The Falco blog
Falco 0.20.0 is released
We’re pleased to announce the release of Falco 0.20.0, our second release of 2020! Falco 0.20.0 consists of a major bug fix, a new feature, two minor bug fixes, and seven rules changes. A total of eight people contributed to this release with a total of thirteen Pull Requests merged in! Everyone is encouraged to update Falco now, especially if you are running Falco 0.18.0 or Falco 0.19.0 and are using Kubernete Audit Events.
Falco Security Audit
Regularly auditing a code base is an important process in releasing secure software. Audits can be particularly important for open source projects that rely on code from a wide variety of contributors. We are happy to announce the release of Falco’s first security audit which was performed through Falco’s participation as a CNCF Sandbox project. A big thanks to the CNCF for sponsoring the audit, and to the Cure53 team who performed the audit.
Cloud Native Security Hub
Falco rules management The Falco community is excited to announce that we will be optimizing how we manage and install security rules for the Falco engine to assert. We have published an open source repository of common security rules that can be used with Falco. You can check out the rules dynamically rendered on securityhub.dev. Installing a rule In this quick example we will be adding runtime detection for CVE-2019-11246.
falcosidekick joins the falcosecurity organization
The Falco Authors
We are pleased to announce that falcosidekick, a Go project aimed to forward Falco outputs to a number of services, joined the falcosecurity organization on GitHub. Along with the project, we also want to welcome Thomas Labarussias, the creator of falcosidekick joining us as maintainer of the Falco project starting from now on. The joining of this project and of Thomas as maintainer is part of a continued effort of involving more people in the Falco project and to get Falco more and more extensible and consumable.
Falco in the open
One of the most successful aspects of Kubernetes is how functional the open source community was able to operate. Kubernetes broke itself down in smaller sections called special interest groups, that operate similarly to subsections of the kernel. Each group is responsible for a single domain, and sets their own pace. One of the most important things to a Kubernetes SIG, is the residual SIG calls. These are important opportunities for engineers across the industry to come together regardless of their employment status to work on building software.