The Falco Playground: A Cocktail of WebAssembly and Runtime Security – Jason Dellaluce & Rohith Raju
The Falco Playground: A Cocktail of WebAssembly and Runtime Security – Jason Dellaluce, Sysdig & Rohith Raju, Independent
Falco is a CNCF tool for Runtime Security, for both Linux systems and cloud logs, and the highest adopted threat detection project for Kubernetes. Its powerful engine is configured with a simple rule language based on YAML. However, the community still lacks an official IDE for writing and playing with Falco rules. Past attempts always met friction due to the Falco engine’s lack of portability, being written in C++ for its performance and low-level programming requirements. Wait, can’t C++ be compiled into WebAssembly nowadays? If so, can’t Falco run on a browser? That’s how Jason and Rohith, a core maintainer and a contributor of Falco, developed a backend-less Falco Playground web app for the Google Summer of Code. Join this session to learn how they ported a large production-grade C++ codebase to WASM, with the unique tech mix-up of web development and a thread detection tool for the Linux kernel. Falco can now run anywhere: are there new runtime detection opportunities too?
by CNCF [Cloud Native Computing Foundation]
linux foundation
