Skip to content

falcosecurity/evolution

Falco Project Evolution

This repository aims to document the evolution process of The Falco Project.

It provides a space for the community to work together, discuss ideas, and document processes. It is also a place to make decisions that regard the whole falcosecurity organization and define rules and structures that span beyond the extent of a single repository.

Table of Contents

Governance

The Falco Project governance model is documented in the GOVERNANCE.md file.

Code Of Conduct

We follow the CNCF Code of Conduct.

Please contact [email protected] or the Linux Foundation mediator, Mishi Choudhary [email protected] to report an issue.

Maintainers

The process to become a maintainer is documented in the MAINTAINERS_GUIDELINES.md file.

You can find the list of current maintainers in the MAINTAINERS.md file.

Repositories

The Falco Project applies a straightforward adoption model for its repositories. Each repository is given a scope, which outlines its purpose, and a status that indicates its maturity level.

For more detailed information, please refer to the REPOSITORIES.md file.

In the sections that follow, we present the repositories, grouped by their scope.

Core

Core repositories, as defined by Falco's governance, are critically important as they are essential for building, installing, running, documenting, and using Falco.

For more information, click on the badge below.

Falco Core Repository

NAME STATUS DESCRIPTION
falcosecurity/charts Stable Helm charts repository for Falco and its ecosystem.
falcosecurity/deploy-kubernetes Stable Kubernetes deployment resources for Falco and its ecosystem.
falcosecurity/falco Stable Falco is a cloud native runtime security tool for Linux operating systems. It is designed to detect and alert on abnormal behavior and potential security threats in real-time.
falcosecurity/falco-website Stable Falco website and documentation repository.
falcosecurity/falcoctl Stable The official CLI tool for working with Falco and its ecosystem components.
falcosecurity/libs Stable Foundational libraries that constitute the core of Falco's functionality, offering essential features including kernel drivers and eBPF probes.
falcosecurity/plugin-sdk-go Stable Plugins SDK for Go that facilitates writing plugins for Falco or applications built on top of Falco's libs.
falcosecurity/plugins Stable Plugins serve as extensions for Falco and applications built on top of Falco's libraries. This repository contains the official registry for all Falco plugins and host plugins maintained by The Falco Project.
falcosecurity/rules Stable Official rulesets for Falco provide pre-defined detection rules for various security threats and abnormal behaviors.

Ecosystem

Ecosystem repositories extend the core project by providing optional components, including value-added features, integrations, utilities, and services that, while not essential for basic Falco functioning, enrich its utility for adopters.

For more information, click on the badge below.

Falco Ecosystem Repository

NAME STATUS DESCRIPTION
falcosecurity/client-go Incubating Go client and SDK for Falco.
falcosecurity/contrib Sandbox Sandbox repository to test-drive ideas/projects/code.
falcosecurity/driverkit Incubating Kit for building Falco drivers (kernel modules or eBPF probes).
falcosecurity/event-generator Incubating Testing tool to generate a variety of suspect actions that are detected by Falco rules.
falcosecurity/falco-exporter Deprecated Prometheus Metrics Exporter for Falco output events.
falcosecurity/falco-aws-terraform Incubating Terraform Module for Falco AWS Resources.
falcosecurity/falcosidekick Stable Falcosidekick seamlessly integrates Falco with your ecosystem, enabling event forwarding to multiple outputs in a fan-out manner.
falcosecurity/falcosidekick-ui Incubating A simple WebUI with latest events from Falco.
falcosecurity/flycheck-falco-rules Incubating A custom checker for Falco rules files that can be loaded using the Flycheck syntax checker for GNU Emacs.
falcosecurity/libs-sdk-go Sandbox Go SDK for Falco libs.
falcosecurity/plugin-sdk-cpp Incubating Falco plugins SDK for C++.
falcosecurity/k8s-metacollector Incubating Fetches the metadata from kubernetes API server and dispatches them to Falco instances.
falcosecurity/falco-talon Incubating Response Engine for managing threats in your Kubernetes.
falcosecurity/plugin-sdk-rs Incubating Falco plugins SDK for Rust.
falcosecurity/falco-actions Sandbox Run Falco in a GitHub Actions to detect suspicious behavior in your CI/CD.
falcosecurity/falco-rustlings Sandbox Small exercises to get you used to writing Falco plugins in Rust.

Infra

Infra repositories, such as the prominent test-infra, underpin The Falco Project's infrastructure, serving the project's functioning, management, and maintenance.

For more information, click on the badge below.

Falco Infra Repository

NAME STATUS DESCRIPTION
falcosecurity/cncf-green-review-testing Sandbox Falco configurations intended for testing with the CNCF Green Reviews Working Group.
falcosecurity/dbg-go Incubating A go tool to work with falcosecurity drivers build grid.
falcosecurity/kernel-crawler Incubating A tool to crawl Linux kernel versions.
falcosecurity/pigeon Incubating Secrets and config manager for Falco's infrastructure.
falcosecurity/test-infra Stable Test infrastructure and automation workflows for The Falco Project.
falcosecurity/testing Incubating All-purpose test suite for Falco and its ecosystem.
falcosecurity/syscalls-bumper Incubating A tool to automatically update supported syscalls in libs.
falcosecurity/kernel-testing Incubating Ansible playbooks to provision firecracker VMs and run Falco kernel tests.
falcosecurity/falco-playground Sandbox falco-playground is a web application used to validate Falco rules and test against scap files.

Special

Finally, some repositories have a special meaning and do not fit the above scopes. They serve a particular purpose or function in the falcosecurity organization and are curated by core maintainers.

See REPOSITORIES.md#special-scope for more information.

NAME STATUS DESCRIPTION
falcosecurity/.github n/a Default files for all repos in the Falcosecurity GitHub org.
falcosecurity/community n/a Falco community content and resources.
falcosecurity/elftoolchain n/a Local version of https://sourceforge.net/projects/elftoolchain/
falcosecurity/evolution n/a A space for the community to work together, discuss ideas, define processes, and document the evolution of Falco.

Archived

In general, a repository can be archived at the discretion of The Falco Project community. Usually, maintainers can decide to archive a project that has not been maintained for a long time or does not fit the guidelines for the projects under the falcosecurity GitHub's organization anymore. In other cases, a repository is archived to reserve its name for future use.

The list of archived repositories can be found here.

Retired

Repositories that are no longer maintained or relevant to The Falco Project will be retired definitively. Periodically, the maintainers clean up the falcosecurity and move these projects to the Falco Projects Retirement Home GitHub's organization.

Contributing

See the contributing guide and the code of conduct.

Security policy

To report a security vulnerability, please follow our security policy.

Join the Community

To get involved with The Falco Project, please visit the community repository to find more.