The Cloud Native Computing Foundation (CNCF) recently announced the graduation of Falco, a cloud-native security tool designed for Linux systems and the de facto Kubernetes threat detection engine.

“Real time visibility into the security of cloud native deployments is invaluable at scale,” Chris Aniszczyk, CTO of CNCF. “Falco is helping to push advancements in the open source cloud native runtime security space with eBPF, and we look forward to seeing the progress in this area as the project continues to grow.”

Falco was created and open sourced in 2016 by Sysdig and became the first runtime security project accepted into the CNCF Sandbox in 2018 and, subsequently, the Incubator in April 2020. Since then, Falco has added maintainers from Amazon, Apple, IBM, Red Hat, and more. The project has also seen a 400% increase in active contributors since moving to incubation and now has hundreds active code contributors.

The project has over 30 public, self-declared adopters, including organizations like Cisco, Shopify, Skyscanner, and Vinted. Since moving to incubation, it has seen a 526% increase in total downloads, with a 135% increase in average monthly downloads.

To officially graduate from incubating status, the Falco project underwent a due diligence process with the CNCF Technical Oversight Committee (TOC), completed a third-party security audit, and supported the process of allowing CNCF projects to include GPL-licensed Linux kernel modules alongside the eBPF code. Graduation validates Falco’s growth, maturity, and future outlook and cements the project’s leadership in the runtime security space.