Comments (13)
Linking the project proposal and project presentation to this issue.
from toc.
@mfdii we could potentially doing something in late March or April, right now presentations on are hold until the TOC finalizing the new sandbox project process.
Can you share some more details? Is this the GitHub repo? https://github.com/draios/falco/
It's under GPLv2 currently, is there any plans to make it ALv2?
from toc.
We are currently talking internally about licensing. That should be resolved soon and we are aware that we need to change the license if we were to participate in the CNCF as a project on any level.
Expanding a bit on Falco, we see it fitting nicely with Kubernetes to provide runtime security. Falco essentially works as an intrusion detection system. You deploy it across a Kubernetes cluster as a DaemonSet and then Falco creates an event stream of system calls for each Node. Falco applies rules to this event stream to detect abnormal behavior. Falco currently has around 25 rules for things like binaries being modified under bin directories, shells spawned in running containers, attempting to change namespace by a container. If a rule is violated, an alert is triggered. Currently, the alert can be sent to stdout, syslog, a file, or spawn a command.
What we are interested in talking with the TOC about is how well they see Falco fit into the CNCF ecosystem, validation or correction in regards to our approach, and learning what integration points in the CNCF ecosystem might make the most sense. We also want to share what our future roadmap looks like and validate if that’s in line with where the TOC sees the CNCF headed. Longer term, we’d love to see Falco as a CNCF project (inception, incubation, etc), but shorter term we want to understand where we would fit, and what we need to do move through the CNCF project stages.
Let us know what date the TOC would be interested in us presenting.
from toc.
@caniszczyk Chris, I see the Sandbox process has been finalized. Would it be possible to get on the TOC meeting for April 17th?
from toc.
@mfdii I need to find a @cncf/toc member to support you presenting first + I have a concern presenting a technology that is GPLv2, are there plans to move to the ALv2 any time soon?
from toc.
@caniszczyk We are reviewing what it will take to move to ALv2. We aren't opposed to it, it's just that there's shared code between Faclo, and the Sysdig OSS project.
Right now Falco uses the Sysdig kernel module as it's source of data. This module is GPLv2. In theory Falco can use another source for its data stream, the Sysdig module could be one of many sources.
It would be useful to talk to an interested @cncf/toc member so we can explain the architecture and get an idea of what we would need to do (move Falco to ALv2 and make the data sources more pluggable, or move Sysdig and Falco to ALv2, or option 3 we haven't considered).
@ldegio, feel free to add more info.
from toc.
Scheduled to July 14th
from toc.
fwiw: I tried Falco recently on GKE and tied it to kubeless using NATS. Easy setup, ability to define custom security rules. It would benefit from a strong integration to NATS but it would make a nice security addition to the sandbox.
from toc.
@caniszczyk
July 14 is a Saturday
from toc.
@bgrant0607 yes you're right, calendar entry was right my typing was wrong
from toc.
Hello, product lead from cloud.gov here! I presented on the cloud.gov team's (afaik) novel use of Falco to implement dynamic behavior monitoring in cloud.gov, a Cloud Foundry Certified Platform. It would be great to see Falco included in the CNCF activity which has already led to closer collaboration between the k8s and Cloud Foundry communities around runC, OSBAPI, etc. All of this open source activity helps us more cost-effectively run secure services for the public.
from toc.
Please confirm this is actually the 17th and not the 14th.
Would be excited to see this happen, thanks.
from toc.
from toc.
Related Issues (20)
- [Incubation] Kubescape incubation application
- Feedback on the new matriculation process
- Correct bad link in TOC operations
- [SANDBOX PROJECT ONBOARDING] KubeSlice HOT 31
- [SANDBOX PROJECT ONBOARDING] Connect HOT 22
- [SANDBOX PROJECT ONBOARDING] Kairos HOT 34
- [SANDBOX PROJECT ONBOARDING] Kubean HOT 16
- [SANDBOX PROJECT ONBOARDING] Koordinator HOT 29
- [SANDBOX PROJECT ONBOARDING] Radius HOT 37
- [Graduation] cert-manager Graduation Application HOT 2
- Define a process for WG lead transitions HOT 4
- [Incubation] Tekton Incubation Application HOT 2
- Request for Review: TAG App Delivery - WG App Development HOT 10
- Health of Carvel project HOT 7
- [HEALTH]: Skooner project
- [Incubation] WasmEdge Incubation Application HOT 4
- [Incubation] Fluid Incubation Application
- [VOTE] TAG Environmental Sustainability TL - Saiyam Pathak HOT 16
- [Incubation] KubeArmor Incubation Application HOT 1
- [VOTE]: Roberth Strand as a Tech Lead for the TAG App Delivery HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from toc.