/oss/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf( // noarch
+					"%s/%s/repo/oss/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				// weird opensuse site urls
+				fmt.Sprintf(
+					"%s/openSUSE-%s/Submit/standard/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf(
+					"%s/openSUSE-%s/standard/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf(
+					"%s/openSUSE-%s:/Submit/standard/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf(
+					"%s/openSUSE-%s:/standard/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf(
+					"%s/%s/Submit/standard/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf(
+					"%s/%s/standard/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				// weird opensuse site urls - kernel-devel*noarch edition
+				fmt.Sprintf(
+					"%s/openSUSE-%s/Submit/standard/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				fmt.Sprintf(
+					"%s/openSUSE-%s/standard/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				fmt.Sprintf(
+					"%s/openSUSE-%s:/Submit/standard/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				fmt.Sprintf(
+					"%s/openSUSE-%s:/standard/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				fmt.Sprintf(
+					"%s/%s/Submit/standard/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				fmt.Sprintf(
+					"%s/%s/standard/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+			)
+		}
+	}
+
+	return possibleURLs
+}
+
+// check to ensure there is at least one URL of each package type
+func validateURLs(urls []string, kernelDefaultDevelPattern string, kernelDevelNoArchPattern string) bool {
+
+	// setup some flags
+	kernelDefaultDevelFlag := false
+	kernelDevelNoArchFlag := false
+
+	for _, url := range urls {
+		if strings.Contains(url, kernelDefaultDevelPattern) {
+			kernelDefaultDevelFlag = true
+		}
+		if strings.Contains(url, kernelDevelNoArchPattern) {
+			kernelDevelNoArchFlag = true
+		}
+	}
+
+	return kernelDefaultDevelFlag && kernelDevelNoArchFlag
+
+}
+
+func (o *opensuse) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return opensuseTemplateData{
+		KernelDownloadURLs: urls,
+	}
+}
--- a/pkg/driverbuilder/builder/oracle.go
+++ b/pkg/driverbuilder/builder/oracle.go
@ -0,0 +1,132 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+	"strings"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/oracle_kernel.sh
+var oracleKernelTemplate string
+
+//go:embed templates/oracle.sh
+var oracleTemplate string
+
+// TargetTypeoracle identifies the oracle target ("ol" is the ID from /etc/os-release that Oracle uses)
+const TargetTypeoracle Type = "ol"
+
+func init() {
+	byTarget[TargetTypeoracle] = &oracle{}
+}
+
+// oracle is a driverkit target.
+type oracle struct {
+}
+
+type oracleTemplateData struct {
+	KernelDownloadURL string
+}
+
+func (c *oracle) Name() string {
+	return TargetTypeoracle.String()
+}
+
+func (c *oracle) TemplateKernelUrlsScript() string {
+	return oracleKernelTemplate
+}
+
+func (c *oracle) TemplateScript() string {
+	return oracleTemplate
+}
+
+func (c *oracle) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+
+	// oracle FullExtraversion looks like "-2047.510.5.5.el7uek.x86_64"
+	// need to get the "el7uek" out of the middle
+	splitVersion := strings.Split(kr.FullExtraversion, ".")
+	oracleVersion := splitVersion[len(splitVersion)-2] // [ "-2047", "510", "5", "5", "el7uek","x86_64" ] want -2
+
+	// trim off the "el" and "uek" from oracleVersion
+	version := strings.Trim(strings.Trim(oracleVersion, "el"), "uek")
+
+	// sometimes Oracle 8 does "8_x" for version, only want the "8"
+	if strings.Contains(version, "_") {
+		version = strings.Split(version, "_")[0]
+	}
+
+	// list of possible UEK versions, which are used in the URL - ex: "UEKR3"
+	// may need to evolve over time if Oracle adds more
+	ueks := []string{"R3", "R4", "R5", "R6", "R7"}
+
+	// template the kernel info into all possible URL strings
+	urls := []string{
+		fmt.Sprintf( // latest (Oracle 7)
+			"http://yum.oracle.com/repo/OracleLinux/OL%s/latest/%s/getPackage/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+		fmt.Sprintf( // latest + baseos (Oracle 8 + 9)
