As part of an effort to advance Linux security, Sysdig has donated a sysdig kernel module, along with libraries for the Falco security platform for Kubernetes, to the Cloud Native Computing Foundation (CNCF).


The sysdig kernel module runs in the extended Berkeley Packet Filter (eBPF) microkernel created by the Linux community to enable security, networking and storage technologies to run closer to the Linux kernel without impacting how updates are made to the core operating system.

When Sysdig originally created Falco, it also created an eBPF probe that ran within the eBPF microkernel. The company previously donated Falco to the CNCF in 2018 and by contributing the eBPF probe, will enable other security vendors to build security technologies that run within a Linux microkernel.