diff --git a/.github/actions/install-zig/action.yml b/.github/actions/install-zig/action.yml
new file mode 100644
index 0000000000..efb63b83c0
--- /dev/null
+++ b/.github/actions/install-zig/action.yml
@@ -0,0 +1,55 @@
+name: 'install-zig'
+description: 'Install zig compiler and make it available in PATH.'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Store zig version as local output
+      shell: bash
+      id: store
+      env:
+        ZIG_VERSION: '0.14.0-dev.2424+7cd2c1ce8'
+      run: |
+        echo "zig_version=${ZIG_VERSION}" >> "$GITHUB_OUTPUT"
+
+    # TODO: this is only needed because we are using a development version of zig,
+    # since we need https://github.com/ziglang/zig/pull/21253 to be included.
+    # Development versions of zig are not kept alive forever, but get overridden.
+    # We cache it to keep it alive.
+    - name: Download zig (cached)
+      id: cache-zig
+      uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+      with:
+        path: zig
+        key: zig-${{ runner.os }}-${{ runner.arch }}-${{ steps.store.outputs.zig_version }}
+
+    - name: Download zig
+      if: steps.cache-zig.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        curl -L -o zig.tar.xz https://ziglang.org/builds/zig-linux-$(uname -m)-${{ steps.store.outputs.zig_version }}.tar.xz
+        tar -xvf zig.tar.xz
+
+        cat > zig-linux-$(uname -m)-${{ steps.store.outputs.zig_version }}/zig-cc <<EOF
+        #!/bin/bash
+        exec zig cc -target $(uname -m)-linux-gnu.2.17 -mcpu=baseline "\$@"
+        EOF
+        chmod +x zig-linux-$(uname -m)-${{ steps.store.outputs.zig_version }}/zig-cc
+
+        cat > zig-linux-$(uname -m)-${{ steps.store.outputs.zig_version }}/zig-c++ <<EOF
+        #!/bin/bash
+        exec zig c++ -target $(uname -m)-linux-gnu.2.17 -mcpu=baseline "\$@"
+        EOF
+        chmod +x zig-linux-$(uname -m)-${{ steps.store.outputs.zig_version }}/zig-c++
+
+        mv zig-linux-$(uname -m)-${{ steps.store.outputs.zig_version }}/ zig
+
+    - name: Setup zig
+      shell: bash
+      id: zig
+      run: |
+        echo "$(pwd)/zig" >> $GITHUB_PATH
+        echo "CC=zig-cc" >> $GITHUB_ENV
+        echo "CXX=zig-c++" >> $GITHUB_ENV
+        echo "AR=zig ar" >> $GITHUB_ENV
+        echo "RANLIB=zig ranlib" >> $GITHUB_ENV
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index fe81da1a17..d7d8be214c 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -15,7 +15,6 @@ jobs:
       SKEL_BUILDER_IMAGE_BASE: ghcr.io/draios/sysdig-skel-builder-pr
       BUILDER_DEV: ghcr.io/draios/sysdig-builder:dev
       SKEL_BUILDER_DEV: ghcr.io/draios/sysdig-skel-builder:dev
-
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Sysdig
@@ -38,7 +37,7 @@ jobs:
 
       - name: Set up Docker Buildx
         if: steps.builder-files.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to Github Packages
         if: steps.builder-files.outputs.any_changed == 'true'
@@ -47,30 +46,13 @@ jobs:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      
-      - name: Get new skeleton builder image tag
-        id: get-new-skeleton-builder
-        if: steps.builder-files.outputs.any_changed == 'true'
-        run: |
-          echo "skeleton_builder_image=${{ (github.event.pull_request.number != '') && format('{0}:{1}', env.SKEL_BUILDER_IMAGE_BASE, github.event.pull_request.number)  || env.SKEL_BUILDER_DEV }}" >> $GITHUB_OUTPUT
-      
+
       - name: Get new builder image tag
         id: get-new-builder
         if: steps.builder-files.outputs.any_changed == 'true'
         run: |
           echo "builder_image=${{ (github.event.pull_request.number != '') && format('{0}:{1}', env.BUILDER_IMAGE_BASE, github.event.pull_request.number)  || env.BUILDER_DEV }}" >> $GITHUB_OUTPUT
 