+			"http://yum.oracle.com/repo/OracleLinux/OL%s/baseos/latest/%s/getPackage/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+		fmt.Sprintf( // appstream (Oracle 8 + 9)
+			"http://yum.oracle.com/repo/OracleLinux/OL%s/appstream/%s/getPackage/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+		fmt.Sprintf( // MODRHCK (Oracle 7)
+			"http://yum.oracle.com/repo/OracleLinux/OL%s/MODRHCK/%s/getPackage/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+	}
+
+	// add in all the UEK versions
+	for _, uekVers := range ueks {
+		urls = append(
+			urls,
+			fmt.Sprintf( // UEK versions URL
+				"http://yum.oracle.com/repo/OracleLinux/OL%s/UEK%s/%s/getPackage/kernel-uek-devel-%s%s.rpm",
+				version,
+				uekVers,
+				kr.Architecture.ToNonDeb(),
+				kr.Fullversion,
+				kr.FullExtraversion,
+			),
+		)
+	}
+
+	// return out all possible urls
+	return urls, nil
+}
+
+func (c *oracle) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return oracleTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}
--- a/pkg/driverbuilder/builder/photon.go
+++ b/pkg/driverbuilder/builder/photon.go
@ -0,0 +1,105 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+// TargetTypePhoton identifies the Photon target.
+const TargetTypePhoton Type = "photon"
+
+//go:embed templates/photonos_kernel.sh
+var photonKernelTemplate string
+
+//go:embed templates/photonos.sh
+var photonTemplate string
+
+func init() {
+	byTarget[TargetTypePhoton] = &photon{}
+}
+
+// photon is a driverkit target.
+type photon struct {
+}
+
+type photonTemplateData struct {
+	KernelDownloadURL string
+}
+
+func (p *photon) Name() string {
+	return TargetTypePhoton.String()
+}
+
+func (p *photon) TemplateKernelUrlsScript() string {
+	return photonKernelTemplate
+}
+
+func (p *photon) TemplateScript() string {
+	return photonTemplate
+}
+
+func (p *photon) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchPhotonKernelURLS(kr), nil
+}
+
+func (p *photon) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return photonTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}
+
+func fetchPhotonKernelURLS(kr kernelrelease.KernelRelease) []string {
+	photonReleases := []string{
+		"3.0",
+		"4.0",
+		"5.0",
+	}
+
+	var urls []string
+	for _, r := range photonReleases {
+		urls = append(urls, fmt.Sprintf(
+			"https://packages.vmware.com/photon/%s/photon_%s_%s/%s/linux-devel-%s%s.x86_64.rpm",
+			r,
+			r,
+			kr.Architecture.ToNonDeb(),
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		))
+		urls = append(urls, fmt.Sprintf(
+			"https://packages.vmware.com/photon/%s/photon_release_%s_%s/%s/linux-devel-%s%s.x86_64.rpm",
+			r,
+			r,
+			kr.Architecture.ToNonDeb(),
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		))
+		urls = append(urls, fmt.Sprintf(
+			"https://packages.vmware.com/photon/%s/photon_updates_%s_%s/%s/linux-devel-%s%s.x86_64.rpm",
+			r,
+			r,
+			kr.Architecture.ToNonDeb(),
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		))
+	}
+	return urls
+}
--- a/pkg/driverbuilder/builder/redhat.go
+++ b/pkg/driverbuilder/builder/redhat.go
@ -0,0 +1,69 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/redhat_kernel.sh
+var redhatKernelTemplate string
+
+//go:embed templates/redhat.sh
+var redhatTemplate string
+
+// TargetTypeRedhat identifies the redhat target.
+const TargetTypeRedhat Type = "redhat"
+
+// redhat is a driverkit target.
+type redhat struct {
+}
+
+func init() {
+	byTarget[TargetTypeRedhat] = &redhat{}
+}
+
+type redhatTemplateData struct {
+	KernelPackage string
+}
+
+func (v *redhat) Name() string {
+	return TargetTypeRedhat.String()
+}
+
+func (v *redhat) TemplateKernelUrlsScript() string {
+	return redhatKernelTemplate
+}
+
+func (v *redhat) TemplateScript() string {
+	return redhatTemplate
+}
+
+func (v *redhat) URLs(_ kernelrelease.KernelRelease) ([]string, error) {
+	return nil, nil
+}
+
+func (v *redhat) MinimumURLs() int {
+	// We don't need any url
+	return 0
+}
+
+func (v *redhat) KernelTemplateData(kr kernelrelease.KernelRelease, _ []string) interface{} {
+	return redhatTemplateData{
+		KernelPackage: kr.Fullversion + kr.FullExtraversion,
+	}
+}
--- a/pkg/driverbuilder/builder/rocky.go
+++ b/pkg/driverbuilder/builder/rocky.go
@ -1,139 +1,123 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder

