Sysdig is Built on Open Source

Open source is where we started. Like the modern software stack, our platform relies on open source standards.

Sysdig Icon - Guide
Join Sysdig’s Open Source Community

We Invest in Open Source

We created Falco and Sysdig OSS to make cloud detection and response technology accessible to everyone. We continue to contribute time, leadership, and code to these and other important projects.

The Future of Security is Open

Security is moving faster than ever. We all need to work together to stay ahead of threats.

Sysdig Fits In

Open source drives standardization that protects your investment. Our platform works with the tools your developers and security teams are using today.

Check Our Work

Open source means that anyone can inspect, verify, and improve the code. Every user benefits from community contributions and best practices.

“I really like that Sysdig is so active with open source. Sysdig has open source projects for both security and monitoring. Then there is an enterprise version that fits nicely once you progress through the open source tools. Being a good community member and driver is important to me.”

Bernd Malmqvist

Principal Container Platform Engineer, Worldpay

Open source projects we use



The cloud-native standard for threat and anomaly detection, created by Sysdig and contributed to the CNCF. Learn More

Sysdig OSS

Sysdig OSS

The cloud-native standard for digital forensics and incident response (DFIR) and troubleshooting. Learn More


The cloud-native standard for monitoring metrics and queries. Learn More

Open Policy Agent


A unified toolset and framework for cloud-native policy. Sysdig Secure uses OPA to manage compliance and governance policies as code for Kubernetes. Learn More



The modern standard for capturing system calls from the Linux kernel. Learn More

Our Open Source Journey


Sysdig OSS

Sysdig launches Sysdig OSS for Linux visibility.


Sysdig launches Falco, the open source Kubernetes runtime security project.


Sysdig launches support for Prometheus metrics.


Sysdig contributes Falco as a sandbox project to the CNCF.

Sysdig OSS/eBPF

Sysdig open source reaches 10 million downloads and introduces eBPF instrumentation.


Falco adoption grows and is accepted as an incubation-level CNCF-hosted project.


Sysdig introduces, a curated list of enterprise-class Prometheus monitoring projects.


Sysdig contributes the Falco call capture stack to CNCF. The Falco community adds cloud security monitoring functionality.

Falco/Sysdig OSS

The Falco community launches a plug-in framework; Sysdig OSS adopts Falco plug-ins.


Sysdig becomes the primary sponsor of Wireshark.

Open Source Project Spotlights

Falco Rules

Get started with community-sourced rules for threat detection, and then customize to your environment.

Learn More

Use this standardized approach to extend threat detection with any event stream.

Learn More

The Sysdig open source forensic tool captures system activity. Troubleshoot and triage containers for malicious behavior.

Learn More

Run PromQL queries and build infrastructure views with PromQL Query Explorer, a capability from Sysdig.

Check out this curated catalog of Prometheus monitoring integrations, which includes documentation and customer support from Sysdig.

Learn More

Leveraging eBPF, Falco and Sysdig enable and extend kernel functionality using the principle of least privilege.

Packets don’t lie. Troubleshoot networks with this popular packet analyzer, now part of Sysdig’s open source technology portfolio.

Learn More

Embracing Open Source Tools


Sysdig Monitor collects metrics about your environment from our eBPF-based agent. Sysdig created a Falco eBPF probe and contributed it to the CNCF.

Falco/gVisor Integration

Falco users can monitor security events from gVisor to detect threats and audit containers.


Sysdig Secure extends OPA to enforce consistent policies across infrastructure as code and Kubernetes using policy as code.


Sysdig Monitor extends Prometheus via a managed service that scales with native compatibility, including PromQL and exporter support.

"Falco is the de facto security solution. By using Falco, we knew we were adopting a standard for cloud and container runtime security. Being able to tap into the Falco open source community, and documentation was extremely helpful. Our Vice President also helped support our efforts to continue to evolve."

Michal Pazucha

Security Architect, Beekeeper

Committed to Open Source Communities

Sysdiggers actively participate in the open source community at large, helping define modern and secure software development. We are proud members of these organizations. We invite you to join us in helping them grow and thrive.

Cloud Native Computing Foundation

Sysdig is a silver member of the CNCF and participates in many of its programs, events, and member benefits.


Sysdig is a silver sponsor of the Linux Foundation.

Open Source Security Foundation (OpenSSF)

Sysdig is a general member of the OpenSSF.

Wireshark Organization

Sysdig is the primary sponsor of the Wireshark tool and the SharkFest conference.