-      - name: Build new skeleton builder
-        id: skeleton-builder
-        if: steps.builder-files.outputs.any_changed == 'true'
-        uses: docker/build-push-action@v6
-        with:
-          context: docker/builder
-          file:  docker/builder/modern_bpf_probe.Dockerfile
-          platforms: linux/amd64,linux/arm64
-          tags: ${{ steps.get-new-skeleton-builder.outputs.skeleton_builder_image }}
-          push: true
-
       - name: Build new builder
         id: build-builder
         if: steps.builder-files.outputs.any_changed == 'true'
@@ -80,166 +62,59 @@ jobs:
           platforms: linux/amd64,linux/arm64
           tags: ${{ steps.get-new-builder.outputs.builder_image }}
           push: true
-
     outputs:
       builder_image: ${{ (steps.builder-files.outputs.any_changed == 'true') && steps.get-new-builder.outputs.builder_image || env.BUILDER_DEV }}
-      skeleton_builder_image: ${{ (steps.builder-files.outputs.any_changed == 'true') && steps.get-new-skeleton-builder.outputs.skeleton_builder_image || env.SKEL_BUILDER_DEV }}
-
-  build-skeleton-sysdig-linux-amd64:
-    needs: builder
-    runs-on: ubuntu-latest
-    container:
-      image: ${{ needs.builder.outputs.skeleton_builder_image }}
-    steps:
-      - name: Checkout Sysdig
-        uses: actions/checkout@v4
-        with:
-          path: sysdig
-      - name: Link paths
-        run: |
-          mkdir -p /source
-          ln -s "$GITHUB_WORKSPACE/sysdig" /source/sysdig
-      - name: Prepare build skeleton
-        run: build cmake-skeleton
-      - name: Build skeleton
-        run: build make-skeleton
-      - name: Cache build skeleton
-        uses: actions/cache/save@v3
-        if: always()
-        id: cache
-        with:
-          path: /build-skeleton
-          key: build-skeleton-${{ github.run_id }}
 
-  build-sysdig-linux-amd64:
-    needs: [builder,build-skeleton-sysdig-linux-amd64]
+  build-sysdig-linux:
+    needs: [builder]
     runs-on: ubuntu-latest
     container:
       image: ${{ needs.builder.outputs.builder_image }}
-      volumes:
-        - '/node20217:/node20217:rw,rshared'
-        - '/node20217:/__e/node20:ro,rshared'
-    env:
-      ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+
     steps:
-      - name: install nodejs20glibc2.17
-        run: |
-          yum install curl -yyq
-          curl -LO https://unofficial-builds.nodejs.org/download/release/v20.9.0/node-v20.9.0-linux-x64-glibc-217.tar.xz
-          tar -xf node-v20.9.0-linux-x64-glibc-217.tar.xz --strip-components 1 -C /node20217
-          ldd /__e/node20/bin/node
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
 
       - name: Checkout Sysdig
         uses: actions/checkout@v4
         with:
-          path: sysdig
-      - name: Link paths
+          fetch-depth: 0
+
+      - name: Build Sysdig
         run: |
-          mkdir -p /source
-          ln -s "$GITHUB_WORKSPACE/sysdig" /source/sysdig
-      - name: Restore build skeleton
-        id: cache
-        uses: actions/cache/restore@v3
-        with:
-          path: /build-skeleton
-          key: build-skeleton-${{ github.run_id }}
-          restore-keys: build-skeleton-
-      - name: Build
-        run: build cmake
-      - name: Build packages
-        run: build package
-      - name: Upload rpm package
-        uses: actions/upload-artifact@v3
-        with:
-          name: sysdig-dev-linux-x86_64.rpm
-          path: |
-            /build/release/sysdig-*.rpm
-      - name: Upload deb package
-        uses: actions/upload-artifact@v3
-        with:
-          name: sysdig-dev-linux-x86_64.deb
-          path: |
-            /build/release/sysdig-*.deb
-      - name: Upload tar.gz package
-        uses: actions/upload-artifact@v3
-        with:
-          name: sysdig-dev-linux-x86_64.tar.gz
-          path: |
-            /build/release/sysdig-*.tar.gz      
+          cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_BPF=OFF -DBUILD_DRIVER=OFF -DCMAKE_BUILD_TYPE=Release -S . -B build -G Ninja
+          cmake --build build --target package --config Release
 
