You are viewing documentation for Falco version: v0.37.1

Falco v0.37.1 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Featured Image for Falco Weekly 46 - 2023
Aldo Lacuku, Andrea Terzolo, Federico Di Pierro

Falco Weekly 46 - 2023

This is the first of a series of weekly blog post whose aim is to give a quick overview about the development of Falco and its related projects.

What happened in Falco this week?

Let's go through the major changes that happened in various repositories under the falcosecurity organization.

Libs

Lots of cleanups happened in the libs repo; the most outstanding ones being:

Please, note that the removal of the legacy k8s client is part of a bigger effort to entirely rewrite it as a plugin, with a more future proof architecture and language.
See the tracking issue: https://github.com/falcosecurity/libs/issues/987.

All of these cleanups account for ~26k loc removed!! :rocket:

Moreover, some fixes landed:

Finally, some new features were merged:

Also, we now have a target release date and a tracking issue for libs 0.14 and next driver release: https://github.com/falcosecurity/libs/issues/1482.

Falco

Now Falco builds and runs on win32 and osx too! https://github.com/falcosecurity/falco/pull/2889 While Falco won't ship for these platforms, we will now have proper CI for them.

Following the huge round of cleanups in libs, k8s and mesos related configs and options were removed: https://github.com/falcosecurity/falco/pull/2914. Also, another small cleanup relative to the legacy k8saudit implementantion (not the plugin one!) was merged: https://github.com/falcosecurity/falco/pull/2913.

Falcoctl

While the code for the new driver-loader feature for falcoctl is being reviewed (part of the effort to drop falco-driver-loader script (https://github.com/falcosecurity/falcoctl/issues/327 and https://github.com/falcosecurity/falco/issues/2675), some features landed too:

Others

A new repo, k8s-metacollector, was donated to the falcosecurity.
It is a self-contained module that fetched metadata from kubernetes API server and dispatches them to Falco instances via gRPC.
A new plugin is being developed to receive those metadata from gRPC, and will be shipped with Falco 0.37.

Driverkit gained support for SUSE Linux Enterprise: https://github.com/falcosecurity/driverkit/pull/304.

Let's meet 🤝

We meet every week in our community calls, if you want to know the latest and the greatest you should join us there!

If you have any questions

Thanks to all the amazing contributors!

Cheers 🎊

Aldo, Andrea, Federico