Hello, from all of us here at Sysdig! Some good news arrived with 2020, as Falco, the open source cloud-native runtime security project originally created by Sysdig, has been promoted from the Cloud Native Computing Foundation sandbox into incubation. That’s why in this newsletter we will be focusing on Falco and open source security.
Sign up for our monthly Cloud-native News.
Software libraries are under attack, be ready
Two malicious Python libraries were found on PyPI, jeilyfish and python3-dateutil. You may wonder how a malicious library can pass through PRs and QA tests? Then, you realize nobody is checking for a typo in a library name.
This is serious, and brings to light a deeper issue. Software developers are pulling third party libraries into their containers without control.
What can we do now? We prepared a guide with simple steps to protect yourself against these and similar attacks using Sysdig Secure and Falco rules.
Announcing the Kubernetes bug bounty program
Security is an increasing concern for companies moving Kubernetes into production. The Kubernetes project is well aware of this, and they are doubling down their efforts towards eliminating vulnerabilities in their code base. A new bug bounty program offers rewards ranging from 100$ to 10,000$.
Want to learn more about Falco?
If you are new to Falco, this is our selection of our favourite articles to catch up.
Falco or Seccomp?
With seccomp you can further isolate your containers by defining which system calls can execute. These are some considerations to use seccomp in Kubernetes.
Falco focuses on detection rather than enforcement. This is how seccomp, SELinux and Falco compare.
Incident response and container Forensics
When a container attack happens, you need to quickly respond and block the threat. But, how can you investigate once a container is gone? This talk gives some tips on where to start investigating, and how to prepare in advance.
As mentioned in the talk, Sysdig Inspect is the reference tool for container forensics, an open source project by Sysdig also available within Sysdig Secure.
When looking at automating responses and remediate security threats detected with Falco, don’t miss the Falco response engine.
All these capabilities and much more, can be found on Sysdig Secure. Learn how Sysdig Secure extends Falco, integrating with your secure DevOps workflow.
The Activity audit in Sysdig secure speeds incident response and enables audit by correlating container and Kubernetes activity, discover how.
Falco security audit
Being an open source project subjects you to constant public auditing, which increases your security and builds confidence in your product. Looking at making Falco more secure, an independent audit was recently passed.
What’s New with Sysdig?
Falco joins CNCF incubation
Exciting times for the Falco community, being the first runtime security project accepted into the CNCF incubator. Congratulations!
Check out Falco’s accomplishments since joining the CNCF, and what this announcement means for its future.
Image Scanning with Github Actions
The Sysdig Secure Inline Scan is now available on the Github Actions marketplace. Inline scanning allows you to analyze images without exposing them outside your build infrastructure or pushing them to a registry.
How to Monitor Kubernetes API Server
The API server is a key element of the Kubernetes control plane 🧠. Monitoring the API server is essential to detect and troubleshoot incidents before they impact your cluster.
Meet us here:
In the coming months we’re headed to some exciting industry events. We’d love to talk to you and your team in person about your cloud-native journey.
OpenShift Commons Gathering
London | Jan 29
DevSecOps Day at RSA Conference
San Francisco | Feb. 24
San Francisco | Feb. 24-28 | Booth #4220