The CNCF wants to bring awareness to runtime security and make it easier for the community to build secure cloud-native applications. In order to achieve this goal, it has accepted Sysdig’s open-source runtime container security project, Falco, into the Cloud Native Sandbox.

According to Sysdig, Falco was designed to give DevSecOps visibility into how containers and applications are behaving. The dynamic nature of cloud-native environments requires security tooling that can immediately detect problems and protect containerized application instances, which is something that Falco is able to provide.

Falco aims to shorten the detection and response cycle for security incidents in container architectures by detecting abnormal behavior at the application, file, system, and network levels.

When combined with other CNCF projects such as Fluentd, Nats, and Kubernetes, Falco will be able to do things such as kill offending containers, notify teams, and isolate Kubernetes nodes, Sisdig explained. It also provides metadata from sources including the Kubernetes API server to enhance data provided by the Linux kernel, enabling users to create rules that can be applied to certain Kubernetes namespaces, deployments, or individual pods.

“We’re proud to be able to contribute to the open source community in a larger way,” said Loris Degioanni, chief technology officer and founder of Sysdig. “Adding Falco to the Cloud Native Sandbox gives developers, operations, security, and other IT professionals access to our market-leading runtime security technology, which has more than 1.5 million downloads to date. Acceptance by the CNCF further reaffirms Falco’s approach to runtime container security.”