Falco Reference: K8s Runtime Threat Detection — Custom Rules, Falcosidekick & Tuning

Falco patterns for runtime threat detection in Kubernetes. Trivy vs Falco: you need both Trivy: scans at build time — finds CVEs, misconfigs in Dockerfiles, secrets in code Falco: watches at runtime — detects shell spawned in container, privilege esc...