The Falco blog

Falco blog RSS

Falco on Kind with Prometheus and Grafana

Leonardo Grasso

Kind is a tool for running local Kubernetes clusters using Docker container “nodes”, that may be used for local development or CI. It also offers a convenient and easy way to install Falco in a Kubernetes cluster and play with it locally. We will use Kind to show how to export Falco metrics to Prometheus and Grafana. Create a Kind cluster Running Falco in a Kind cluster is easy, as explained in the documentation.

Falco 0.21.0 is out!

Leonardo Di Donato

Even though there’s the lockdown, Falco 0.21.0 decided to go out! Such a bad guy! Notably, this is the first release that happens with the new build & release process. 🚀 In case you just want Falco 0.21.0, you can find its packages at the following repositories: https://bintray.com/falcosecurity/rpm/falco/0.21.0 https://bintray.com/falcosecurity/deb/falco/0.21.0 https://bintray.com/falcosecurity/bin/falco/0.21.0 Instructions to install using them are already updated on the Falco website: CentOS/Amazon Linux Debian/Ubuntu Instead, for people preferring docker images… 🐳

Minikube 1.8.0 packages the Falco Kernel Module

Lorenzo Fontana

Minikube is a tool that implements a local Kubernetes cluster on macOS, Linux and Windows via a simple command line, it is vastly used by community members who want to try Falco as well by Falco contributors who want to develop and debug it against new and old Kubernetes versions. Now, thanks to Anders Björklund who proposed PR#6560 every user starting any Kubernetes cluster using Minikube >= 1.8.0 (with the minikube iso, e.

Falco 0.20.0 is released

Lorenzo Fontana

We’re pleased to announce the release of Falco 0.20.0, our second release of 2020! Falco 0.20.0 consists of a major bug fix, a new feature, two minor bug fixes, and seven rules changes. A total of eight people contributed to this release with a total of thirteen Pull Requests merged in! Everyone is encouraged to update Falco now, especially if you are running Falco 0.18.0 or Falco 0.19.0 and are using Kubernete Audit Events.

Falco Security Audit

Michael Ducy

Regularly auditing a code base is an important process in releasing secure software. Audits can be particularly important for open source projects that rely on code from a wide variety of contributors. We are happy to announce the release of Falco’s first security audit which was performed through Falco’s participation as a CNCF Sandbox project. A big thanks to the CNCF for sponsoring the audit, and to the Cure53 team who performed the audit.

Cloud Native Security Hub

Kris Nova

Falco rules management The Falco community is excited to announce that we will be optimizing how we manage and install security rules for the Falco engine to assert. We have published an open source repository of common security rules that can be used with Falco. You can check out the rules dynamically rendered on securityhub.dev. Installing a rule In this quick example we will be adding runtime detection for CVE-2019-11246.

falcosidekick joins the falcosecurity organization

The Falco Authors

We are pleased to announce that falcosidekick, a Go project aimed to forward Falco outputs to a number of services, joined the falcosecurity organization on GitHub. Along with the project, we also want to welcome Thomas Labarussias, the creator of falcosidekick joining us as maintainer of the Falco project starting from now on. The joining of this project and of Thomas as maintainer is part of a continued effort of involving more people in the Falco project and to get Falco more and more extensible and consumable.

Falco in the open

Kris Nova

The call begins, and users sign in so we can track attendance over time. We have a pre-loaded agenda that everyone can edit in between the calls. We work through the agenda item by item, taking note of any action that comes from our time together. The theory is that the calls are were we make decisions as a team, and decisions shouldn’t be made without giving everyone in the SIG an opportunity to voice their opinion.