-  build-sysdig-linux-arm64:
-    needs: builder
-    env:
-      REGISTRY: ghcr.io
-      BUILDER_IMAGE_BASE: ghcr.io/draios/sysdig-builder-pr
-      SKEL_BUILDER_IMAGE_BASE: ghcr.io/draios/sysdig-skel-builder-pr
-      BUILDER_DEV: ghcr.io/draios/sysdig-builder:dev
-      SKEL_BUILDER_DEV: ghcr.io/draios/sysdig-skel-builder:dev
-      ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Sysdig
-        uses: actions/checkout@v4
-        with:
-          path: sysdig
-      - name: Create build dir
+      - name: Set artifact name
+        id: artifact_name
         run: |
-          mkdir -p ${{ github.workspace }}/sysdig-build-aarch64
+          echo "name=sysdig-dev-$(echo ${{ matrix.platform }} | sed -e 's|/|-|g')" >> $GITHUB_OUTPUT
 
-      - name: Login to Github Packages
-        uses: docker/login-action@v3
+      - name: Upload rpm package
+        uses: actions/upload-artifact@v4
         with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          name: ${{ steps.artifact_name.outputs.name }}.rpm
+          path: |
+            build/sysdig-*.rpm
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          platforms: 'amd64,arm64'
-      - name: Run the build skeleton process with Docker
-        uses: addnab/docker-run-action@v3
-        with:
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ${{ env.REGISTRY }}
-          image: ${{ needs.builder.outputs.skeleton_builder_image }}
-          options: --platform=linux/arm64 -v ${{ github.workspace }}/sysdig:/source/sysdig -v ${{ github.workspace }}/sysdig-build-aarch64:/build/dev-packages -v ${{ github.workspace }}/skeleton-build:/build-skeleton
-          run: |
-            mkdir -p /build/dev-packages && \
-            build cmake-skeleton && \
-            build make-skeleton
-      - name: Run the build process with Docker
-        uses: addnab/docker-run-action@v3
-        with:
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ${{ env.REGISTRY }}
-          image: ${{ needs.builder.outputs.builder_image }}
-          options: --platform=linux/arm64 -v ${{ github.workspace }}/sysdig:/source/sysdig -v ${{ github.workspace }}/sysdig-build-aarch64:/build/dev-packages -v ${{ github.workspace }}/skeleton-build:/build-skeleton
-          run: |
-            mkdir -p /build/dev-packages && \
-            build cmake && \
-            build package && \
-            cp /build/release/sysdig-* /build/dev-packages
       - name: Upload deb package
-        uses: actions/upload-artifact@v3
-        with:
-          name: sysdig-dev-linux-aarch64.deb
-          path: |
-            ${{ github.workspace }}/sysdig-build-aarch64/sysdig-*.deb
-      - name: Upload rpm package
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: sysdig-dev-linux-aarch64.rpm
+          name: ${{ steps.artifact_name.outputs.name }}.deb
           path: |
-            ${{ github.workspace }}/sysdig-build-aarch64/sysdig-*.rpm
+            build/sysdig-*.deb
+
       - name: Upload tar.gz package
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: sysdig-dev-linux-aarch64.tar.gz
+          name: ${{ steps.artifact_name.outputs.name }}.tar.gz
           path: |
-            ${{ github.workspace }}/sysdig-build-aarch64/sysdig-*.tar.gz
+            build/sysdig-*.tar.gz
 
