security

Falco

Falco Runtime Security

Definition

Falco is a CNCF open-source runtime security tool that detects unexpected behavior in containers and Kubernetes clusters by monitoring Linux system calls. Rules define normal behavior, and Falco alerts on deviations like shell spawning inside containers, unexpected file writes, or privilege escalation.

It is the de facto standard for open-source Kubernetes runtime threat detection.

Related Terms

KSPM

Kubernetes Security Posture Management

Container Security

Runtime Security

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product