Merge remote-tracking branch 'origin/dev'

.github/ISSUE_TEMPLATE/bug-report.md

@@ -0,0 +1,28 @@
+---
+name: Bug Report
+about: Report a bug encountered while operating Falco
+labels: kind/bug
+
+---
+
+<!-- Please use this template while reporting a bug and provide as much info as possible. Not doing so may result in your bug not being addressed in a timely manner. Thanks!
+
+If the matter is security related, please disclose it privately via https://falco.org/security/
+-->
+
+**What happened**:
+
+**What you expected to happen**:
+
+**How to reproduce it (as minimally and precisely as possible)**:
+
+**Anything else we need to know?**:
+
+**Environment**:
+- Falco version (use `falco --version`):
+- System info <!-- Falco has a built-in support command you can use  "falco --support | jq .system_info" -->
+- Cloud provider or hardware configuration:
+- OS (e.g: `cat /etc/os-release`):
+- Kernel (e.g. `uname -a`):
+- Install tools (e.g. in kubernetes, rpm, deb, from source):
+- Others:

.github/ISSUE_TEMPLATE/enhancement.md

@@ -0,0 +1,11 @@
+---
+name: Enhancement Request
+about: Suggest an enhancement to the Falco project
+labels: kind/feature
+
+---
+<!-- Please only use this template for submitting enhancement requests -->
+
+**What would you like to be added**:
+
+**Why is this needed**:

.github/ISSUE_TEMPLATE/failing-tests.md

@@ -0,0 +1,20 @@
+---
+name: Failing Test
+about: Report test failures in Falco CI jobs
+labels: kind/failing-test
+
+---
+
+<!-- Please only use this template for submitting reports about failing tests in Falco CI jobs -->
+
+**Which jobs are failing**:
+
+**Which test(s) are failing**:
+
+**Since when has it been failing**:
+
+**Test link**:
+
+**Reason for failure**:
+
+**Anything else we need to know**:

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,54 @@
+<!--  Thanks for sending a pull request!  Here are some tips for you:
+
+1. If this is your first time, please read our contributor guidelines in the [CONTRIBUTING.md](CONTRIBUTING.md) file and learn how to compile Falco from source [here](https://falco.org/docs/source).
+2. Please label this pull request according to what type of issue you are addressing.
+5. Please add a release note!
+6. If the PR is unfinished while opening it specify a wip in the title before the actual title, for example, "wip: my awesome feature"
+-->
+
+**What type of PR is this?**
+> Uncomment only one ` /kind <>` line, hit enter to put that in a new line, and remove leading whitespaces from that line:
+>
+> /kind bug
+> /kind cleanup
+> /kind design
+> /kind documentation
+> /kind failing-test
+> /kind feature
+> /kind flaky-test
+
+> If contributing rules or changes to rules, please make sure to uncomment the appropriate kind
+
+> /kind rule/update
+> /kind rule/create
+
+**Any specific area of the project related to this PR?**
+
+> /area engine
+> /area rules
+> /area deployment
+> /area integrations
+> /area examples
+
+**What this PR does / why we need it**:
+
+**Which issue(s) this PR fixes**:
+<!--
+Automatically closes linked issue when PR is merged.
+Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
+If PR is `kind/failing-tests` or `kind/flaky-test`, please post the related issues/tests in a comment and do not use `Fixes`.
+-->
+Fixes #
+
+**Special notes for your reviewer**:
+
+**Does this PR introduce a user-facing change?**:
+<!--
+If no, just write "NONE" in the release-note block below.
+If yes, a release note is required:
+Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required:".
+For example, `action required: change the API interface of the rule engine`.
+-->
+```release-note
+
+```

CHANGELOG.md

@@ -2,6 +2,26 @@
 
 This file documents all notable changes to Falco. The release numbering uses [semantic versioning](http://semver.org).
 
+## v0.15.2
+
+Released 2019-06-12
+
+## Major Changes
+
+* New documentation and process handling around issues and pull requests. [[#644](https://github.com/falcosecurity/falco/pull/644)] [[#659](https://github.com/falcosecurity/falco/pull/659)] [[#664](https://github.com/falcosecurity/falco/pull/664)] [[#665](https://github.com/falcosecurity/falco/pull/665)]
+
+## Minor Changes
+
+* None.
+
+## Bug Fixes
+
+* Fix compilation of eBPF programs on COS (used by GKE) [[#sysdig/1431](https://github.com/draios/sysdig/pull/1431)]
+
+## Rule Changes
+
+* Rework exceptions lists for `Create Privileged Pod`, `Create Sensitive Mount Pod`, `Launch Sensitive Mount Container`, `Launch Privileged Container` rules to use separate specific lists rather than a single "Trusted Containers" list. [[#651](https://github.com/falcosecurity/falco/pull/651)]
+
 ## v0.15.1
 
