#842306 RFP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications

Package:
wnpp
Source:
wnpp
Submitter:
Julien Rabier
Date:
2026-06-23 05:23:02 UTC
Severity:
wishlist
#842306#5
Date:
2016-10-27 21:24:23 UTC
From:
To:
* Package name    : falco
  Version         : 0.4.0
  Upstream Author : Sysdig <support@sysdig.com>
* URL             : http://www.sysdig.org/falco/
* License         : GPLv2
  Programming Lang: C++, C
  Description     : Sysdig Falco is a behavioral activity monitor designed to
detect anomalous activity in your applications.

Powered by sysdig’s system call capture infrastructure, falco lets you
continuously monitor and detect container, application, host, and network
activity... all in one place, from one source of data, with one set of rules.

I use Sysdig and Falco professionnally and would like to package and maintain
Falco in Debian.
#842306#10
Date:
2016-10-29 12:40:35 UTC
From:
To:
Hi Julien,

Would you like to join Harlan and me in maintaining sysdig itself too?

Greets
Evgeni
#842306#15
Date:
2016-10-31 18:04:31 UTC
From:
To:
Le 29 oct. à 14:40, Evgeni Golov a écrit :

Hi Evgeni,

Yes, that would be great !

Julien
#842306#20
Date:
2016-11-01 16:07:59 UTC
From:
To:
Hi,

You are "taziden-guest" on Alioth? And member of collab-maint?
Then there is nothing more to do than to say welcome :)

Regards
Evgeni
#842306#25
Date:
2016-11-02 11:42:22 UTC
From:
To:
Le 01 nov. à 17:07, Evgeni Golov a écrit :

Yes, that's me indeed !
I will start working on it some time next week.

Julien/taziden
#842306#34
Date:
2019-08-14 01:50:46 UTC
From:
To:
Falco now has its very own website https://falco.org/

And github https://github.com/falcosecurity/falco

+1 to getting this packaged


On Wed, 2 Nov 2016 12:42:22 +0100 Julien Rabier <taziden@flexiden.org>
wrote:

 > Le 01 nov. à 17:07, Evgeni Golov a écrit :
 > > Hi,
 > >
 > > On Mon, Oct 31, 2016 at 07:04:31PM +0100, Julien Rabier wrote:
 > > > > Would you like to join Harlan and me in maintaining sysdig
itself too?
 > > >
 > > > Yes, that would be great !
 > >
 > > You are "taziden-guest" on Alioth? And member of collab-maint?
 > > Then there is nothing more to do than to say welcome :)
 >
 > Yes, that's me indeed !
 > I will start working on it some time next week.
 >
 > Julien/taziden
 >
 >
#842306#39
Date:
2022-06-21 08:19:54 UTC
From:
To:
What happened with the plan to package falco in Debian?

I tried building following the recipe listed on
<URL: https://falco.org/docs/getting-started/source/, but the cmake
file seem to reject the grpc libraries available.  Perhaps you have
better luck?  Or is the grpc libraries in Debian too old?
#842306#44
Date:
2022-06-23 08:13:32 UTC
From:
To:
[Petter Reinholdtsen]

I got the build working by installing a few more build dependencies.

I have encountered some issues with the BPF build, which I assume are
solvable too.
#842306#49
Date:
2022-08-31 07:01:41 UTC
From:
To:
[Petter Reinholdtsen]

I found a solution and have published by git-buildpackage based repo
with the build rules as <URL: https://salsa.debian.org/pere/falco >, in
case it can help the future maintainer of falco in Debian.  I lack the
capacity to maintain it by myself in Debian.

The current build sadly seem to download stuff from the Internet during
build.  No idea how to disable it, nor how much work it will be to get
any required dependencies packaged for Debian.

I guess the silence so far in the thread means no-one else is currently
interested in getting falco into Debian.
#842306#54
Date:
2024-01-17 20:26:24 UTC
From:
To:
Just for the record, the latest edition of falco provide a "modern" ebpf
probe in the kernel that is provied inside the binary and no longer
require a kernel module.  This allow the binary to work independent of
kernel version, as long as the kernel is new enough.  Not sure how new,
but the feature set required has been present in the the Linux kernel
for some years now.

This make it a lot easier to deploy falco on many hosts.
#842306#61
Date:
2026-06-10 07:35:32 UTC
From:
To:
Hi,

I realised this RFP for falco which is absolutely not connected to
the package I prepared in Git[1]

Description: FastQC Alternative Code
 This program is an emulation of the popular FastQC software to check
 large sequencing reads for common problems. It claims to be three times
 faster than FactQC and more energy efficient.

I wonder whether you remain interested in packaging

   RFP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications

or whether we can use this name for the bioinformatics tool.

Kind regards
   Andreas.

[1] https://salsa.debian.org/med-team/falco
#842306#66
Date:
2026-06-10 09:28:06 UTC
From:
To:
[Andreas Tille]

I still hope someone will package falco or similar monitoring tool in
Debian, but do not have the capacity to fix it my self, and believe the
first uploader get the name. :)
#842306#71
Date:
2026-06-23 05:20:55 UTC
From:
To:
Hi Steffen,

Am Wed, Jun 10, 2026 at 10:07:55PM +0000 schrieb Steffen Möller:

I'm fine with smithlab-falco to keep the name space clean from our side.

For the moment I'm hesitating to upload the (bio-)falco package anyway
since it does not pass the FastQC tests anyway.  I think having an
alternative that is fast but not able to reproduce our simple test suite
does not make sense.

Kind regards
    Andreas.