Guest post by Dan “POP” Papandrea, Lead of Open Source Community and Ecosystem at Sysdig

Code example


My name is Dan “POP” Papandrea and I am the new Lead of Open Source Community and Ecosystem at Sysdig, with a focus on Falco adoption and contribution. Throughout my career, I have focused on trying to walk a mile in end users’ shoes to understand their software pains. Over the past four years at Sysdig and during my time in the cloud-native community, I have learned so much about how enterprises and their end users, developers and operators are using cloud-native applications to truly transform their business and speed their delivery.  I have also immersed myself in the open source community and seen this amazing group blossom into a fantastic place for innovation and collaboration. 

So, Why the Move to Falco?

Runtime security is clearly a necessary requirement for protecting cloud native, and specifically Kubernetes, and there are amazing opportunities as organizations transition to securing container and Kubernetes environments. Falco is cementing itself as the runtime security tool for the cloud.

Having worked with the Falco project since its inception in my capacity as Field CTO for Sysdig, I have seen Falco’s incredible momentum and adoption rate.  Falco is a phenomenal piece of core technology, and it has been exciting to watch the maintainers who contribute to the project create even more exciting things.  Getting to work with the Falco community and my colleagues at Sysdig involved in Falco development has been such a pleasure. 

I chose to move from my Field CTO position to Falco because I believe in the technology and I love the cloud-native community.  I started a podcast (the popcast with danpop!)  at the beginning of this pandemic as a love letter to the community and to connect at a human level with the leaders who created its awesome tech, beyond just their code.  I am a member of the Kubernetes Contributor group, who eats, sleeps and breathes how to best contribute, adopt, and support what I believe is the greatest technical community in the world — Kubernetes — and its constellation of supporting projects.  Being able to work with the amazing ecosystem within the CNCF and the various surrounding projects is so inspiring and I cannot wait to help nurture adoption, contribution, and end-user success.  This is what gets me pumped.  I am such a big fan of these projects and there is so much power and possibility if we work together in the true spirit of collaboration and COMMUNITY.

Falco’s Progress

Table shows increase in external company contributors, increase in GitHub stars, increase in integrations (falco and falco-sidekick), increase in contributors, DockerHub Pulls in 2 year growth and 1 year growth

Falco has made tremendous progress.  Contributions and committers have increased 280 percent from external companies’ contributions.  Overall contributors in 10 months has seen 74 percent growth with Github Stars increasing over 287 percent since moving to an incubation-level hosted project. The Sysdig team dedicated to Falco has completely overhauled and moved everything to conventions required by the CNCF for Incubation, including migrating to a new build and contribution paradigm.  They created and optimized code for easier deployment and better performance of the underlying Falco Engine and Rules.  The Falco Community, including the amazing contributions from Leonardo Di Donato, Lorenzo Fontana, Leonardo Grasso, and many others, has made HUGE strides!  We’ve had over 600% growth in integrations spearheaded by Falcosidekick, an amazing piece of tech created by Thomas Labarussias, a contributor who has laid the foundation for others to contribute even further. And huge contributions from AWS (Jonah Jones) and IBM (Spencer Krum) in the Falco build process and overall community leadership have made this THE CNCF project to be a part of.

Falco is quickly becoming the de facto runtime security tool for cloud native. Falco is powerful, it’s generic enough to be used for almost any scenario you need and flexible enough to integrate with whatever you need. Falco is being adopted by more and more firms, Shopify, Booz Allen Hamilton, Coveo, Sumo Logic, and many others.

POP”s Plan and Focus

Contribution In order to continue to add contributors, we will:

Adoption –  Work with current adopters and find more end users using Falco

Graduation – Help the project grow from Incubated to Graduated CNCF project

My goal as the Lead of Open Source Community and Ecosystem is to spread even more awareness around the Falco project and the magnificent work the team is doing!  We want YOU the community to join the Falco project, tell us how you are using Falco, contribute in places like the Falco core engine, rulesets, integrations, etc.  We would like to make it easy for you to contribute. We want to celebrate your contributions!  We want you to use and triumph in using the Falco engine, rules, and outputs. Use the subprojects like sidekick, event generator and docs page, let us know what would make your experience even better.  If you are a company or technology partner that is using Falco… LET US KNOW, let’s help you adopt the power of Falco to meet your end goals!

Reach out to me on twitter @danpopnyc or on the Falco slack