diff --git a/nixos/tests/tracee.nix b/nixos/tests/tracee.nix
index 1e0249056fea..1609d3abc69f 100644
--- a/nixos/tests/tracee.nix
+++ b/nixos/tests/tracee.nix
@@ -2,21 +2,26 @@ import ./make-test-python.nix ({ pkgs, ... }: {
   name = "tracee-integration";
   nodes = {
     machine = { config, pkgs, ... }: {
-      # EventFilters/trace_only_events_from_new_containers requires docker
-      # podman with docker compat will suffice
-      virtualisation.podman.enable = true;
-      virtualisation.podman.dockerCompat = true;
+      # EventFilters/trace_only_events_from_new_containers and
+      # Test_EventFilters/trace_only_events_from_"dockerd"_binary_and_contain_it's_pid
+      # require docker/dockerd
+      virtualisation.docker.enable = true;
 
       environment.systemPackages = [
+        # required by Test_EventFilters/trace_events_from_ls_and_which_binary_in_separate_scopes
+        pkgs.which
         # build the go integration tests as a binary
         (pkgs.tracee.overrideAttrs (oa: {
           pname = oa.pname + "-integration";
           postPatch = oa.postPatch or "" + ''
-            # prepare tester.sh
+            # prepare tester.sh (which will be embedded in the test binary)
             patchShebangs tests/integration/tester.sh
+
             # fix the test to look at nixos paths for running programs
             substituteInPlace tests/integration/integration_test.go \
-              --replace "/usr/bin" "/run"
+              --replace "bin=/usr/bin/" "comm=" \
+              --replace "/usr/bin/dockerd" "dockerd" \
+              --replace "/usr/bin" "/run/current-system/sw/bin"
           '';
           nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ pkgs.makeWrapper ];
           buildPhase = ''
@@ -40,10 +45,16 @@ import ./make-test-python.nix ({ pkgs, ... }: {
   };
 
   testScript = ''
+    machine.wait_for_unit("docker.service")
+
     with subtest("run integration tests"):
       # EventFilters/trace_only_events_from_new_containers also requires a container called "alpine"
-      machine.succeed('tar cv -C ${pkgs.pkgsStatic.busybox} . | podman import - alpine --change ENTRYPOINT=sleep')
+      machine.succeed('tar c -C ${pkgs.pkgsStatic.busybox} . | docker import - alpine --change "ENTRYPOINT [\"sleep\"]"')
 
-      print(machine.succeed('tracee-integration -test.v'))
+      # Test_EventFilters/trace_event_set_in_a_specific_scope expects to be in a dir that includes "integration"
+      print(machine.succeed(
+        'mkdir /tmp/integration',
+        'cd /tmp/integration && tracee-integration -test.v'
+      ))
   '';
 })
diff --git a/pkgs/tools/security/tracee/default.nix b/pkgs/tools/security/tracee/default.nix
index 6600faeed963..89a8ba6bcc2f 100644
--- a/pkgs/tools/security/tracee/default.nix
+++ b/pkgs/tools/security/tracee/default.nix
@@ -19,15 +19,15 @@ let
 in
 buildGoModule rec {
   pname = "tracee";
-  version = "0.10.0";
+  version = "0.11.0";
 
   src = fetchFromGitHub {
     owner = "aquasecurity";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-TSzvuPE4to6aN52fmcwC6mVBOWUFQSyWHDgNs8emPq4=";
+    sha256 = "sha256-fAbii/DEXx9WJpolc7amqF9TQj4oE5x0TCiNOtVasGo=";
   };
-  vendorSha256 = "sha256-HGJ7Gtug+nSg+mAQH4jcNkeikWQW10cgAIoAqeAf9r4=";
+  vendorSha256 = "sha256-eenhIsiJhPLgwJo2spIGURPkcsec3kO4L5UJ0FWniQc=";
 
   patches = [
     ./use-our-libbpf.patch