Falco joins CNCF Sandbox.

Falco, a behavioral activity monitoring tool from Sysdig, has joined the Cloud Native Computing Foundation (CNCF) Sandbox to enhance its role in securing cloud-native platforms like Kubernetes, Cloud Foundry, and OpenShift. This transition aims to foster community contributions, improve project governance, and enhance user experience by leveraging CNCF's support. Falco, originally created by Loris Degioanni at Sysdig, analyzes Linux system calls as event streams and allows users to write rules detecting abnormal behavior for real-time security alerts. As part of the CNCF Sandbox, Falco has transitioned to the Apache License 2.0, promoting broader adoption in the cloud-native community. The move to CNCF also involves integrating new features such as support for Kubernetes audit events and the creation of a new vendor-neutral home for its code and community resources, further emphasizing Sysdig's commitment to open source collaboration and security innovation in dynamic cloud environments.