   build-sysdig-others-amd64:
     name: build-sysdig-other-amd64
@@ -259,9 +134,8 @@ jobs:
         uses: actions/checkout@v4
       - name: Build
         run: |
-          mkdir -p build
-          cd build && cmake -Wno-dev ..
-          cmake --build . --target package --config Release
+          cmake -Wno-dev -S . -B build
+          cmake --build build --target package --config Release
       - name: Upload artifacts
         uses: actions/upload-artifact@v3
         with:
@@ -284,9 +158,8 @@ jobs:
         uses: actions/checkout@v4
       - name: Build
         run: |
-          mkdir -p build
-          cd build && cmake -Wno-dev ..
-          cmake --build . --target package --config Release
+          cmake -Wno-dev -S . -B build
+          cmake --build build --target package --config Release
       - name: Upload artifacts
         uses: actions/upload-artifact@v3
         with:
diff --git a/cmake/modules/cares.cmake b/cmake/modules/cares.cmake
deleted file mode 100644
index 1c7807f8d2..0000000000
--- a/cmake/modules/cares.cmake
+++ /dev/null
@@ -1,76 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#
-# Copyright (C) 2023 The Falco Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
-# in compliance with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed under the License
-# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing permissions and limitations under
-# the License.
-#
-
-option(USE_BUNDLED_CARES "Enable building of the bundled c-ares" ${USE_BUNDLED_DEPS})
-
-if(CARES_INCLUDE)
-	# we already have c-ares
-elseif(NOT USE_BUNDLED_CARES)
-	find_path(CARES_INCLUDE NAMES cares/ares.h ares.h)
-	find_library(CARES_LIB NAMES cares)
-	if(CARES_INCLUDE AND CARES_LIB)
-		message(STATUS "Found c-ares: include: ${CARES_INCLUDE}, lib: ${CARES_LIB}")
-	else()
-		message(FATAL_ERROR "Couldn't find system c-ares")
-	endif()
-else()
-	if(BUILD_SHARED_LIBS)
-		set(CARES_LIB_SUFFIX ${CMAKE_SHARED_LIBRARY_SUFFIX})
-		set(CARES_STATIC_OPTION "Off")
-	else()
-		set(CARES_LIB_SUFFIX ${CMAKE_STATIC_LIBRARY_SUFFIX})
-		set(CARES_STATIC_OPTION "On")
-	endif()
-	set(CARES_SRC "${PROJECT_BINARY_DIR}/c-ares-prefix/src/c-ares")
-	set(CARES_INCLUDE "${CARES_SRC}/include/")
-	set(CARES_LIB "${CARES_SRC}/lib64/libcares${CARES_LIB_SUFFIX}")
-
-	if(NOT TARGET c-ares)
-		message(STATUS "Using bundled c-ares in '${CARES_SRC}'")
-		ExternalProject_Add(
-			c-ares
-			PREFIX "${PROJECT_BINARY_DIR}/c-ares-prefix"
-			URL "https://github.com/c-ares/c-ares/releases/download/v1.33.1/c-ares-1.33.1.tar.gz"
-			URL_HASH "SHA256=06869824094745872fa26efd4c48e622b9bd82a89ef0ce693dc682a23604f415"
-			BUILD_IN_SOURCE 1
-			CMAKE_ARGS -DCMAKE_POLICY_DEFAULT_CMP0091:STRING=NEW
-					   -DCMAKE_MSVC_RUNTIME_LIBRARY=${CMAKE_MSVC_RUNTIME_LIBRARY}
-					   -DCARES_SHARED=${BUILD_SHARED_LIBS}
-					   -DCARES_STATIC=${CARES_STATIC_OPTION}
-					   -DCARES_STATIC_PIC=${ENABLE_PIC}
-					   -DCARES_BUILD_TOOLS=Off
-					   -DCARES_INSTALL=Off
-			BUILD_BYPRODUCTS ${CARES_INCLUDE} ${CARES_LIB}
-			INSTALL_COMMAND ""
-		)
-		install(
-			FILES "${CARES_LIB}"
-			DESTINATION "${CMAKE_INSTALL_LIBDIR}/${LIBS_PACKAGE_NAME}"
-			COMPONENT "libs-deps"
-		)
-		install(
-			DIRECTORY "${CARES_INCLUDE}"
-			DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/${LIBS_PACKAGE_NAME}"
-			COMPONENT "libs-deps"
-		)
-	endif()
-
-endif()
-
-if(NOT TARGET c-ares)
-	add_custom_target(c-ares)
-endif()
-
-include_directories("${CARES_INCLUDE}")
diff --git a/docker/builder/Dockerfile b/docker/builder/Dockerfile
index 3f030f89c9..112605a44e 100644
--- a/docker/builder/Dockerfile
+++ b/docker/builder/Dockerfile
@@ -1,7 +1,4 @@
-FROM centos:7
-
-LABEL name="sysdig/sysdig-builder"
-LABEL usage="docker run -v $PWD/..:/source -v $PWD/build:/build sysdig/sysdig-builder cmake"
+FROM ubuntu:22.04
 
