Chapter 14. Falco Development
Extending Falco is the best way to ensure that it perfectly fits your unique requirements. This chapter will show you three approaches to Falco development. Weâll begin with an overview of Falcoâs codebase and a quick guide to building Falco from the source, which allows you to work with Falcoâs code directly. This first approach gives you more freedom but is more difficult and perhaps less convenient than the other two. The second approach lets you build an application that processes Falco notifications in the desired way by interfacing with the gRPC API. The third is the standard and easiest way of extending Falco: writing your own plugin.
For the last two approaches, we will teach you by using examples. We use the Go programming language in these code snippets, so some familiarity with it will be helpful, but itâs not strictly required. This chapter also assumes that you have read Part II of this book. If you are concerned that this material may be too difficult, donât be scared: we think youâll find it understandable and interesting even if you are not a developer.
Get Practical Cloud Native Security with Falco now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
