This repository aims to document the evolution process of The Falco Project.
It provides a space for the community to work together, discuss ideas, and document processes. It is also a place to make decisions that regard the whole falcosecurity organization and define rules and structures that span beyond the extent of a single repository.
Table of Contents
The Falco Project governance model is documented in the GOVERNANCE.md file.
We follow the CNCF Code of Conduct.
Please contact [email protected] or the Linux Foundation mediator, Mishi Choudhary [email protected] to report an issue.
The process to become a maintainer is documented in the MAINTAINERS_GUIDELINES.md file.
You can find the list of current maintainers in the MAINTAINERS.md file.
The Falco Project applies a straightforward adoption model for its repositories. Each repository is given a scope, which outlines its purpose, and a status that indicates its maturity level.
For more detailed information, please refer to the REPOSITORIES.md file.
In the sections that follow, we present the repositories, grouped by their scope.
Core repositories, as defined by Falco's governance, are critically important as they are essential for building, installing, running, documenting, and using Falco.
For more information, click on the badge below.
NAME | STATUS | DESCRIPTION |
---|---|---|
falcosecurity/charts | Helm charts repository for Falco and its ecosystem. | |
falcosecurity/deploy-kubernetes | Kubernetes deployment resources for Falco and its ecosystem. | |
falcosecurity/falco | Falco is a cloud native runtime security tool for Linux operating systems. It is designed to detect and alert on abnormal behavior and potential security threats in real-time. | |
falcosecurity/falco-website | Falco website and documentation repository. | |
falcosecurity/falcoctl | The official CLI tool for working with Falco and its ecosystem components. | |
falcosecurity/libs | Foundational libraries that constitute the core of Falco's functionality, offering essential features including kernel drivers and eBPF probes. | |
falcosecurity/plugin-sdk-go | Plugins SDK for Go that facilitates writing plugins for Falco or applications built on top of Falco's libs. | |
falcosecurity/plugins | Plugins serve as extensions for Falco and applications built on top of Falco's libraries. This repository contains the official registry for all Falco plugins and host plugins maintained by The Falco Project. | |
falcosecurity/rules | Official rulesets for Falco provide pre-defined detection rules for various security threats and abnormal behaviors. |
Ecosystem repositories extend the core project by providing optional components, including value-added features, integrations, utilities, and services that, while not essential for basic Falco functioning, enrich its utility for adopters.
For more information, click on the badge below.
NAME | STATUS | DESCRIPTION |
---|---|---|
falcosecurity/client-go | Go client and SDK for Falco. | |
falcosecurity/contrib | Sandbox repository to test-drive ideas/projects/code. | |
falcosecurity/driverkit | Kit for building Falco drivers (kernel modules or eBPF probes). | |
falcosecurity/event-generator | Testing tool to generate a variety of suspect actions that are detected by Falco rules. | |
falcosecurity/falco-exporter | Prometheus Metrics Exporter for Falco output events. | |
falcosecurity/falco-aws-terraform | Terraform Module for Falco AWS Resources. | |
falcosecurity/falcosidekick | Falcosidekick seamlessly integrates Falco with your ecosystem, enabling event forwarding to multiple outputs in a fan-out manner. | |
falcosecurity/falcosidekick-ui | A simple WebUI with latest events from Falco. | |
falcosecurity/flycheck-falco-rules | A custom checker for Falco rules files that can be loaded using the Flycheck syntax checker for GNU Emacs. | |
falcosecurity/libs-sdk-go | Go SDK for Falco libs. | |
falcosecurity/plugin-sdk-cpp | Falco plugins SDK for C++. | |
falcosecurity/k8s-metacollector | Fetches the metadata from kubernetes API server and dispatches them to Falco instances. | |
falcosecurity/falco-talon | Response Engine for managing threats in your Kubernetes. | |
falcosecurity/plugin-sdk-rs | Falco plugins SDK for Rust. | |
falcosecurity/falco-actions | Run Falco in a GitHub Actions to detect suspicious behavior in your CI/CD. |
Infra repositories, such as the prominent test-infra, underpin The Falco Project's infrastructure, serving the project's functioning, management, and maintenance.
For more information, click on the badge below.
NAME | STATUS | DESCRIPTION |
---|---|---|
falcosecurity/cncf-green-review-testing | Falco configurations intended for testing with the CNCF Green Reviews Working Group. | |
falcosecurity/dbg-go | A go tool to work with falcosecurity drivers build grid. | |
falcosecurity/kernel-crawler | A tool to crawl Linux kernel versions. | |
falcosecurity/pigeon | Secrets and config manager for Falco's infrastructure. | |
falcosecurity/test-infra | Test infrastructure and automation workflows for The Falco Project. | |
falcosecurity/testing | All-purpose test suite for Falco and its ecosystem. | |
falcosecurity/syscalls-bumper | A tool to automatically update supported syscalls in libs. | |
falcosecurity/kernel-testing | Ansible playbooks to provision firecracker VMs and run Falco kernel tests. | |
falcosecurity/falco-playground | falco-playground is a web application used to validate Falco rules and test against scap files. |
Finally, some repositories have a special meaning and do not fit the above scopes. They serve a particular purpose or function in the falcosecurity organization and are curated by core maintainers.
See REPOSITORIES.md#special-scope for more information.
NAME | STATUS | DESCRIPTION |
---|---|---|
falcosecurity/.github | n/a | Default files for all repos in the Falcosecurity GitHub org. |
falcosecurity/community | n/a | Falco community content and resources. |
falcosecurity/elftoolchain | n/a | Local version of https://sourceforge.net/projects/elftoolchain/ |
falcosecurity/evolution | n/a | A space for the community to work together, discuss ideas, define processes, and document the evolution of Falco. |
In general, a repository can be archived at the discretion of The Falco Project community. Usually, maintainers can decide to archive a project that has not been maintained for a long time or does not fit the guidelines for the projects under the falcosecurity GitHub's organization anymore. In other cases, a repository is archived to reserve its name for future use.
The list of archived repositories can be found here.
Repositories that are no longer maintained or relevant to The Falco Project will be retired definitively. Periodically, the maintainers clean up the falcosecurity and move these projects to the Falco Projects Retirement Home GitHub's organization.
See the contributing guide and the code of conduct.
To report a security vulnerability, please follow our security policy.
To get involved with The Falco Project, please visit the community repository to find more.