Home

Awesome

<p><img align="right" src="./img/pidgeotto.gif"/></p> <p></p>

Falco Project Evolution

This repository aims to document the evolution process of The Falco Project.

It provides a space for the community to work together, discuss ideas, and document processes. It is also a place to make decisions that regard the whole falcosecurity organization and define rules and structures that span beyond the extent of a single repository.

Table of Contents

Governance

The Falco Project governance model is documented in the GOVERNANCE.md file.

Code Of Conduct

We follow the CNCF Code of Conduct.

Please contact cncf-falco-maintainers@lists.cncf.io or the Linux Foundation mediator, Mishi Choudhary mishi@linux.com to report an issue.

Maintainers

The process to become a maintainer is documented in the MAINTAINERS_GUIDELINES.md file.

You can find the list of current maintainers in the MAINTAINERS.md file.

Repositories

The Falco Project applies a straightforward adoption model for its repositories. Each repository is given a scope, which outlines its purpose, and a status that indicates its maturity level.

For more detailed information, please refer to the REPOSITORIES.md file.

In the sections that follow, we present the repositories, grouped by their scope.

Core

Core repositories, as defined by Falco's governance, are critically important as they are essential for building, installing, running, documenting, and using Falco.

For more information, click on the badge below.

Falco Core Repository

<!-- REPOSITORY-CORE-TABLE -->
NAMESTATUSDESCRIPTION
falcosecurity/chartsStableHelm charts repository for Falco and its ecosystem.
falcosecurity/deploy-kubernetesStableKubernetes deployment resources for Falco and its ecosystem.
falcosecurity/falcoStableFalco is a cloud native runtime security tool for Linux operating systems. It is designed to detect and alert on abnormal behavior and potential security threats in real-time.
falcosecurity/falco-websiteStableFalco website and documentation repository.
falcosecurity/falcoctlStableThe official CLI tool for working with Falco and its ecosystem components.
falcosecurity/libsStableFoundational libraries that constitute the core of Falco's functionality, offering essential features including kernel drivers and eBPF probes.
falcosecurity/plugin-sdk-goStablePlugins SDK for Go that facilitates writing plugins for Falco or applications built on top of Falco's libs.
falcosecurity/pluginsStablePlugins serve as extensions for Falco and applications built on top of Falco's libraries. This repository contains the official registry for all Falco plugins and host plugins maintained by The Falco Project.
falcosecurity/rulesStableOfficial rulesets for Falco provide pre-defined detection rules for various security threats and abnormal behaviors.
<!-- /REPOSITORY-CORE-TABLE -->

Ecosystem

Ecosystem repositories extend the core project by providing optional components, including value-added features, integrations, utilities, and services that, while not essential for basic Falco functioning, enrich its utility for adopters.

For more information, click on the badge below.

Falco Ecosystem Repository

<!-- REPOSITORY-ECOSYSTEM-TABLE -->
NAMESTATUSDESCRIPTION
falcosecurity/client-goIncubatingGo client and SDK for Falco.
falcosecurity/contribSandboxSandbox repository to test-drive ideas/projects/code.
falcosecurity/driverkitIncubatingKit for building Falco drivers (kernel modules or eBPF probes).
falcosecurity/event-generatorIncubatingTesting tool to generate a variety of suspect actions that are detected by Falco rules.
falcosecurity/falco-exporterStablePrometheus Metrics Exporter for Falco output events.
falcosecurity/falco-aws-terraformIncubatingTerraform Module for Falco AWS Resources.
falcosecurity/falcosidekickStableFalcosidekick seamlessly integrates Falco with your ecosystem, enabling event forwarding to multiple outputs in a fan-out manner.
falcosecurity/falcosidekick-uiIncubatingA simple WebUI with latest events from Falco.
falcosecurity/flycheck-falco-rulesIncubatingA custom checker for Falco rules files that can be loaded using the Flycheck syntax checker for GNU Emacs.
falcosecurity/libs-sdk-goSandboxGo SDK for Falco libs.
falcosecurity/plugin-sdk-cppSandboxFalco plugins SDK for C++.
falcosecurity/k8s-metacollectorIncubatingFetches the metadata from kubernetes API server and dispatches them to Falco instances.
falcosecurity/falco-talonIncubatingResponse Engine for managing threats in your Kubernetes.
falcosecurity/plugin-sdk-rsIncubatingFalco plugins SDK for Rust.
falcosecurity/falco-actionsSandboxRun Falco in a GitHub Actions to detect suspicious behavior in your CI/CD.
<!-- /REPOSITORY-ECOSYSTEM-TABLE -->

Infra

Infra repositories, such as the prominent test-infra, underpin The Falco Project's infrastructure, serving the project's functioning, management, and maintenance.

For more information, click on the badge below.

Falco Infra Repository

<!-- REPOSITORY-INFRA-TABLE -->
NAMESTATUSDESCRIPTION
falcosecurity/cncf-green-review-testingSandboxFalco configurations intended for testing with the CNCF Green Reviews Working Group.
falcosecurity/dbg-goIncubatingA go tool to work with falcosecurity drivers build grid.
falcosecurity/kernel-crawlerIncubatingA tool to crawl Linux kernel versions.
falcosecurity/pigeonIncubatingSecrets and config manager for Falco's infrastructure.
falcosecurity/test-infraStableTest infrastructure and automation workflows for The Falco Project.
falcosecurity/testingIncubatingAll-purpose test suite for Falco and its ecosystem.
falcosecurity/syscalls-bumperIncubatingA tool to automatically update supported syscalls in libs.
falcosecurity/kernel-testingIncubatingAnsible playbooks to provision firecracker VMs and run Falco kernel tests.
falcosecurity/falco-playgroundSandboxfalco-playground is a web application used to validate Falco rules and test against scap files.
<!-- /REPOSITORY-INFRA-TABLE -->

Special

Finally, some repositories have a special meaning and do not fit the above scopes. They serve a particular purpose or function in the falcosecurity organization and are curated by core maintainers.

See REPOSITORIES.md#special-scope for more information.

<!-- REPOSITORY-SPECIAL-TABLE -->
NAMESTATUSDESCRIPTION
falcosecurity/.githubn/aDefault files for all repos in the Falcosecurity GitHub org.
falcosecurity/communityn/aFalco community content and resources.
falcosecurity/evolutionn/aA space for the community to work together, discuss ideas, define processes, and document the evolution of Falco.
<!-- /REPOSITORY-SPECIAL-TABLE -->

Archived

In general, a repository can be archived at the discretion of The Falco Project community. Usually, maintainers can decide to archive a project that has not been maintained for a long time or does not fit the guidelines for the projects under the falcosecurity GitHub's organization anymore. In other cases, a repository is archived to reserve its name for future use.

The list of archived repositories can be found here.

Retired

Repositories that are no longer maintained or relevant to The Falco Project will be retired definitively. Periodically, the maintainers clean up the falcosecurity and move these projects to the Falco Projects Retirement Home GitHub's organization.

Contributing

See the contributing guide and the code of conduct.

Security policy

To report a security vulnerability, please follow our security policy.

Join the Community

To get involved with The Falco Project, please visit the community repository to find more.