-
**Repository**:
https://github.com/alacuku/e2e-falco-tests
**Motivation**
We need a testing framework for the Falco libs and drivers. It should test drivers (`kmod, bpf and modern bpf`) acros…
-
/area documentation
**What would you like to be added**:
A structure grouping Falco components like the following:
```
Concepts
│
│── Overview
│
│── Falco Architecture
│
+───+ Rules
│…
-
**Describe the bug**
Hello,
After the release of v0.35.0 addressing this other bug affecting Debian #2374, we realized the pre-built modules are failing when loading them under Debian, raising t…
-
We run Falco across our environments using EKS. There is a need to upgrade ours EKS AMI to version [v20220824](https://github.com/awslabs/amazon-eks-ami/blob/master/CHANGELOG.md#ami-release-v20220824)…
-
By using symlinks attackers can potentially bypass Falco rules. This is because in our drivers, we take data from syscall arguments and by doing so, we implicitly trust something that is coming from u…
-
**Describe the bug**
We are supporting a fedramp product and nessus scans are showing "high" and "critical" vulnerabilities in amazon linux which must be fixed by November 15th, 2022 and November …
-
/area documentation
**What would you like to be added**:
Topics to document:
- How to use `driverkit` to generate my own drivers?
- Which options can `driverkit` take as input?
- How to tro…
-
**Describe the bug**
Falco container fails to start with error:
`Error: pmu_fd: Operation not permitted`
See `Logs` section below for more info.
**How to reproduce it**
1. Install falco o…
-
/kind support
Hi,
I have an requirement to generate alert whenever manual command gets executed inside a container.
Tried giving so many regex combinations in the rule condition to acheive this. …
-
**Motivation**
Currently, the libs can't tell whether a file opened for writing is a newly created file, or is an already existing file. This information can be used, for example, to tell us whet…