Contribute Jump over to our GitHub page to contribute to our open source ecosystem. Falco Github
Why Runtime Security?
Securing Kubernetes requires putting controls in place to detect unexpected behavior that could be malicious. Examples include:
- Exploits of unpatched and new vulnerabilities
- Insecure configurations
- Leaked or weak credentials
- Insider threats
Even when processes are in place for vulnerability scanning and implementing pod security and network policies, not every risk will be addressed. You still need mechanisms to confirm these security barriers are effective, help configure them, and provide with a last line of defense when they fail.
Why Falco for Runtime Detection?
Create security rules driven by a context-rich and flexible engine to define unexpected application behavior.
Immediately respond to policy violation alerts by plugging Falco into your current security response workflows and processes.
Leverage up-to-date rules
Alert using community-sourced detections of malicious activity and CVE exploits.
System calls deliver deep visibility
Falco efficiently leverages Extended Berkeley Packet Filter (eBPF), a secure mechanism, to capture system calls and gain deep visibility. By adding Kubernetes application context and Kubernetes API audit events, teams can understand who did what.
Downloads + Resources
Get started today, contribute to the open source project & learn more.
Download Get started with our Falco installation guide. Falco Install Guide
Connect Join our Slack team to interact with other users and developers. Falco Slack
Falco is a Cloud Native Computing Foundation Incubating project
Join the official CNCF Mailing List.
Sign up here