-
Notifications
You must be signed in to change notification settings - Fork 912
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Offer Falco rules json schema to schemastore.org #3432
Comments
Hi, You can get the schema directly from Falco with {
"$schema": "http://json-schema.org/draft-06/schema#",
"definitions": {
"Alternative": {
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"version": {
"type": "string"
}
},
"required": [
"name",
"version"
],
"title": "Alternative",
"type": "object"
},
"Exception": {
"additionalProperties": false,
"properties": {
"comps": {},
"fields": {},
"name": {
"type": "string"
},
"values": {}
},
"required": [
"name",
"values"
],
"title": "Exception",
"type": "object"
},
"FalcoRule": {
"additionalProperties": false,
"properties": {
"append": {
"type": "boolean"
},
"condition": {
"type": "string"
},
"desc": {
"type": "string"
},
"enabled": {
"type": "boolean"
},
"exceptions": {
"items": {
"$ref": "#/definitions/Exception"
},
"type": "array"
},
"items": {
"items": {
"$ref": "#/definitions/Item"
},
"type": "array"
},
"list": {
"type": "string"
},
"macro": {
"type": "string"
},
"output": {
"type": "string"
},
"override": {
"$ref": "#/definitions/Override"
},
"priority": {
"$ref": "#/definitions/Priority"
},
"required_engine_version": {
"type": "string"
},
"required_plugin_versions": {
"items": {
"$ref": "#/definitions/RequiredPluginVersion"
},
"type": "array"
},
"rule": {
"type": "string"
},
"source": {
"type": "string"
},
"tags": {
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [],
"title": "FalcoRule",
"type": "object"
},
"Item": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"title": "Item"
},
"OverriddenItem": {
"enum": [
"append",
"replace"
],
"title": "Priority",
"type": "string"
},
"Override": {
"additionalProperties": false,
"minProperties": 1,
"properties": {
"condition": {
"$ref": "#/definitions/OverriddenItem"
},
"desc": {
"$ref": "#/definitions/OverriddenItem"
},
"enabled": {
"$ref": "#/definitions/OverriddenItem"
},
"exceptions": {
"$ref": "#/definitions/OverriddenItem"
},
"items": {
"$ref": "#/definitions/OverriddenItem"
},
"output": {
"$ref": "#/definitions/OverriddenItem"
},
"priority": {
"$ref": "#/definitions/OverriddenItem"
}
},
"title": "Override",
"type": "object"
},
"Priority": {
"enum": [
"EMERGENCY",
"ALERT",
"CRITICAL",
"ERROR",
"WARNING",
"NOTICE",
"INFO",
"INFORMATIONAL",
"DEBUG"
],
"title": "Priority",
"type": "string"
},
"RequiredPluginVersion": {
"additionalProperties": false,
"properties": {
"alternatives": {
"items": {
"$ref": "#/definitions/Alternative"
},
"type": "array"
},
"name": {
"type": "string"
},
"version": {
"type": "string"
}
},
"required": [
"name",
"version"
],
"title": "RequiredPluginVersion",
"type": "object"
}
},
"items": {
"$ref": "#/definitions/FalcoRule"
},
"type": "array"
} We need to update the version used by the playground, thanks for this notice cc @LucaGuerra |
Thank you! That's very useful. Although, it would still be useful if it was available in the schemastore as it can be integrated with most editors. |
Hey @ctdfo I appreciate your suggestion. I agree it would be valuable, and I intend to work on it 🙏 |
Tentatively for |
Thank you very much! I appreciate it 😊 |
Motivation
We are trying to validate our custom Falco rules but there's no official Falco rules json schema to validate our rules.
Feature
Create an official Falco rules json schema that is available in the schemastore: https://www.schemastore.org/json/
Alternatives
Additional context
This schema already exists: https://github.com/falcosecurity/falco-playground/blob/main/src/components/Editor/falcoSchema.json
override
and it forces overriden rules to still havedesc
,output
andpriority
The text was updated successfully, but these errors were encountered: