mirror of
				https://github.com/falcosecurity/falco.git
				synced 2025-10-22 03:49:36 +00:00 
			
		
		
		
	Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com> Signed-off-by: Lorenzo Fontana <lo@linux.com>
Falco Dockerfiles
This directory contains the various ways to package Falco as a container.
Currently Supported Containers
falcosecurity/falco Dockerfiles
- ./dev: Builds a container image from the- devapt repo.
- ./stable: Builds a container image from the- stableapt repo.
- ./local: Builds a container image from a locally provided Falco- dpkgpackage.
Build & Testing Dockerfiles
- ./builder:- falcosecurity/falco-builder- The complete build tool chain for compiling Falco from source. See the documentation for more details on building from source.
- ./tester:- falcosecurity/falco-tester- Container image for running the Falco test suite.
Alpha Release Containers
These Dockerfiles (and resulting container images) are currently in alpha. We'd love for you to test these images and report any feedback.
Slim and Minimal Dockerfiles
The goal of these container images is to reduce the size of the underlying Falco container.
- ./slim-dev: Like- ./devabove but removes build tools for older kernels.
- ./slim-stable: Like- ./stableabove but removes build tools for older kernels.
- ./minimal: A minimal container image (~20mb), containing only the files required to run Falco.
Init Containers
These container images allow for the delivery of the kernel module or eBPF probe either via HTTP or via a container image.
- kernel/linuxkit: Multistage Dockerfile to build a Falco kernel module for Linuxkit (Docker Desktop). Generates an alpine based container image with the kernel module, and- insmodas the container- CMD.
- kernel/probeloader: Multistage Dockerfile to build a Go based application to download (via HTTPS) and load a Falco kernel module. The resulting container image can be ran as an- initContainerto load the Falco module before Falco starts.