CNCF Announces Falco Graduation
February 29, 2024

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of Falco, a cloud native security tool designed for Linux systems and the de facto Kubernetes threat detection engine.

Falco was created and open sourced in 2016 by Sysdig and became the first runtime security project accepted into the CNCF Sandbox in 2018 and, subsequently, the Incubator in April 2020. Since then, Falco has added maintainers from Amazon, Apple, IBM, Red Hat, and more. The project has also seen a 400% increase in active contributors since moving to incubation and now has hundreds active code contributors.

The project has over 30 public, self-declared adopters, including organizations like Cisco, Shopify, Skyscanner, and Vinted. Since moving to incubation, it has seen a 526% increase in total downloads, with a 135% increase in average monthly downloads.

“Real time visibility into the security of cloud native deployments is invaluable at scale,” Chris Aniszczyk, CTO of CNCF. “Falco is helping to push advancements in the open source cloud native runtime security space with eBPF, and we look forward to seeing the progress in this area as the project continues to grow.”

Falco employs custom rules on kernel events to provide real-time alerts and helps users gain visibility into abnormal behavior, potential security threats, and compliance violations, contributing to comprehensive runtime security. In the past few years, maintainers have dedicated time to improving engineering processes and refactoring the Falco code base, including improved test suites and a new Kernel testing framework, increased quality checks, and new features like a new eBPF probe and integration with new first-party data sources.

“The conclusion that led to Falco’s development and contribution to CNCF is that runtime security must be widely accessible and seamlessly integrated across cloud native infrastructure – you need prevention in the cloud, but threat detection is just as important,” said Loris Degioanni, Creator of Falco and CTO and Founder of Sysdig. “The support Falco has received underscores the reality that you can’t prevent everything, security teams need defense in depth, even in the cloud. I am grateful for the incredible Falco community and for surpassing this milestone within CNCF, but the Falco community has never seen graduation as the end goal — rather, just the beginning of expanding Falco use cases through its plugin system.”

To officially graduate from incubating status, the Falco project underwent a due diligence process with the CNCF Technical Oversight Committee (TOC), completed a third-party security audit, and supported the process of allowing CNCF projects to include GPL-licensed Linux kernel modules alongside the eBPF code. Graduation validates Falco’s growth, maturity, and future outlook and cements the project’s leadership in the runtime security space.

Share this

Industry News

April 23, 2024

mabl announced the addition of mobile application testing to its platform.

April 23, 2024

Spectro Cloud announced the achievement of a new Amazon Web Services (AWS) Competency designation.

April 22, 2024

GitLab announced the general availability of GitLab Duo Chat.

April 18, 2024

SmartBear announced a new version of its API design and documentation tool, SwaggerHub, integrating Stoplight’s API open source tools.

April 18, 2024

Red Hat announced updates to Red Hat Trusted Software Supply Chain.

April 18, 2024

Tricentis announced the latest update to the company’s AI offerings with the launch of Tricentis Copilot, a suite of solutions leveraging generative AI to enhance productivity throughout the entire testing lifecycle.

April 17, 2024

CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.

April 17, 2024

Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.

April 17, 2024

Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.

April 16, 2024

Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).

April 16, 2024

Pegasystems announced the general availability of Pega Infinity ’24.1™.

April 16, 2024

Sylabs announces the launch of a new certification focusing on the Singularity container platform.

April 15, 2024

OpenText™ announced Cloud Editions (CE) 24.2, including OpenText DevOps Cloud and OpenText™ DevOps Aviator.

April 15, 2024

Postman announced its acquisition of Orbit, the community growth platform for developer companies.

April 11, 2024

Check Point® Software Technologies Ltd. announced new email security features that enhance its Check Point Harmony Email & Collaboration portfolio: Patented unified quarantine, DMARC monitoring, archiving, and Smart Banners.