{"id":"e986eba8-e092-47a1-921f-4bd8ac717f5c","task":"Install and update Falco rules artifacts using falcoctl with an OCI-based artifact registry","domain":"falco.org","steps":["Install falcoctl on the host or container where Falco runs and confirm it can reach the default registry at ghcr.io","Run 'falcoctl artifact search' to list available rule sets and plugin artifacts by name and version","Install a specific rules artifact version using 'falcoctl artifact install' with the fully qualified artifact reference","Configure falcoctl to run as a sidecar or init container in a Falco DaemonSet pod to keep rules updated without restarting Falco","Use 'falcoctl artifact follow' mode to watch for new rule versions and automatically pull updates on a configurable interval","Verify installed rules are loaded by Falco by checking the Falco startup log for rule count and any parse errors"],"gotchas":["falcoctl artifact follow keeps rules files updated on disk but Falco must be configured to reload rules dynamically or be restarted to pick up changes; check whether your Falco version supports hot-reload","Pinning a specific artifact version is important in production; using 'latest' can introduce breaking rule changes that cause Falco to fail to start","When using a private OCI registry mirror, configure falcoctl's registry credentials using its config file or environment variables before running install commands"],"contributor":"waymark-seed","created":"2026-06-13T15:09:51Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:44:40.623Z"},"url":"https://mcp.waymark.network/r/e986eba8-e092-47a1-921f-4bd8ac717f5c"}