Integrate Falco with Vulnetix. Deploy Falco as a runtime security monitor in Docker or Kubernetes to detect anomalous syscalls and policy violations. Export JSON alerts for upload to Vulnetix.
C++CLI toolJSON
Install & scan
$ # Docker (privileged) docker run --rm -it --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro falcosecurity/falco:latest # Kubernetes via Helm (recommended) helm repo add falcosecurity https://falcosecurity.github.io/charts helm install falco falcosecurity/falco --namespace falco --create-namespace --set falco.json_output=true $ # Enable JSON output falco --option "json_output=true" 2>&1 | tee falco-alerts.json
Run Falco Security in CI
Scan on every push and upload the results to Vulnetix:
- name: Start Falco
run: |
docker run -d --name falco --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro falcosecurity/falco:latest falco --option "json_output=true" 2>/tmp/falco-alerts.json
- name: Run integration tests
run: ./run_tests.sh
- name: Collect Falco alerts
run: docker exec falco cat /tmp/falco-alerts.json > falco-alerts.json || true
- name: Upload to Vulnetix
run: vulnetix upload --file falco-alerts.json
Centralise Falco Security results in Vulnetix
Upload Falco Security JSON output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.