 import (
-	"bytes"
+	_ "embed"
 	"fmt"
-	"text/template"

 	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 )

+//go:embed templates/rocky_kernel.sh
+var rockyKernelTemplate string
+
+//go:embed templates/rocky.sh
+var rockyTemplate string
+
 // TargetTypeRocky identifies the Rocky target.
 const TargetTypeRocky Type = "rocky"

 func init() {
-	BuilderByTarget[TargetTypeRocky] = &rocky{}
+	byTarget[TargetTypeRocky] = &rocky{}
+}
+
+type rockyTemplateData struct {
+	KernelDownloadURL string
 }

 // rocky is a driverkit target.
 type rocky struct {
 }

-// Script compiles the script to build the kernel module and/or the eBPF probe.
-func (c rocky) Script(cfg Config) (string, error) {
-	t := template.New(string(TargetTypeRocky))
-	parsed, err := t.Parse(rockyTemplate)
-	if err != nil {
-		return "", err
-	}
+func (c *rocky) Name() string {
+	return TargetTypeRocky.String()
+}

-	kr := kernelrelease.FromString(cfg.Build.KernelRelease)
+func (c *rocky) TemplateKernelUrlsScript() string {
+	return rockyKernelTemplate
+}

-	// Check (and filter) existing kernels before continuing
-	urls, err := getResolvingURLs(fetchRockyKernelURLS(kr))
-	if err != nil {
-		return "", err
-	}
+func (c *rocky) TemplateScript() string {
+	return rockyTemplate
+}

-	td := rockyTemplateData{
-		DriverBuildDir:    DriverDirectory,
-		ModuleDownloadURL: moduleDownloadURL(cfg),
+func (c *rocky) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchRockyKernelURLS(kr), nil
+}
+
+func (c *rocky) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return rockyTemplateData{
 		KernelDownloadURL: urls[0],
-		GCCVersion:        rockyGccVersionFromKernelRelease(kr),
-		ModuleDriverName:  cfg.DriverName,
-		ModuleFullPath:    ModuleFullPath,
-		BuildModule:       len(cfg.Build.ModuleFilePath) > 0,
-		BuildProbe:        len(cfg.Build.ProbeFilePath) > 0,
 	}
-
-	buf := bytes.NewBuffer(nil)
-	err = parsed.Execute(buf, td)
-	if err != nil {
-		return "", err
-	}
-	return buf.String(), nil
 }

 func fetchRockyKernelURLS(kr kernelrelease.KernelRelease) []string {
 	rockyReleases := []string{
 		"8",
+		"8.7",
+		"9",
+		"9.1",
+	}
+
+	rockyVaultReleases := []string{
+		"8.3",
+		"8.4",
 		"8.5",
+		"8.6",
+		"9.1",
 	}

