diff --git a/pkgs/os-specific/linux/sysdig/default.nix b/pkgs/os-specific/linux/sysdig/default.nix
index 59b48eeb7f715..0b22cb5c5e2af 100644
--- a/pkgs/os-specific/linux/sysdig/default.nix
+++ b/pkgs/os-specific/linux/sysdig/default.nix
@@ -1,13 +1,14 @@
 { lib, stdenv, fetchFromGitHub, cmake, kernel, installShellFiles, pkg-config
 , luajit, ncurses, perl, jsoncpp, openssl, curl, jq, gcc, elfutils, tbb
-, protobuf, grpc, yaml-cpp, nlohmann_json, re2, zstd, uthash }:
+, protobuf, grpc, yaml-cpp, nlohmann_json, re2, zstd, uthash, clang, libbpf, bpftools
+, fetchurl }:
 
 let
-  # Compare with https://github.com/draios/sysdig/blob/0.37.1/cmake/modules/falcosecurity-libs.cmake
-  libsRev = "0.16.0";
-  libsHash = "sha256-aduO2pLj91tRdZ1dW1F1JFEg//SopialXWPd6Oav/u8=";
+  # Compare with https://github.com/draios/sysdig/blob/0.38.1/cmake/modules/falcosecurity-libs.cmake
+  libsRev = "0.17.2";
+  libsHash = "sha256-BTLXtdU7GjOJReaycHvXkSd2vtybnCn0rTR7OEsvaMQ=";
 
-  # Compare with https://github.com/falcosecurity/libs/blob/0.16.0/cmake/modules/valijson.cmake
+  # Compare with https://github.com/falcosecurity/libs/blob/0.17.2/cmake/modules/valijson.cmake
   valijson = fetchFromGitHub {
     owner = "tristanpenman";
     repo = "valijson";
@@ -15,15 +16,22 @@ let
     hash = "sha256-wvFdjsDtKH7CpbEpQjzWtLC4RVOU9+D2rSK0Xo1cJqo=";
   };
 
-  # https://github.com/draios/sysdig/blob/0.37.1/cmake/modules/driver.cmake
+  # https://github.com/draios/sysdig/blob/0.38.1/cmake/modules/driver.cmake
   driver = fetchFromGitHub {
     owner = "falcosecurity";
     repo = "libs";
-    rev = "7.1.0+driver";
+    rev = "7.2.0+driver";
     hash = "sha256-FIlnJsNgofGo4HETEEpW28wpC3U9z5AZprwFR5AgFfA=";
   };
 
-  version = "0.37.1";
+  # "main.c" from master after (https://github.com/falcosecurity/libs/pull/1884)
+  # Remove when an upstream release includes the driver update
+  driverKernel610MainC = fetchurl {
+    url = "https://raw.githubusercontent.com/falcosecurity/libs/fa26daf65bb4117ecfe099fcad48ea75fe86d8bb/driver/main.c";
+    hash = "sha256-VI/tOSXs5OcEDehSqICF3apmSnwe4QCmbkHz+DGH4uM=";
+  };
+
+  version = "0.38.1";
 in stdenv.mkDerivation {
   pname = "sysdig";
   inherit version;
@@ -32,7 +40,7 @@ in stdenv.mkDerivation {
     owner = "draios";
     repo = "sysdig";
     rev = version;
-    hash = "sha256-V1rvQ6ZznL9UiUFW2lyW6gvdoGttOd5kgT2KPQCjmvQ=";
+    hash = "sha256-oufRTr5TFdpF50pmem2L3bBFIfwxCR8f1xi0A328iHo=";
   };
 
   nativeBuildInputs = [ cmake perl installShellFiles pkg-config ];
@@ -53,9 +61,12 @@ in stdenv.mkDerivation {
     nlohmann_json
     zstd
     uthash
+    clang
+    libbpf
+    bpftools
   ] ++ lib.optionals (kernel != null) kernel.moduleBuildDependencies;
 
-  hardeningDisable = [ "pic" ];
+  hardeningDisable = [ "pic" "zerocallusedregs" ];
 
   postUnpack = ''
     cp -r ${
@@ -74,6 +85,7 @@ in stdenv.mkDerivation {
 
     cp -r ${driver} driver-src
     chmod -R +w driver-src
+    cp ${driverKernel610MainC} driver-src/driver/main.c
 
     cmakeFlagsArray+=(
       "-DFALCOSECURITY_LIBS_SOURCE_DIR=$(pwd)/libs"