search

falcosecurity / falco

Cloud Native Runtime Security
https://falco.org
Apache License 2.0
7.32k stars 899 forks source link

Integration with OPA (Open Policy Agent) #607

Closed fntlnz closed 3 years ago

fntlnz commented 5 years ago

OPA - Open Policy Agent can be used at different levels of the stack and is not intended only for application business logic but also for other levels.

Said that, we want to find ways to integrate OPA with Falco by farming off policy decisions that can then be converted to falco rules.

For example, an OPA policy might be "limit what Kubernetes users can instruct the cluster to use specific image", Falco can read that policy and put in place the action with a Rule.

leodido commented 5 years ago

/kind design /kind feature

amuniz commented 4 years ago

I might be wrong, but I think @kris-nova just demoed something like this today at FOSDEM. Is this about a deeper integration?

wilf1rst commented 4 years ago

I might be wrong, but I think @kris-nova just demoed something like this today at FOSDEM. Is this about a deeper integration?

Here's the talk http://bofh.nikhef.nl/events/FOSDEM/2020/K.1.105/kubernetes.webm

I'd like to find her project to deeply understand the gatekeeper OPA rules and have examples

poiana commented 3 years ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana commented 3 years ago

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

poiana commented 3 years ago

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community. /close

poiana commented 3 years ago

@poiana: Closing this issue.

In response to [this](https://github.com/falcosecurity/falco/issues/607#issuecomment-764936986): >Rotten issues close after 30d of inactivity. > >Reopen the issue with `/reopen`. > >Mark the issue as fresh with `/remove-lifecycle rotten`. > >Provide feedback via https://github.com/falcosecurity/community. >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.