├── .github └── workflows │ ├── PULL_REQUEST_TEMPLATE.md │ ├── test-analyze-mode-config.yaml │ ├── test-analyze-mode-report-customized.yaml │ ├── test-analyze-mode.yaml │ ├── test-external-dependencies.yaml │ └── test-live-mode.yaml ├── LICENSE ├── OWNERS ├── README.md ├── analyze ├── action.yaml └── src │ ├── capture_to_md.py │ ├── filters.config │ ├── integrations │ ├── openai │ │ ├── create_summary.py │ │ ├── openairequests.py │ │ └── requirements.txt │ └── virustotal │ │ ├── requirements.txt │ │ └── vt_script.py │ └── json_to_md.py ├── common ├── falco_events_to_md.py ├── requirements.txt └── run_sysdig.sh ├── media ├── github-falco-action-analyze-mode.png └── github-falco-action-live-mode.png ├── rules ├── README.md └── falco_cicd_rules.yaml ├── start ├── action.yaml └── src │ ├── ignore_syscalls.jq │ └── syscall_ignore.config ├── stop └── action.yaml └── test └── config-files ├── filters_test.config └── syscall_ignore_test.config /.github/workflows/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/.github/workflows/PULL_REQUEST_TEMPLATE.md -------------------------------------------------------------------------------- /.github/workflows/test-analyze-mode-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/.github/workflows/test-analyze-mode-config.yaml -------------------------------------------------------------------------------- /.github/workflows/test-analyze-mode-report-customized.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/.github/workflows/test-analyze-mode-report-customized.yaml -------------------------------------------------------------------------------- /.github/workflows/test-analyze-mode.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/.github/workflows/test-analyze-mode.yaml -------------------------------------------------------------------------------- /.github/workflows/test-external-dependencies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/.github/workflows/test-external-dependencies.yaml -------------------------------------------------------------------------------- /.github/workflows/test-live-mode.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/.github/workflows/test-live-mode.yaml -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/LICENSE -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/OWNERS -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/README.md -------------------------------------------------------------------------------- /analyze/action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/analyze/action.yaml -------------------------------------------------------------------------------- /analyze/src/capture_to_md.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/analyze/src/capture_to_md.py -------------------------------------------------------------------------------- /analyze/src/filters.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/analyze/src/filters.config -------------------------------------------------------------------------------- /analyze/src/integrations/openai/create_summary.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/analyze/src/integrations/openai/create_summary.py -------------------------------------------------------------------------------- /analyze/src/integrations/openai/openairequests.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/analyze/src/integrations/openai/openairequests.py -------------------------------------------------------------------------------- /analyze/src/integrations/openai/requirements.txt: -------------------------------------------------------------------------------- 1 | openai==1.51.2 2 | click==8.1.7 3 | httpx==0.27.2 -------------------------------------------------------------------------------- /analyze/src/integrations/virustotal/requirements.txt: -------------------------------------------------------------------------------- 1 | requests==2.32.4 2 | click==8.1.7 -------------------------------------------------------------------------------- /analyze/src/integrations/virustotal/vt_script.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/analyze/src/integrations/virustotal/vt_script.py -------------------------------------------------------------------------------- /analyze/src/json_to_md.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/analyze/src/json_to_md.py -------------------------------------------------------------------------------- /common/falco_events_to_md.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/common/falco_events_to_md.py -------------------------------------------------------------------------------- /common/requirements.txt: -------------------------------------------------------------------------------- 1 | openai==1.51.2 2 | click==8.1.7 3 | httpx==0.27.2 -------------------------------------------------------------------------------- /common/run_sysdig.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/common/run_sysdig.sh -------------------------------------------------------------------------------- /media/github-falco-action-analyze-mode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/media/github-falco-action-analyze-mode.png -------------------------------------------------------------------------------- /media/github-falco-action-live-mode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/media/github-falco-action-live-mode.png -------------------------------------------------------------------------------- /rules/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/rules/README.md -------------------------------------------------------------------------------- /rules/falco_cicd_rules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/rules/falco_cicd_rules.yaml -------------------------------------------------------------------------------- /start/action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/start/action.yaml -------------------------------------------------------------------------------- /start/src/ignore_syscalls.jq: -------------------------------------------------------------------------------- 1 | .ignore_syscalls | join(", ") -------------------------------------------------------------------------------- /start/src/syscall_ignore.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/start/src/syscall_ignore.config -------------------------------------------------------------------------------- /stop/action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/stop/action.yaml -------------------------------------------------------------------------------- /test/config-files/filters_test.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/test/config-files/filters_test.config -------------------------------------------------------------------------------- /test/config-files/syscall_ignore_test.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/falcosecurity/falco-actions/HEAD/test/config-files/syscall_ignore_test.config --------------------------------------------------------------------------------