fix 404 broken links + add a workflow to checks the links

Signed-off-by: Thomas Labarussias <issif+github@gadz.org>
falcosecurity · Jan 22, 2025 · 7856d69 · 7856d69
1 parent 79071a9
commit 7856d69
Show file tree

Hide file tree

Showing 12 changed files with 45 additions and 24 deletions.
diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml
@@ -0,0 +1,23 @@
+name: Links
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  linkChecker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Link Checker
+        uses: lycheeverse/lychee-action@f796c8b7d468feb9b8c0a46da3fac0af6874d374 #v2.2.0
+        with:
+          args: --no-progress --offline './content/en/**/*.md'
+          fail: true
diff --git a/content/en/blog/atomic-red-falco/index.md b/content/en/blog/atomic-red-falco/index.md
@@ -315,8 +315,6 @@ Hurrah! We detected the boot initialization scripts with the above command. To r
 Invoke-AtomicTest T1037.004 -ShowDetails
 ```
 
-![](images/re-local.png)
-
 We can see from the command that it is using the 'python3' command to run Python scripts. However, the script itself is executed as a base64-encoded string to evade some traditional detection tools.
 
 

diff --git a/content/en/blog/falcosidekick-2-29-0/index.md b/content/en/blog/falcosidekick-2-29-0/index.md
@@ -50,7 +50,7 @@ After a demo of Falco at a CNCF Meetup, the [Quickwit](https://quickwit.io/) tea
 
 ### Falco Talon
 
-New born in the Falco ecosystem, trying to complete the last missing piece: the reaction. You can now forward the Falco events to [Falco Talon](https//docs.falco-talon.org), a tailor made no-code response engine for Falco. The project is still in alpha stage, but moves quickly. Stay tuned.
+New born in the Falco ecosystem, trying to complete the last missing piece: the reaction. You can now forward the Falco events to [Falco Talon](https://docs.falco-talon.org), a tailor made no-code response engine for Falco. The project is still in alpha stage, but moves quickly. Stay tuned.
 
 ![](images/falco-talon.png)
 

diff --git a/content/en/docs/_index.md b/content/en/docs/_index.md
@@ -10,7 +10,7 @@ aliases:
 
 Falco is a cloud native security tool that provides runtime security across hosts, containers, Kubernetes, and cloud environments. It is designed to detect and alert on abnormal behavior and potential security threats in real-time.
 
-At its core, Falco is a monitoring and detection agent that observes events (such as [Linux kernel events](event-sources/kernel) and other data sources through [plugins](plugins)) and delivers real-time alerts based on custom rules. Falco also enhances these events by integrating contextual metadata from container runtimes and Kubernetes. The generated alert events can be forwarded to other components to take action or be analyzed in SIEM or data lake systems for further investigation.
+At its core, Falco is a monitoring and detection agent that observes events (such as [Linux kernel events](/docs/concepts/event-sources/kernel) and other data sources through [plugins](/docs/concepts/plugins)) and delivers real-time alerts based on custom rules. Falco also enhances these events by integrating contextual metadata from container runtimes and Kubernetes. The generated alert events can be forwarded to other components to take action or be analyzed in SIEM or data lake systems for further investigation.
 
 Falco, originally created by [Sysdig](https://sysdig.com), is now a graduate [Cloud Native Computing Foundation](https://cncf.io) (CNCF) project used in production by various [organisations](https://github.com/falcosecurity/falco/blob/master/ADOPTERS.md).
 
@@ -23,9 +23,9 @@ Falco uses syscalls to monitor a system's activity, by:
  - Asserting the stream against a powerful rules engine
  - Alerting when a rule is violated
 
-For more information, see Falco [Rules](rules).
+For more information, see Falco [Rules](/docs/concepts/rules).
 
-Falco's monitoring capabilities are not limited to syscalls as it can be extended via [plugins](plugins) to ingest data from many more types of sources.
+Falco's monitoring capabilities are not limited to syscalls as it can be extended via [plugins](/docs/concepts/plugins) to ingest data from many more types of sources.
 
 ## What does Falco check for?
 
@@ -47,11 +47,11 @@ Falco ships with a default set of rules that check the kernel for unusual behavi
 
 ## What are Falco rules?
 
-Rules are the conditions under which an alert should be generated. A rule is accompanied by a descriptive output string sent with the alert. They are defined using YAML files and loaded by the Falco configuration file. For more information about writing, managing, and deploying rules, see Falco [Rules](rules).
+Rules are the conditions under which an alert should be generated. A rule is accompanied by a descriptive output string sent with the alert. They are defined using YAML files and loaded by the Falco configuration file. For more information about writing, managing, and deploying rules, see Falco [Rules](/docs/concepts/rules).
