GithubHelp home page GithubHelp logo

banro21 / falco Goto Github PK

View Code? Open in Web Editor NEW

This project forked from falcosecurity/falco

0.0 0.0 0.0 10.33 MB

Cloud Native Runtime Security

Home Page: https://falco.org

License: Apache License 2.0

Shell 13.95% Lua 11.04% CMake 14.19% C++ 50.79% C 0.75% Python 4.88% R 0.73% Dockerfile 3.68%

falco's Introduction

Cloud Native Runtime Security.

Build Status CII Best Practices Summary GitHub

Latest releases

Read the change log.

development stable
rpm rpm-dev rpm
deb deb-dev deb
binary bin-dev bin

The Falco Project, originally created by Sysdig, is an incubating CNCF open source cloud native runtime security tool. Falco makes it easy to consume kernel events, and enrich those events with information from Kubernetes and the rest of the cloud native stack. Falco has a rich rule set of security rules specifically built for Kubernetes, Linux, and cloud-native. If a rule is violated in a system, Falco will send an alert notifying the user of the violation and its severity.

Installing Falco

If you would like to run Falco in production please adhere to the official installation guide.

Kubernetes
Tool Link Note
Helm Chart Repository The Falco community offers regular helm chart releases.
Minikube Tutorial The Falco driver has been baked into minikube for easy deployment.
Kind Tutorial Running Falco with kind requires a driver on the host system.
GKE Tutorial We suggest using the eBPF driver for running Falco on GKE.

Developing

Falco is designed to be extensible such that it can be built into cloud-native applications and infrastructure.

Falco has a gRPC endpoint and an API defined in protobuf. The Falco Project supports various SDKs for this endpoint.

SDKs
Language Repository
Go client-go
Rust client-rs
Python client-py

What can Falco detect?

Falco can detect and alert on any behavior that involves making Linux system calls. Falco alerts can be triggered by the use of specific system calls, their arguments, and by properties of the calling process. For example, Falco can easily detect incidents including but not limited to:

  • A shell is running inside a container or pod in Kubernetes.
  • A container is running in privileged mode, or is mounting a sensitive path, such as /proc, from the host.
  • A server process is spawning a child process of an unexpected type.
  • Unexpected read of a sensitive file, such as /etc/shadow.
  • A non-device file is written to /dev.
  • A standard system binary, such as ls, is making an outbound network connection.

Documentation

The Official Documentation is the best resource to learn about Falco.

Join the Community

To get involved with The Falco Project please visit the community repository to find more.

Contributing

See the CONTRIBUTING.md.

Security Audit

A third party security audit was performed by Cure53, you can see the full report here.

Reporting security vulnerabilities

Please report security vulnerabilities following the community process documented here.

License Terms

Falco is licensed to you under the Apache 2.0 open source license.

falco's People

Contributors

mstemm avatar leodido avatar henridf avatar fntlnz avatar leogr avatar kaizhe avatar krisnova avatar mfdii avatar jplachance avatar nestorsalceda avatar rung avatar bencer avatar ldegio avatar ret2libc avatar jcoetzee avatar aarroyoc avatar vrongmeal avatar mattpag avatar dkerwin avatar vicenteherrera avatar goller avatar nibalizer avatar bwolmarans avatar toc-me[bot] avatar logansteinberg avatar lorenzo-david avatar daviddetorres avatar zt2 avatar samwhite-gl avatar ntimo avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.