 	urls := []string{}
 	for _, r := range rockyReleases {
-		urls = append(urls, fmt.Sprintf(
-			"https://download.rockylinux.org/pub/rocky/%s/BaseOS/x86_64/os/Packages/k/kernel-devel-%s%s.rpm",
-			r,
-			kr.Fullversion,
-			kr.FullExtraversion,
-		))
+		if r >= "9" {
+			urls = append(urls, fmt.Sprintf(
+				"https://download.rockylinux.org/pub/rocky/%s/AppStream/%s/os/Packages/k/kernel-devel-%s%s.rpm",
+				r,
+				kr.Architecture.ToNonDeb(),
+				kr.Fullversion,
+				kr.FullExtraversion,
+			))
+		} else {
+			urls = append(urls, fmt.Sprintf(
+				"https://download.rockylinux.org/pub/rocky/%s/BaseOS/%s/os/Packages/k/kernel-devel-%s%s.rpm",
+				r,
+				kr.Architecture.ToNonDeb(),
+				kr.Fullversion,
+				kr.FullExtraversion,
+			))
+		}
+	}
+	for _, r := range rockyVaultReleases {
+		if r >= "9" {
+			urls = append(urls, fmt.Sprintf(
+				"https://download.rockylinux.org/vault/rocky/%s/AppStream/%s/os/Packages/k/kernel-devel-%s%s.rpm",
+				r,
+				kr.Architecture.ToNonDeb(),
+				kr.Fullversion,
+				kr.FullExtraversion,
+			))
+		} else {
+			urls = append(urls, fmt.Sprintf(
+				"https://download.rockylinux.org/vault/rocky/%s/BaseOS/%s/os/Packages/k/kernel-devel-%s%s.rpm",
+				r,
+				kr.Architecture.ToNonDeb(),
+				kr.Fullversion,
+				kr.FullExtraversion,
+			))
+		}
 	}
 	return urls
 }
-
-type rockyTemplateData struct {
-	DriverBuildDir    string
-	ModuleDownloadURL string
-	KernelDownloadURL string
-	GCCVersion        string
-	ModuleDriverName  string
-	ModuleFullPath    string
-	BuildModule       bool
-	BuildProbe        bool
-}
-
-const rockyTemplate = `
-#!/bin/bash
-set -xeuo pipefail
-
-rm -Rf {{ .DriverBuildDir }}
-mkdir {{ .DriverBuildDir }}
-rm -Rf /tmp/module-download
-mkdir -p /tmp/module-download
-
-curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
-mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
-
-cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
-bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
-
-# Fetch the kernel
-mkdir /tmp/kernel-download
-cd /tmp/kernel-download
-curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
-rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
-rm -Rf /tmp/kernel
-mkdir -p /tmp/kernel
-mv usr/src/kernels/*/* /tmp/kernel
-
-# Change current gcc
-ln -sf /usr/bin/gcc-{{ .GCCVersion }} /usr/bin/gcc
-
-{{ if .BuildModule }}
-# Build the module
-cd {{ .DriverBuildDir }}
-make KERNELDIR=/tmp/kernel
-mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
-strip -g {{ .ModuleFullPath }}
-# Print results
-modinfo {{ .ModuleFullPath }}
-{{ end }}
-
-{{ if .BuildProbe }}
-# Build the eBPF probe
-cd {{ .DriverBuildDir }}/bpf
-make LLC=/usr/bin/llc-7 CLANG=/usr/bin/clang-7 CC=/usr/bin/gcc KERNELDIR=/tmp/kernel
-ls -l probe.o
-{{ end }}
-`
-
-func rockyGccVersionFromKernelRelease(kr kernelrelease.KernelRelease) string {
-	switch kr.Version {
-	case "3":
-		return "5"
-	case "2":
-		return "4.8"
-	}
-	return "8"
-}
--- a/pkg/driverbuilder/builder/sles.go
+++ b/pkg/driverbuilder/builder/sles.go
@ -0,0 +1,75 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/sles_kernel.sh
+var slesKernelTemplate string
+
+//go:embed templates/sles.sh
+var slesTemplate string
+
+// TargetTypeSLES identifies the sles target.
+const TargetTypeSLES Type = "sles"
+
+// sles is a driverkit target.
+type sles struct {
+}
+
+func init() {
+	byTarget[TargetTypeSLES] = &sles{}
+}
+
+type slesTemplateData struct {
+	KernelPackage string
+}
+
+func (v *sles) Name() string {
+	return TargetTypeSLES.String()
+}
+
+func (v *sles) TemplateKernelUrlsScript() string {
+	return slesKernelTemplate
+}
+
+func (v *sles) TemplateScript() string {
+	return slesTemplate
+}
+
+func (v *sles) URLs(_ kernelrelease.KernelRelease) ([]string, error) {
+	return nil, nil
+}
+
+func (v *sles) MinimumURLs() int {
+	// We don't need any url
+	return 0
+}
+
+func (v *sles) KernelTemplateData(kr kernelrelease.KernelRelease, _ []string) interface{} {
+	return slesTemplateData{
+		KernelPackage: kr.Fullversion + kr.FullExtraversion,
+	}
+}
+
+// sles requires docker to run with `--net=host` for builder images to work
+// for more info, see the suse container connect README: https://github.com/SUSE/container-suseconnect
+func (v *sles) BuilderImageNetMode() string {
+	return "host"
+}
--- a/pkg/driverbuilder/builder/talos.go
+++ b/pkg/driverbuilder/builder/talos.go
@ -0,0 +1,43 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+// TargetTypeTalos identifies the Talos target.
+const TargetTypeTalos Type = "talos"
+
+func init() {
+	byTarget[TargetTypeTalos] = &talos{
+		vanilla{},
+	}
+}
+
+type talos struct {
+	vanilla
+}
+
+func (b *talos) Name() string {
+	return TargetTypeTalos.String()
+}
+
+func (b *talos) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
+	return vanillaTemplateData{
+		KernelDownloadURL:  urls[0],
+		KernelLocalVersion: kr.FullExtraversion,
+	}
+}
--- a/pkg/driverbuilder/builder/target.go
+++ b/pkg/driverbuilder/builder/target.go
@ -1,7 +1,21 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder

-// BuilderByTarget maps targets to their builder.
-var BuilderByTarget = Targets{}
+// byTarget maps targets to their builder.
+var byTarget = map[Type]Builder{}

 // Type is a type representing targets.
 type Type string
@ -9,15 +23,3 @@ type Type string
 func (t Type) String() string {
 	return string(t)
 }
-
-// Targets is a type representing the list of the supported targets.
-type Targets map[Type]Builder
-
-// Targets returns the list of all the supported targets.
-func (t Targets) Targets() []string {
-	res := []string{}
-	for k := range t {
-		res = append(res, k.String())
-	}
-	return res
-}
--- a/Show More
+++ b/Show More
				`@ -0,0 +1 @@`
				`A command line tool to build Falco kernel modules and eBPF probes.`
				`@ -0,0 +1 @@`
				`Use "driverkit [command] --help" for more information about a command.`
				`@ -0,0 +1 @@`
				`builder-any-x86_64_gcc10.0.0_gcc9.0.0.Dockerfile`
				`@ -0,0 +1 @@`
				`builder-any-x86_64_gcc12.0.0_gcc11.0.0.Dockerfile`
				`@ -0,0 +1 @@`
				`builder-any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0.Dockerfile`