Cloud-Native Runtime Security


Falco, the open source cloud-native runtime security project, is the defacto Kubernetes threat detection engine. Falco detects unexpected application behavior and alerts on threats at runtime.

Falco is the first runtime security project to join CNCF Incubating stage.

Get started

Star Watch Fork


Integrations & Platforms

Why Runtime Security?

Securing Kubernetes requires putting controls in place to detect unexpected behavior that could be malicious. Examples include:

  • Exploits of unpatched and new vulnerabilities
  • Insecure configurations
  • Leaked or weak credentials
  • Insider threats

Even when processes are in place for vulnerability scanning and implementing pod security and network policies, not every risk will be addressed. You still need mechanisms to confirm these security barriers are effective, help configure them, and provide with a last line of defense when they fail.

Why Falco for Runtime Detection?

Strengthen security

Create security rules driven by a context-rich and flexible engine to define unexpected application behavior.

Reduce risk

Immediately respond to policy violation alerts by plugging Falco into your current security response workflows and processes.

Leverage up-to-date rules

Alert using community-sourced detections of malicious activity and CVE exploits.

System calls deliver deep visibility

Falco efficiently leverages Extended Berkeley Packet Filter (eBPF), a secure mechanism, to capture system calls and gain deep visibility. By adding Kubernetes application context and Kubernetes API audit events, teams can understand who did what.

Downloads + Resources

Get started today, contribute to the open source project & learn more.

Contribute Jump over to our GitHub page to contribute to our open source ecosystem. Falco Github

Connect Join our Slack team to interact with other users and developers. Falco Slack

Falco is a Cloud Native Computing Foundation Incubating project

Join the mailing list

Get involved with the community