You are viewing documentation for Falco version: v0.37.1

Falco v0.37.1 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Featured Image for Falco Weekly 50 - 2023
Aldo Lacuku, Andrea Terzolo, Federico Di Pierro

Falco Weekly 50 - 2023

What happened in Falco this week?

Let's go through the major changes that happened in various repositories under the falcosecurity organization.

Libs

The anticipated 0.14.0 libs tag (and its driver counterpart) are going to be tagged soon, by the end of next week.
A xmas present for you all! :christmas_tree:

Mostly fixes were merged during this week:

Also, thanks to actuated.dev for offering us arm64 github action runners, CI has been fully ported to github actions, except for a single CircleCI job! https://github.com/falcosecurity/libs/pull/1555

Rumors have it coming next:

Falco

Falco has seen some big new features this week!

Finally, the new falcoctl based driver-loader was finally merged in Falco: https://github.com/falcosecurity/falco/pull/2905.
If you can, please make sure to give it a spin and let us know any feedback, it is very valuable for us!
To try it out:

docker pull falcosecurity/falco-driver-loader:master
docker run --rm -i -t \
    --privileged \
    -v /root/.falco:/root/.falco \
    -v /proc:/host/proc:ro \
    -v /boot:/host/boot:ro \
    -v /lib/modules:/host/lib/modules \
    -v /usr:/host/usr:ro \
    -v /etc:/host/etc:ro \
    falcosecurity/falco-driver-loader:master

Falcoctl

Some fixes on top of the new driver-loader happened:

Moreover, we finally merged the new asset artifact type PR! https://github.com/falcosecurity/falcoctl/pull/309

Falcoctl is quite ready for v0.7.0 release; we only need more driver-loader testing!

Driverkit

Driverkit has seen a small bug fix release this week: https://github.com/falcosecurity/driverkit/releases/tag/v0.16.2.
It contains a fix to docker go package multiplexed output support: https://github.com/falcosecurity/driverkit/pull/310.

Moreover, we merged a PR that opens up the possibility for Driverkit to directly use cmake to configure and then build our drivers: https://github.com/falcosecurity/driverkit/pull/309.

What's next?
The cmake PR is opened and works super good; build times are as good as before, so no penalty! https://github.com/falcosecurity/driverkit/pull/302.
Moreover, we are going to make use of actuated.dev arm64 runners in driverkit too, porting its CI to github actions: https://github.com/falcosecurity/driverkit/pull/311.

Join relevant discussions!

Let's meet 🤝

We meet every week in our community calls, if you want to know the latest and the greatest you should join us there!

If you have any questions

Thanks to all the amazing contributors!

Cheers 🎊

Aldo, Andrea, Federico