 ARG BUILD_TYPE=release
 ARG BUILD_DRIVER=OFF
@@ -17,31 +14,52 @@ ENV BUILD_VERSION=${BUILD_VERSION}
 ENV BUILD_WARNINGS_AS_ERRORS=${BUILD_WARNINGS_AS_ERRORS}
 ENV MAKE_JOBS=${MAKE_JOBS}
 
-COPY ./root /
-
-WORKDIR /
+ARG ZIG_VERSION=0.14.0-dev.2441+3670910f2
 
-# build toolchain
-RUN sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && \
-	sed -i 's/^#.*baseurl=http/baseurl=https/g' /etc/yum.repos.d/*.repo && \
-    sed -i 's/^mirrorlist=http/#mirrorlist=https/g' /etc/yum.repos.d/*.repo && \
-	yum -y install centos-release-scl; \
-	sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && \
-	sed -i 's/^#.*baseurl=http/baseurl=https/g' /etc/yum.repos.d/*.repo && \
-    sed -i 's/^mirrorlist=http/#mirrorlist=https/g' /etc/yum.repos.d/*.repo && \
-    yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ git wget make m4 rpm-build clang perl-IPC-Cmd ; \
-	source scl_source enable devtoolset-9
+COPY ./zig-cc  /usr/bin/
+COPY ./zig-c++ /usr/bin/
 
-RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.27.6/cmake-3.27.6-linux-$(uname -m).tar.gz; \
-    gzip -d /tmp/cmake.tar.gz; \
-    tar -xpf /tmp/cmake.tar --directory=/tmp; \
-    cp -R /tmp/cmake-3.27.6-linux-$(uname -m)/* /usr; \
-    rm -rf /tmp/cmake-3.27.6-linux-$(uname -m)/
-
-# DTS
-ENV BASH_ENV=/usr/bin/scl_enable \
-    ENV=/usr/bin/scl_enable \
-    PROMPT_COMMAND=". /usr/bin/scl_enable"
+WORKDIR /
 
-ENTRYPOINT ["build"]
-CMD ["usage"]
+RUN apt update && \
+    apt install -y --no-install-recommends \
+        autoconf \
+        automake \
+        build-essential \
+        ca-certificates \
+        clang \
+        cmake \
+        curl \
+        git \
+        libc-ares-dev \
+        libcurl4-openssl-dev \
+        libelf-dev \
+        libgrpc++-dev \
+        libgtest-dev \
+        libjq-dev \
+        libjsoncpp-dev \
+        libprotobuf-dev \
+        libssl-dev \
+        libtbb-dev \
+        libtool \
+        llvm \
+        ninja-build \
+        pkg-config \
+        protobuf-compiler-grpc \
+        wget \
+        xz-utils && \
+    git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch && \
+    cd bpftool && \
+    git submodule update --init && \
+    cd src && \
+    make install && \
+    cd ../.. && \
+    rm -fr bpftool && \
+    curl -LO https://ziglang.org/builds/zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \
+    tar -xaf zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \
+    rm -v zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \
+    cd zig-linux-$(uname -m)-${ZIG_VERSION} &&  \
+    cp -v zig /usr/bin && \
+    find lib -exec cp --parents {} /usr/ \; && \
+    cd .. && \
+    rm -fr zig*
diff --git a/docker/builder/zig-c++ b/docker/builder/zig-c++
new file mode 100755
index 0000000000..2b72de4ffe
--- /dev/null
+++ b/docker/builder/zig-c++
@@ -0,0 +1,2 @@
+#!/bin/bash
+exec zig c++ -target $(uname -m)-linux-gnu.2.17 -mcpu=baseline $@
diff --git a/docker/builder/zig-cc b/docker/builder/zig-cc
new file mode 100755
index 0000000000..a6449a7f58
--- /dev/null
+++ b/docker/builder/zig-cc
@@ -0,0 +1,2 @@
+#!/bin/bash
+exec zig cc -target $(uname -m)-linux-gnu.2.17 -mcpu=baseline $@