Hello, Falconers!
Got interested in Falco and would like to contribute with your own ideas? Feeling stuck because you don't know where to start? No worries, we are here to help you!
Whether you want Falco to monitor a new system call, add a brand new feature or solve a problem you ran into, you have to create a developing environment. This blog post tries to walk you through the process of setting up a new one so that you can feel comfortable and ready to start contributing!
First things first, Falco's source code lives in the Falco organization on GitHub. The two repositories you should definitely take a look at are:
falcosecurity/libs, containing both the kernel module and the eBPF probe, and also libscap and libsinsp
falcosecurity/falco, including the rule engine, rules, and support for any kind of output, such as standard output, file output, gRPC, and more.