 
 ## What are Falco alerts?
 
-Alerts are configurable downstream actions that can be as simple as logging to `stdout` or as complex as delivering a {{< glossary_tooltip text="gRPC" term_id="grpc" >}} call to a client. For more information about configuring, understanding, and developing alerts, see [Falco Alerts](alerts). Falco can send alerts to:
+Alerts are configurable downstream actions that can be as simple as logging to `stdout` or as complex as delivering a {{< glossary_tooltip text="gRPC" term_id="grpc" >}} call to a client. For more information about configuring, understanding, and developing alerts, see [Falco Outputs](/docs/concepts/outputs). Falco can send alerts to:
 
 - Standard Output
 - A file
@@ -66,17 +66,17 @@ Falco is composed of several main components:
 
  - Userspace program - is the CLI tool `falco` that you can use to interact with Falco. The userspace program handles signals, parses information from a Falco driver, and sends alerts.
 
- - Configuration - defines how Falco is run, what rules to assert, and how to perform alerts. For more information, see [Configuration](configuration).
+ - Configuration - defines how Falco is run, what rules to assert, and how to perform alerts. For more information, see [Configuration](/docs/reference/daemon/config-options).
 
  - Driver - is a software that adheres to the Falco driver specification and sends a stream of kernel events. Currently, Falco supports the following drivers:
 
     - (Default) Modern eBPF probe (CO-RE paradigm and more)
     - Legacy eBPF probe built
     - Kernel module
 
-    For more information, see [Falco Drivers](event-sources/drivers).
+    For more information, see [Falco Event Sources](/docs/concepts/event-sources).
 
- - Plugins - allow to extend the functionality of Falco by adding new event sources and new fields that can extract information from events. For more information, see [Plugins](plugins).
+ - Plugins - allow to extend the functionality of Falco by adding new event sources and new fields that can extract information from events. For more information, see [Plugins](/docs/concepts/plugins).
 
  - [Falcoctl](https://github.com/falcosecurity/falcoctl) - allows to easily install rules and plugins and perform administrative tasks with Falco. It is bundled together with Falco.
 

diff --git a/content/en/docs/concepts/event-sources/plugins/_index.md b/content/en/docs/concepts/event-sources/plugins/_index.md
@@ -11,9 +11,9 @@ Since the introduction of the [Plugin System](/docs/plugins), additional event s
 
 Examples of event source defined by offically-supported plugins are:
 
-* [Kubernetes Audit Events](kubernetes-audit)
-* [AWS CloudTrail](cloudtrail)
-* [Okta](okta)
+* [Kubernetes Audit Events](/docs/concepts/event-sources/plugins/kubernetes-audit)
+* [AWS CloudTrail](/docs/concepts/event-sources/plugins/cloudtrail)
+* [Okta](/docs/concepts/event-sources/plugins/okta)
 
 In addition to these plugins hosted by the Falcosecurity organization, others have written third-party [plugins](https://github.com/falcosecurity/plugins#readme) that support additional event sources. Please refer to the [official Plugin Registry](https://github.com/falcosecurity/plugins/blob/master/registry.yaml) for the most up-to-date information regarding the Falco plugins acknowledged by the community.
 

diff --git a/content/en/docs/developer-guide/grpc/_index.md b/content/en/docs/developer-guide/grpc/_index.md
@@ -11,7 +11,7 @@ Starting from version [0.18.0](https://github.com/falcosecurity/falco/releases/t
 
 The current APIs are:
 
-- [schema definition](outputs): get or subscribe to Falco output events.
-- [schema definition](version): retrieve the Falco version.
+- [schema definition](/docs/developer-guide/grpc/outputs): get or subscribe to Falco output events.
+- [schema definition](/docs/developer-guide/grpc/version): retrieve the Falco version.
 
 In order to interact with these APIs, the The Falco Project provides a [Golang SDK](/docs/grpc/client-go).
diff --git a/content/en/docs/getting-started/kubernetes-quickstart.md b/content/en/docs/getting-started/kubernetes-quickstart.md
@@ -157,7 +157,7 @@ kubectl exec -it $(kubectl get pods --selector=app=nginx -o name) -- cat /etc/sh
 
 You should see an event appearing in the Falcosidekick UI
 
-![Falcosidekick Event](../images/falcosidekick-event.png)
+![Falcosidekick Event](/docs/getting-started/images/falcosidekick-event.png)
 
 The Falcosidekick UI can be used to quickly display events but most likely on a production system you will want to forward events to a centralized location. Falcosidekick supports more than 60 integrations. You can find an example below but you can refer to [the forwarding documentation](/docs/outputs/forwarding/) to learn more.