 Released 2019-06-07

CONTRIBUTING.md

@@ -0,0 +1,115 @@
+# Contributing to Falco
+
+- [Contributing to Falco](#contributing-to-falco)
+  - [Code of Conduct](#code-of-conduct)
+  - [Issues](#issues)
+    - [Triage issues](#triage-issues)
+      - [More about labels](#more-about-labels)
+    - [Slack](#slack)
+  - [Pull Requests](#pull-requests)
+  - [Developer Certificate Of Origin](#developer-certificate-of-origin)
+
+## Code of Conduct
+
+Falco has a
+[Code of Conduct](CODE_OF_CONDUCT)
+to which all contributors must adhere, please read it before interacting with the repository or the community in any way.
+
+## Issues
+
+Issues are the heartbeat ❤️ of the Falco project, there are mainly three kinds of issues you can open:
+
+- Bug report: you believe you found a problem in Falco and you want to discuss and get it fixed,
+creating an issue with the **bug report template** is the best way to do so.
+- Enhancement: any kind of new feature need to be discussed in this kind of issue, do you want a new rule or a new feature? This is the kind of issue you want to open. Be very good at explaining your intent, it's always important that others can understand what you mean in order to discuss, be open and collaborative in letting others help you getting this done!
+- Failing tests: you noticed a flaky test or a problem with a build? This is the kind of issue to triage that!
+
+The best way to get **involved** in the project is through issues, you can help in many ways:
+
+- Issues triaging: participating in the discussion and adding details to open issues is always a good thing,
+sometimes issues need to be verified, you could be the one writing a test case to fix a bug!
+- Helping to resolve the issue: you can help in getting it fixed in many ways, more often by opening a pull request.
+
+### Triage issues
+
+We need help in categorizing issues. Thus any help is welcome!
+
+When you triage an issue, you:
+
+* assess whether it has merit or not
+
+* quickly close it by correctly answering a question
+
+* point the reporter to a resource or documentation answering the issue
+
+* tag it via labels, projects, or milestones
+
+* take ownership submitting a PR for it, in case you want 😇
+
+#### More about labels
+
+These guidelines are not set in stone and are subject to change.
+
+Anyway a `kind/*` label for any issue is mandatory.
+
+This is the current [label set](https://github.com/falcosecurity/falco/labels) we have.
+
+You can use commands - eg., `/label <some-label>` to add (or remove) labels or manually do it.
+
+The commands available are the following ones:
+
+```
+/[remove-](area|kind|priority|triage|label)
+```
+
+Some examples:
+
+* `/area rules`
+* `/remove-area rules`
+* `/kind kernel-module`
+* `/label good-first-issue`
+* `/triage duplicate`
+* `/triage unresolved`
+* `/triage not-reproducible`
+* `/triage support`
+* ...
+
+### Slack
+
+Other discussion, and **support requests** should go through the `#falco` channel in the Sysdig slack, please join [here](https://slack.sysdig.com).
+
+## Pull Requests
+
+Thanks for taking time to make a [pull request](https://help.github.com/articles/about-pull-requests) (hereafter PR).
+
+In the PR body, feel free to add an area label if appropriate by typing `/area <AREA>`, PRs will also
+need a kind, make sure to specify the appropriate one by typing `/kind <KIND>`.
+
+The list of labels is [here](https://github.com/falcosecurity/falco/labels).
+
+Also feel free to suggest a reviewer with `/assign @theirname`.
+
+Once your reviewer is happy, they will say `/lgtm` which will apply the
+`lgtm` label, and will apply the `approved` label if they are an
+[owner](/OWNERS).
+
+Your PR will be automatically merged once it has the `lgtm` and `approved`
+labels, does not have any `do-not-merge/*` labels, and all status checks (eg., rebase, tests, DCO) are positive.
+
+## Developer Certificate Of Origin
+
+The [Developer Certificate of Origin (DCO)](https://developercertificate.org/) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project.
+
+Contributors to the Falco project sign-off that they adhere to these requirements by adding a `Signed-off-by` line to commit messages.
+
+```
+This is my commit message
+
+Signed-off-by: John Poiana <[email protected]>
+```
+
+Git even has a `-s` command line option to append this automatically to your commit message:
+
+```
+$ git commit -s -m 'This is my commit message'
+```

OWNERS

@@ -0,0 +1,11 @@
+approvers:
+  - leodido
+  - fntlnz
+  - mstemm
+reviewers:
+  - leodido
+  - fntlnz
+  - mfdii
+  - kaizhe
+  - mstemm
+

README.md

@@ -1,16 +1,19 @@
+<p><img align="right" src="https://github.com/falcosecurity/falco-website/raw/master/themes/falco-fresh/static/images/favicon.png" width="64px"/></p>
+<p></p>
+
 # Falco
 
 #### Latest release
 
-**v0.15.1**
+**v0.15.2**
 Read the [change log](https://github.com/falcosecurity/falco/blob/dev/CHANGELOG.md)
 
 Dev Branch: [![Build Status](https://travis-ci.com/falcosecurity/falco.svg?branch=dev)](https://travis-ci.com/falcosecurity/falco)<br />
 Master Branch: [![Build Status](https://travis-ci.com/falcosecurity/falco.svg?branch=master)](https://travis-ci.com/falcosecurity/falco)<br />
 CII Best Practices: [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/2317/badge)](https://bestpractices.coreinfrastructure.org/projects/2317)
 
+---
 
-## Overview
 Falco is a behavioral activity monitor designed to detect anomalous activity in your applications. Powered by [sysdig’s](https://github.com/draios/sysdig) system call capture infrastructure, Falco lets you continuously monitor and detect container, application, host, and network activity—all in one place—from one source of data, with one set of rules.
 
