From ee8f617c8070ef5dec63118a9a4d8ea5740a444c Mon Sep 17 00:00:00 2001
From: Sverre Boschman <1142569+sboschman@users.noreply.github.com>
Date: Thu, 14 Mar 2024 14:10:25 +0100
Subject: [PATCH] docs: add k8saudit-gke to registry.yaml

Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com>
---
 README.md                   |  1 +
 plugins/k8saudit-gke/OWNERS |  2 ++
 registry.yaml               | 24 ++++++++++++++++++++++++
 3 files changed, 27 insertions(+)
 create mode 100644 plugins/k8saudit-gke/OWNERS

diff --git a/README.md b/README.md
index 4f5aa482..9a401c1d 100644
--- a/README.md
+++ b/README.md
@@ -81,6 +81,7 @@ These comments and the text between them should not be edited by hand -->
 | [box](https://github.com/an1245/falco-plugin-box/) | **Event Sourcing** <br/>ID: 15 <br/>`box` <br/>**Field Extraction** <br/> `box` | Falco plugin providing basic runtime threat detection and auditing logging for Box  <br/><br/> Authors: [Andy](https://github.com/an1245/falco-plugin-box/issues) <br/> License: Apache-2.0 |
 | test | **Event Sourcing** <br/>ID: 999 <br/>`test` | This ID is reserved for source plugin development. Any plugin author can use this ID, but authors can expect events from other developers with this ID. After development is complete, the author should request an actual ID  <br/><br/> Authors: N/A <br/> License: N/A |
 | [k8smeta](https://github.com/falcosecurity/plugins/tree/master/plugins/k8smeta) | **Field Extraction** <br/> `syscall` | Enriche Falco syscall flow with Kubernetes Metadata  <br/><br/> Authors: [The Falco Authors](https://falco.org/community) <br/> License: Apache-2.0 |
+| [k8saudit-gke](https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit-gke) | **Event Sourcing** <br/>ID: 16 <br/>`k8s_audit` <br/>**Field Extraction** <br/> `k8s_audit` | Read Kubernetes Audit Events from GKE Clusters  <br/><br/> Authors: [The Falco Authors](https://falco.org/community) <br/> License: Apache-2.0 |
 
 <!-- REGISTRY:TABLE -->
 
diff --git a/plugins/k8saudit-gke/OWNERS b/plugins/k8saudit-gke/OWNERS
new file mode 100644
index 00000000..c66410ef
--- /dev/null
+++ b/plugins/k8saudit-gke/OWNERS
@@ -0,0 +1,2 @@
+approvers:
+  - sboschman
diff --git a/registry.yaml b/registry.yaml
index 9197817b..159d1e2c 100644
--- a/registry.yaml
+++ b/registry.yaml
@@ -402,3 +402,27 @@ plugins:
       extraction:
         supported: true
         sources: [syscall]
+  - name: k8saudit-gke
+    description: Read Kubernetes Audit Events from GKE Clusters
+    authors: The Falco Authors
+    contact: https://falco.org/community
+    url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit-gke
+    rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit-gke/rules
+    license: Apache-2.0
+    signature:
+      cosign:
+        certificate-oidc-issuer: https://token.actions.githubusercontent.com
+        certificate-identity-regexp: https://github.com/falcosecurity/plugins/
+    keywords:
+      - audit
+      - audit-log
+      - audit-events
+      - kubernetes
+      - gke    
+    capabilities:
+      sourcing:
+        supported: true
+        id: 16
+        source: k8s_audit
+      extraction:
+        supported: true