github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-04-04 11:02:16 +00:00
Code Issues Projects Releases Wiki Activity
1,888 Commits 127 Branches 184 Tags
readme-update
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Kris Nova b0f5e5473c feat(docs): Updating readme to match falco.org 
Signed-off-by: Kris Nova <kris@nivenly.com>
2020-07-02 10:34:38 -07:00
.circleci
fix(userspace/falco): set gpr log verbosity accordingly to the Falco one
2020-05-21 18:15:46 +02:00
.github
update(.github): remove examples and integrations from PR template
2020-05-15 11:27:18 +02:00
audits
move audit doc
2019-12-17 09:15:41 +01:00
brand
docs: teal logo is svg
2020-06-29 09:14:50 -07:00
cmake
build: fetch openssl, curl, njson dependencies from github not draios
2020-07-02 06:01:12 +02:00
docker
new(test): add gRPC unix socket support
2020-06-30 13:04:03 +02:00
proposals
bc(userspace/falco): the Falco gRPC Outputs API are now "falco.outputs.service/get" and "falco.outputs.service/sub"
2020-06-29 20:42:50 +02:00
rules
rule(Disallowed K8s User): whitelist kube-apiserver-healthcheck
2020-06-30 11:44:11 +02:00
scripts
fix(scripts/falco-driver-loader): exit when bpf download fails
2020-05-18 15:16:59 +02:00
test
fix: update k8s audit endpoint to /k8s-audit everywhere
2020-07-01 13:29:51 +02:00
tests
update(tests/engine): test is_unix_scheme
2020-05-21 18:15:46 +02:00
userspace
fix: update k8s audit endpoint to /k8s-audit everywhere
2020-07-01 13:29:51 +02:00
.clang-format
chore: clang format following the current style
2019-07-03 09:07:00 +02:00
.cmake-format
new: cmake format colums to 120
2020-01-17 19:09:31 +01:00
.gitignore
update(docker/event-generator): remove the event-generator from the Falco repo
2020-04-24 15:40:50 +02:00
.luacheckrc
new: luacheck basic config
2019-07-10 18:49:02 +02:00
.yamllint.conf
new: YAML lint configuration
2019-07-10 13:00:03 +02:00
ADOPTERS.md
Add GitLab to ADOPTERS.md
2020-06-30 11:45:58 +02:00
CHANGELOG.md
fix(CHANGELOG.md): correct typo
2020-05-18 16:56:21 +02:00
CMakeLists.txt
build: do not download lyaml and lpeg from draios S3 anymore
2020-07-02 06:01:12 +02:00
CODE_OF_CONDUCT.md
docs: markdown code of conduct
2019-09-13 12:57:17 +02:00
CONTRIBUTING.md
docs(CONTRIBUTING.md): update slack channel URL
2020-05-20 18:07:51 +02:00
COPYING
docs: update COPYING
2019-10-08 16:02:26 +02:00
falco.yaml
fix(falco.yaml): correct k8s audit endpoint
2020-06-19 15:31:17 +02:00
GOVERNANCE.md
docs: markdown governance
2019-09-13 12:57:17 +02:00
OWNERS
new: add @kris-nova to owners
2019-08-13 22:42:43 +02:00
README.md
feat(docs): Updating readme to match falco.org
2020-07-02 10:34:38 -07:00
RELEASE.md
docs(RELEASE.md): correct typo
2020-05-18 11:41:05 +02:00

README.md

Cloud Native Runtime Security.

The Falco Project

Build Status CII Best Practices Summary GitHub

Download

Read the change log.

development stable
rpm rpm-dev rpm
deb deb-dev deb
binary bin-dev bin

The Falco Project supports a cloud-native runtime security tool, as well as ancillary projects and integrations that surround it. Falco is a daemon that can run either directly on a host, or in a container. Falco observes system calls at runtime and builds a model of the system in memory. As events occur the events are parsed through a rules engine. If a rule is violated, an alert occurs. Alerts are dynamic and configurable using the Falco SDKs.

Falco ships with a sane set of default rules. These rules look for things like:

  • A shell is running inside a container.
  • A container is running in privileged mode, or is mounting a sensitive path, such as /proc, from the host.
  • A server process is spawning a child process of an unexpected type.
  • Unexpected read of a sensitive file, such as /etc/shadow.
  • A non-device file is written to /dev.
  • A standard system binary, such as ls, is making an outbound network connection.

Installing Falco

You can find the latest release downloads on the official release archive

Furthermore the comprehensive installation guide for Falco is available in the documentation website.

How do you compare Falco with other security tools?

One of the questions we often get when we talk about Falco is “How does Falco differ from other Linux security tools such as SELinux, AppArmor, Auditd, etc.?”. We wrote a blog post comparing Falco with other tools.

Documentation

See Falco Documentation to quickly get started using Falco.

Join the Community

To get involved with The Falco Project please visit the community repository to find more.

License Terms

Falco is licensed to you under the Apache 2.0 open source license.

Contributing

See the CONTRIBUTING.md.

Security

Security Audit

A third party security audit was performed by Cure53, you can see the full report here.

Reporting security vulnerabilities

Please report security vulnerabilities following the community process documented here.

Reference in New Issue View Git Blame Copy Permalink
Description
Cloud Native Runtime Security
cloud-nativecncfcontainersebpffalcohacktoberfestkubernetessecurity
Readme Apache-2.0 109 MiB
Languages
C++ 83.9%
CMake 7.7%
C 3.6%
Shell 3.2%
Dockerfile 1.3%
Other 0.3%