The Cloud Native Computing Foundation (CNCF) announced the graduation of Falco. Falco is a cloud-native security tool for Linux systems and has become a commonly used engine for detecting threats within Kubernetes environments. 

This milestone marks a significant achievement for Falco, emphasizing its importance and effectiveness in cloud-native security, according to the CNCF. 

“Real time visibility into the security of cloud native deployments is invaluable at scale,” Chris Aniszczyk, CTO of CNCF. “Falco is helping to push advancements in the open source cloud native runtime security space with eBPF, and we look forward to seeing the progress in this area as the project continues to grow.”

Falco operates by utilizing custom rules on kernel events to deliver real-time alerts, offering users insight into abnormal behaviors, potential security threats, and compliance violations. 

Over recent years, the maintainers of Falco have focused on refining the engineering processes and restructuring the Falco codebase. These improvements include enhanced test suites, the introduction of a new Kernel testing framework, heightened quality checks, and the development of new features such as a new eBPF probe and integration with first-party data sources.

Originally developed and open-sourced by Sysdig in 2016, Falco quickly established itself as a pioneering project in runtime security. It was the first of its kind to be accepted into the CNCF Sandbox in 2018, and by April 2020, it had progressed to the Incubator stage. Over the years, Falco has attracted a diverse and growing team of maintainers from organizations such as Amazon, Apple, IBM, and Red Hat. 

Upon moving to the incubation stage, the project reported a 400% increase in active contributors, now boasting hundreds of individuals actively contributing to its codebase.