Add Falco as a new potential project

Project

Name: Falco

Desired Initial Maturity Level: Incubating

Problem Statement: Falco is a popular, open-source container runtime security tool. This tool would complement the current security tooling offering by big bang but have several advantages.

1. Vibrant community: Falco has a large and active community with 7.1k active stars on Github.
2. Vendor Neutral: Falco is a CNCF project and thereby not subject a single company changing their policies. Other open-source tools BB has used have been archived as their respective companies have changed strategies and made the tools non-open source.
3. Strong plugin support and the ability to extend easily with additional tools like Falco Sidekick for a UI element or a function calling service to have a complete runtime security tool that is capable of taking actions autonomously

Falco provides an alternative to two of Platform One's current security offerings, Prisma Cloud and Neuvector that target the same area of runtime security.

Prisma Cloud is closed-source and requires a enterprise license. This means that users of BB will need to work with an external vendor to ensure their deployment is fully compliant for runtime security controls.

Neuvector, while being open-source, is not vendor neutral. This causes significant risk since this the company offering this open source software may decide to remove their open-source offering (similar to Anchore) or drastically curtail its capabilities. Falco, in comparison, is vendor neutral. While the project may change or become less used, it is governed by the CNCF and external companies and contributors have a a say in the direction of the product.

Initial Members:

• Dax McDonald @daxmc99
• Another member of the security & compliance team

added new-project teamSecurity & Compliance labels

assigned to @daxmc99

changed title from Add Falco as a new potential projects to Add Falco as a new potential project

mentioned in issue big-bang/bigbang#2220 (closed)

Related to big-bang/bigbang#2220 (closed)

changed the description

changed the description

Some initial work was done on Falco a while back (see this repo). Although not relevant to whether it should be in the BBTOC or not there was a previous spike/evaluation of Falco and other runtime security tools which I linked in this comment.

Closing this for now. After investigating Tetragon I'm not sure if Falco is the right project to be included at this time. Will re-open if the situation changes.

closed