Contribute Jump over to our GitHub page to contribute to our open source ecosystem. Falco Github
Falco, the open source cloud-native runtime security project, is the defacto Kubernetes threat detection engine. Falco detects unexpected application behavior and alerts on threats at runtime.
Falco is the first runtime security project to join CNCF Incubating stage.
Securing Kubernetes requires putting controls in place to detect unexpected behavior that could be malicious. Examples include:
Even when processes are in place for vulnerability scanning and implementing pod security and network policies, not every risk will be addressed. You still need mechanisms to confirm these security barriers are effective, help configure them, and provide with a last line of defense when they fail.
Create security rules driven by a context-rich and flexible engine to define unexpected application behavior.
Immediately respond to policy violation alerts by plugging Falco into your current security response workflows and processes.
Alert using community-sourced detections of malicious activity and CVE exploits.
Falco efficiently leverages Extended Berkeley Packet Filter (eBPF), a secure mechanism, to capture system calls and gain deep visibility. By adding Kubernetes application context and Kubernetes API audit events, teams can understand who did what.
Contribute Jump over to our GitHub page to contribute to our open source ecosystem. Falco Github
Download Get started with our Falco installation guide. Falco Install Guide
Documentation In the official docs, you can find information about installing Falco, configuration options, and writing custom rules. Falco Documentation
Connect Join our Slack team to interact with other users and developers. Falco Slack
Falco is a Cloud Native Computing Foundation Incubating project