Note: This repository has been created upon this proposal.
This repository contains the Rules Files Registry and rules files officially maintained by the Falcosecurity organization. Rules tell Falco what to do. Please refer to the official documentation to better understand the rules' concepts.
The Registry contains metadata and information about rules files distributed by the Falcosecurity organization. These rules are developed for Falco and made available to the community.
Note: Currently, the registry includes only rules for the syscall call data source; for other data sources see the plugins repository.
Another purpose of this repository is to host and maintain the rules owned by the Falcosecurity organization. All the rules are contained inside the rules folder.
The main branch contains the most up-to-date state of development. Please check our Release Process to know how rules are released. Stable builds are released and published only when a new release gets tagged.
If you wish to contribute your rules to the Falcosecurity organization, you just need to open a Pull Request to add them inside the rules folder. In order to be hosted in this repository, rules must be licensed under the Apache 2.0 License.
If you want to help and wish to contribute, please review our contribution guidelines. Code contributions are always encouraged and welcome!
This project is licensed to you under the Apache 2.0 Open Source License.