cyclonedx-gomod VS falco

CycloneDx-gomod

I am aware of the cyclonedx-gomod project, but I imagine that if the go tool got native support for sbom generation, it might also be able to provide information about vulnerable code that either are test-code only, or is not in use and does not affect a binary/module/package

CycloneDX is a software bill of material format supported by OWASP.

A good way to illustrate the complexity of this today is parsing through the several thousand lines of Ansible code devoted to dealing with APT or DNF, or how basic operations such as listing Linux packages or Go modules are handled.

https://github.com/falcosecurity/falco

Like snort, but looks at system calls.

From one noob to another - I had a lot of fun setting up Falco (https://falco.org) and creating custom policies & alerts.

Falco is a well-known open source security solution originally created by Sysdig. It’s a CNCF incubating project and one of the few (as far as I can tell) options on this list that uses eBPF to scan for vulnerabilities.

Use some kind of SIEM or Falco to alert you to threats (you can't stop them, but a human can always intervene)

Falco, is a security project that can help you detect threats from within your cluster.

https://falco.org/ is a security-focused monitoring and alerting with an eBPF option

On the cgo side I want to highlight two talks: one from Loris Cro about dealing with cross-complition difficulties, that the usage of cgo brings, using the Zig language and the other from Jason Dellaluce and Leonardo Grasso about how to extend Falco, a Kubernetes threat detection engine, which is written in C++, with plugins written in Go, explaining the challenges of integrating cgo in both C and Go.