 Falco is hosted by the Cloud Native Computing Foundation (CNCF) as a sandbox level project. If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details read the [Falco CNCF project proposal](https://github.com/cncf/toc/tree/master/proposals/falco.adoc).
@@ -26,6 +29,11 @@ Falco can detect and alert on any behavior that involves making Linux system cal
 - A non-device file is written to `/dev`.
 - A standard system binary, such as `ls`, is making an outbound network connection.
 
+
+### Installing Falco
+
+A comprehensive [installation guide](https://falco.org/docs/installation/) for Falco is available in the documentation website.
+
 #### How do you compare Falco with other security tools?
 
 One of the questions we often get when we talk about Falco is “How does Falco differ from other Linux security tools such as SELinux, AppArmor, Auditd, etc.?”. We wrote a [blog post](https://sysdig.com/blog/selinux-seccomp-falco-technical-discussion/) comparing Falco with other tools.
@@ -45,48 +53,6 @@ License Terms
 ---
 Falco is licensed to you under the [Apache 2.0](./COPYING) open source license.
 
-Contributor License Agreements
+Contributing
 ---
-### Background
-We are formalizing the way that we accept contributions of code from the contributing community. We must now ask that contributions to falco be provided subject to the terms and conditions of a [Contributor License Agreement (CLA)](./cla). The CLA comes in two forms, applicable to contributions by individuals, or by legal entities such as corporations and their employees. We recognize that entering into a CLA with us involves real consideration on your part, and we’ve tried to make this process as clear and simple as possible.
-
-We’ve modeled our CLA off of industry standards, such as [the CLA used by Kubernetes](https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md). Note that this agreement is not a transfer of copyright ownership, this simply is a license agreement for contributions, intended to clarify the intellectual property license granted with contributions from any person or entity. It is for your protection as a contributor as well as the protection of falco; it does not change your rights to use your own contributions for any other purpose.
-
-For some background on why contributor license agreements are necessary, you can read FAQs from many other open source projects:
-
-- [Django’s excellent CLA FAQ](https://www.djangoproject.com/foundation/cla/faq/)
-- [A well-written chapter from Karl Fogel’s Producing Open Source Software on CLAs](http://producingoss.com/en/copyright-assignment.html)
-- [The Wikipedia article on CLAs](http://en.wikipedia.org/wiki/Contributor_license_agreement)
-
-As always, we are grateful for your past and present contributions to falco.
-
-### What do I need to do in order to contribute code?
-
-At first, you need to make the changes based on the dev branch not the master branch.
-
-**Individual contributions**: Individuals who wish to make contributions must review the [Individual Contributor License Agreement](./cla/falco_contributor_agreement.txt) and indicate agreement by adding the following line to every GIT commit message:
-
-```
-falco-CLA-1.0-signed-off-by: Joe Smith <[email protected]>
-```
-
-Use your real name; pseudonyms or anonymous contributions are not allowed.
-
-**Corporate contributions**: Employees of corporations, members of LLCs or LLPs, or others acting on behalf of a contributing entity, must review the [Corporate Contributor License Agreement](./cla/falco_corp_contributor_agreement.txt), must be an authorized representative of the contributing entity, and indicate agreement to it on behalf of the contributing entity by adding the following lines to every GIT commit message:
-
-```
-falco-CLA-1.0-contributing-entity: Full Legal Name of Entity
-falco-CLA-1.0-signed-off-by: Joe Smith <[email protected]>
-```
-
-Use a real name of a natural person who is an authorized representative of the contributing entity; pseudonyms or anonymous contributions are not allowed.
-
-**Government contributions**: Employees or officers of the United States Government, must review the [Government Contributor License Agreement](https://github.com/falcosecurity/falco/blob/dev/cla/falco_govt_contributor_agreement.txt), must be an authorized representative of the contributing entity, and indicate agreement to it on behalf of the contributing entity by adding the following lines to every GIT commit message:
-
-```
-falco-CLA-1.0-contributing-govt-entity: Full Legal Name of Entity
-falco-CLA-1.0-signed-off-by: Joe Smith <[email protected]>
-This file is a work of authorship of an employee or officer of the United States Government and is not subject to copyright in the United States under 17 USC 105.
-```
-
-Use a real name of a natural person who is an authorized representative of the contributing entity; pseudonyms or anonymous contributions are not allowed.
+See the [CONTRIBUTING.md](./CONTRIBUTING.md).