github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-24 13:52:16 +00:00
Code Issues Projects Releases Wiki Activity
Cloud Native Runtime Security
3,859 Commits 120 Branches 172 Tags 104 MiB
C++ 83.7%
CMake 8.2%
C 3.5%
Shell 3.1%
Dockerfile 1.2%
Other 0.3%
2583ea9bfd
Go to file
Leonardo Grasso 2583ea9bfd docs(brand): update glossary of key terms 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
2023-08-04 10:14:21 +02:00
.circleci CI: bump ubuntu version for tests-driver-loader-integration 2023-06-27 14:48:54 +02:00
.github update(ci): integrate tests and ci workflow for release branch and tags 2023-07-27 19:35:41 +02:00
audits new(docs): add security audit from January 2023 2023-02-21 08:23:28 +01:00
brand docs(brand): update glossary of key terms 2023-08-04 10:14:21 +02:00
cmake update(falco): update libs to 0790cff 2023-07-19 10:20:36 +02:00
docker feat: add jq and curl to falco-no-driver docker image 2023-05-31 13:21:31 +02:00
proposals docs(proposals): roadamap mgt non-goals 2023-05-30 15:51:30 +02:00
scripts fix(scripts): fix falco-driver-loader for debian. 2023-06-23 16:14:59 +02:00
submodules build(deps): Bump submodules/falcosecurity-rules 2023-08-04 10:13:21 +02:00
test build(deps): Bump certifi from 2022.12.7 to 2023.7.22 in /test 2023-07-27 15:10:42 +02:00
unit_tests fix: add a check on online CPUs 2023-05-25 10:23:10 +02:00
userspace update(userspace/falco): improve cli flag description related to drivers 2023-07-28 14:59:46 +02:00
.clang-format chore: clang format following the current style 2019-07-03 09:07:00 +02:00
.cmake-format spelling: lexicographically 2022-03-01 16:30:24 +01:00
.codespellignore fix(CI): codespell should ignore ro word 2022-08-23 16:29:05 +02:00
.gitignore cleanup(userspace/engine): remove lua files and lua-related code sections 2022-04-11 12:22:18 +02:00
.gitmodules update(submodules): add falcosecurity/testing submodule 2023-06-13 10:50:10 +02:00
.yamllint.conf new: YAML lint configuration 2019-07-10 13:00:03 +02:00
ADOPTERS.md doc: Adding Thalesgroup as Falco adopters 2023-07-04 11:49:28 +02:00
CHANGELOG.md docs: update changelog for 0.35.1 2023-06-29 13:01:00 +02:00
CMakeLists.txt update(CMakeLists): fix c++17 compilation issues 2023-05-19 12:15:04 +02:00
COPYING docs: update COPYING 2019-10-08 16:02:26 +02:00
falco.yaml cleanup(config): minor config clarifications 2023-06-22 10:23:55 +02:00
OWNERS update(OWNERS): add LucaGuerra to owners 2023-06-29 10:27:59 +02:00
README.md docs(README.md): correct typo 2023-08-02 14:58:15 +02:00
RELEASE.md cleanup(docs): adjust release.md 2023-06-02 19:44:22 +02:00
rules new: add falcosecurity/rules submodule 2023-01-21 17:58:08 +01:00

README.md

Falco

Latest release Supported Architectures License Docs

Falco Core Repository Stable OpenSSF Best Practices

Falco

Falco is a cloud native runtime security tool for Linux operating systems. It is designed to detect and alert on abnormal behavior and potential security threats in real-time.

At its core, Falco is a kernel monitoring and detection agent that observes events, such as syscalls, based on custom rules. Falco can enhance these events by integrating metadata from the container runtime and Kubernetes. The collected events can be analyzed off-host in SIEM or data lake systems.

Falco, originally created by Sysdig, is an incubating project under the Cloud Native Computing Foundation (CNCF) used in production by various organisations.

For detailed technical information and insights into the cyber threats that Falco can detect, visit the official Falco website.

For comprehensive information on the latest updates and changes to the project, please refer to the change log. Additionally, we have documented the release process for delivering new versions of Falco.

Falco Repo: Powering the Core of The Falco Project

This is the main Falco repository which contains the source code for building the Falco binary. By utilizing its libraries and the falco.yaml configuration file, this repository forms the foundation of Falco's functionality. The Falco repository is closely interconnected with the following core repositories:

  • falcosecurity/libs: Falco's libraries are key to its fundamental operations, making up the greater portion of the source code of the Falco binary and providing essential features such as kernel drivers.
  • falcosecurity/rules: Contains the official ruleset for Falco, providing pre-defined detection rules for various security threats and abnormal behaviors.
  • falcosecurity/plugins: Falco plugins facilitate integration with external services, expand Falco's capabilities beyond syscalls and container events, and are designed to evolve with specialized functionality in future releases.
  • falcosecurity/falcoctl: Command-line utility for managing and interacting with Falco.

For more information, visit the official hub of The Falco Project: falcosecurity/evolution. It provides valuable insights and information about the project's repositories.

Getting Started with Falco

Carefully review and follow the official guide and documentation.

Considerations and guidance for Falco adopters:

  1. Understand dependencies: Assess the environment where you'll run Falco and consider kernel versions and architectures.

  2. Define threat detection objectives: Clearly identify the threats you want to detect and evaluate Falco's strengths and limitations.

  3. Consider performance and cost: Assess compute performance overhead and align with system administrators or SREs. Budget accordingly.

  4. Choose build and customization approach: Decide between the open source Falco build or creating a custom build pipeline. Customize the build and deployment process as necessary, including incorporating unique tests or approaches, to ensure a resilient deployment with fast deployment cycles.

  5. Integrate with output destinations: Integrate Falco with SIEM, data lake systems, or other preferred output destinations to establish a robust foundation for comprehensive data analysis and enable effective incident response workflows.

How to Contribute

Please refer to the contributing guide and the code of conduct for more information on how to contribute.

Join the Community

To get involved with the Falco Project please visit the community repository to find more information and ways to get involved.

If you have any questions about Falco or contributing, do not hesitate to file an issue or contact the Falco maintainers and community members for assistance.

How to reach out?

Commitment to Falco's Own Security

Full reports of various security audits can be found here.

In addition, you can refer to the falco security and libs security sections for detailed updates on security advisories and policies.

To report security vulnerabilities, please follow the community process outlined in the documentation found here.

What's next for Falco?

Stay updated with Falco's evolving capabilities by exploring the Falco Roadmap, which provides insights into the features currently under development and planned for future releases.

License

Falco is licensed to you under the Apache 2.0 open source license.

Resources