-
It would be nice if we replaced the --privileged flag with a (smaller) list of capabilities. On our slack channel, Maksym Budonnyy mentioned that he was able to get falco to run properly with these ca…
-
**Description**
In the tech stack of Falco and its libraries, the whole architecture is event-driven and mostly functionally stateless, with the only exception being libsinsp. Among the many respon…
-
Kicking off a discussion as result of https://github.com/falcosecurity/libs/pull/524
CI Integration / "Fun" for tool developer -> sanity for everyone :)
Success Criteria:
- Daily confirmation…
-
Hi,
I have encountered this paragraph on Sysdig documentation:
_Falco and sysdig operate on top of the same data source: system calls. This data source is collected using either a **kernel module** …
-
This acts both as a bug report and as a solution proposal. Solving this problem inevitably involves some breaking changes in the Falco UX, so the goal here is to find an agreement on the direction we …
-
**Describe the bug**
I am trying to install falco helm chart on an Amazon Linux machine and getting the below error.
```
* Setting up /usr/src links from host
* Running falco-driver-loader for: …
-
**Motivation**
This [comment](https://github.com/falcosecurity/falco/issues/1505#issuecomment-763430222) explains well - IMHO - why the community might benefit from having a set of prebuilt Falco d…
-
Falco library features two sets of tests for probes:
* [e2e tests][e2e] based on `sinsp-example`. They allow to simulate a variety of low-level events relatively easy, don't support modern probes d…
-
This [README](https://github.com/falcosecurity/charts/blob/master/falco/README.md) contains the following section:
> Note that multiple event sources can not be handled in the same Falco instance. …
-
# Bug Description
The `falco-driver-loader` init container of the `falco` pod tries to compile an eBPF probe & fails.
# Steps to Reproduce
```bash
helm install falco falco/falco --set driver.kin…