This is a simple tool to view Falco rules, macros, and lists, and their dependencies.
The application is a static single-page application that can be deployed to any static hosting provider.
docker run -d -p 3000:3000 --name=falco-rules-viewer ghcr.io/0snug0/falco-rules-viewer:main
Open http://localhost:3000 in your browser.
You will need to copy your rules to the rules/ directory. Any yaml file will work. The rules are not being deduplicated or following any of the override logic built into falco.
docker run -d -p 3000:3000 --volume ./rules/:/app/rules/ --name=falco-rules-viewer ghcr.io/0snug0/falco-rules-viewer:main
Open http://localhost:3000 in your browser.
The Falco rules, macros, and lists are parsed from the YAML files in the rules/ directory. This data is then used to generate a static data.json file that is served with the frontend.
To run the application locally, you need to have Node.js and npm installed.
-
Install dependencies:
cd frontend npm install -
Run the development server:
npm start
This will start a development server and open the application in your browser. The
data.jsonfile is not generated in this mode, so the application will not be able to fetch the data. To fix this, you can run the following command in a separate terminal from thefalco-rules-viewerdirectory:python3 generate_data.py
To build the container, be sure to add your custom rules to the rules directory first. Once added to that folder you can build and run your container
docker build -t falco-rules-viewer .
docker run -p 3000:3000 falco-rules-viewer
If using the Sysdig Feed, remove the falco_rules.yaml file from the rules/ directory and add the new rules, it can be any yaml file. After adding the new rules, you need to rebuild the application.
