diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index a7bd4cfd..8c0dc0f2 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -339,13 +339,14 @@
 
 - macro: parent_scripting_running_builds
   condition: >
-    (proc.pname in (php,php5-fpm,python,ruby,ruby2.3) and (
+    (proc.pname in (php,php5-fpm,python,ruby,ruby2.3,node) and (
        proc.cmdline startswith "sh -c git" or
        proc.cmdline startswith "sh -c date" or
        proc.cmdline startswith "sh -c /usr/bin/g++" or
        proc.cmdline startswith "sh -c /usr/bin/gcc" or
        proc.cmdline startswith "sh -c gcc" or
-       proc.cmdline startswith "sh -c if type gcc"))
+       proc.cmdline startswith "sh -c if type gcc" or
+       proc.cmdline startswith "sh -c cd '/var/www/edi/';LC_ALL=en_US.UTF-8 git"))
 
 - macro: parent_node_running_npm
   condition: proc.pcmdline startswith "node /usr/local/bin/npm"