Container Native Runtime Security


Falco is an open source project for intrusion and abnormality detection for Cloud Native platforms such as Kubernetes, Mesosphere, and Cloud Foundry. Detect abnormal application behavior. Alert via Slack, Fluentd, NATS, and more. Protect your platform by taking action through serverless (FaaS) frameworks, or other automation.

Get started

Star Watch Fork


Integrations & Platforms

About Falco.

With more responsibility shifting left to developers and the opaque nature of containers, organizations require deeper insight into container activities. The Falco project was hatched to understand container behavior and protect your platform from possible malicious activity. Leveraging Sysdig’s open source Linux kernel instrumentation, Falco gains deep insight into system behavior. The rules engine can then detect abnormal activity in applications, containers, the underlying host, and the container platform.

Key Features.

Platform Aware

Build rules specific to your Cloud Native platforms to enforce policy across all your containers & microservices.


Runtime Security built for containers. Built from the ground up to natively support containerized applications.

Deep Visibility

Complete container visibility through a single sensor. Gain insight into application and container behavior.

Downloads + Resources.

Get started today, contribute to the open source project, & learn more.

Contribute Jump over to our GitHub page to contribute to our open source ecosystem. Falco Github

Connect Join our Slack team to interact with other users and developers. Falco Slack

Falco is a Cloud Native Computing Foundation sandbox project

Stay up to date.

Sign-up for project updates.