A Falco Plugin for Rekor Transparency Log Server
You need to install Falco on your environment.
$ make allNext, you need to spin up your Falco instance with plugin enabled, to do that run the following command below:
$ falco -r example-rule.yaml -c falco.yamlDo not forget to replace the email adress within the example-rule.yaml to verify it is working. Also make sure to change the library path in the falco.yaml to the directory your falco-rekor plugin
Once Falco is up and running, you should sign something with cosign with experimental mode enabled:
$ COSIGN_EXPERIMENTAL=1 cosign sign devopps/alpine:3.15.0Once the process finished, you should be able to see the alert triggerred by Falco.
If you are running OSX environment you can use lima to use this plugin. Lima allows us to create linux environment on OSX. See osx.md