 
@@ -174,7 +174,7 @@ helm upgrade --namespace falco falco falcosecurity/falco \
 
 If Slack is configured correctly, when an event is triggered you should receive a message like the following:
 
-![Slack output](../images/slack-output.png)
+![Slack output](/docs/getting-started/images/slack-output.png)
 
 ## Cleanup
 

diff --git a/content/en/docs/metrics/performance.md b/content/en/docs/metrics/performance.md
@@ -19,7 +19,7 @@ The Falco Project provides guidance on some of these aspects, and there are ongo
 
 ## Resource Utilization and System Impact
 
-The Falco Project provides native support for measuring resource utilization and statistics, including event drop counters, kernel tracepoint invocation counters, timeouts, and internal state handling. More detailed information is given in the [Falco Metrics](../falco-metrics/) Guide.
+The Falco Project provides native support for measuring resource utilization and statistics, including event drop counters, kernel tracepoint invocation counters, timeouts, and internal state handling. More detailed information is given in the [Falco Metrics](/docs/metrics/) Guide.
 
 ### CPU and Memory Utilization
 
@@ -36,7 +36,7 @@ Top metrics:
 
 Beyond monitoring the tool's utilization, check if your applications perform as before. This evaluation could include overall network, I/O, or general contention metrics.
 
-Read [Falco Metrics](../falco-metrics/) next.
+Read [Falco Metrics](/docs/metrics) next.
 
 ### Server Load and Falco Event Drops
 

diff --git a/content/en/docs/setup/container.md b/content/en/docs/setup/container.md
@@ -11,7 +11,7 @@ weight: 20
 {{% pageinfo color="primary" %}}
 Falco consumes streams of events and evaluates them against a set of security {{< glossary_tooltip text="rules" term_id="rules" >}} to detect abnormal behavior. By default, Falco is preconfigured to consume events from the Linux Kernel. This scenario requires Falco to be privileged, and depending on the kernel version installed on the node, a {{< glossary_tooltip text="driver" term_id="drivers" >}} will be installed on the node. Since orchestration systems like Kubernetes are out of scope for this section, it's up to the user to manage the container lifecycle and deployment across the nodes.
 
-For other installation scenarios, such as consuming cloud events or other data sources using plugins, please refer to the [Plugins](docs/plugins/) section.
+For other installation scenarios, such as consuming cloud events or other data sources using plugins, please refer to the [Plugins](/docs/concepts/plugins/) section.
 {{% /pageinfo %}}
 
 ## Install

diff --git a/content/en/docs/setup/kubernetes.md b/content/en/docs/setup/kubernetes.md
@@ -12,7 +12,7 @@ weight: 10
 {{% pageinfo color="primary" %}}
 Falco consumes streams of events and evaluates them against a set of security {{< glossary_tooltip text="rules" term_id="rules" >}} to detect abnormal behavior. By default, Falco is preconfigured to consume events from the Linux Kernel. This default installation scenario will add Falco to all nodes in your cluster using a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/). This scenario requires Falco to be privileged, and depending on the kernel version installed on the node, a {{< glossary_tooltip text="driver" term_id="drivers" >}} will be installed on the node.
 
-For other installation scenarios, such as consuming cloud events or other data sources using plugins, please refer to the [Plugins](docs/plugins/) section.
+For other installation scenarios, such as consuming cloud events or other data sources using plugins, please refer to the [Plugins](/docs/concepts/plugins/) section.
 {{% /pageinfo %}}
 
 The recommended way to deploy Falco on a Kubernetes cluster is to use the provided Helm chart. The official Falco charts repository is hosted at:

diff --git a/content/en/docs/setup/packages.md b/content/en/docs/setup/packages.md
@@ -11,7 +11,7 @@ weight: 30
 {{% pageinfo color="primary" %}}
 Falco consumes streams of events and evaluates them against a set of security {{< glossary_tooltip text="rules" term_id="rules" >}} to detect abnormal behavior. By default, Falco is preconfigured to consume events from the Linux Kernel. This scenario requires Falco to be privileged, and depending on the kernel version installed on the host, a {{< glossary_tooltip text="driver" term_id="drivers" >}} needs to be installed.
 
-For other installation scenarios, such as consuming cloud events or other data sources using plugins, please refer to the [Plugins](docs/plugins/) section.
+For other installation scenarios, such as consuming cloud events or other data sources using plugins, please refer to the [Plugins](/docs/concepts/plugins/) section.
 {{% /pageinfo %}}
 
 There are two main methods to install Falco on your host using the [released Falco packages](/docs/download):

diff --git a/content/en/docs/setup/tarball.md b/content/en/docs/setup/tarball.md
@@ -7,7 +7,7 @@ weight: 40
 {{% pageinfo color="primary" %}}
 Falco consumes streams of events and evaluates them against a set of security {{< glossary_tooltip text="rules" term_id="rules" >}} to detect abnormal behavior. By default, Falco is preconfigured to consume events from the Linux Kernel. This scenario requires Falco to be privileged, and depending on the kernel version installed on the host, a {{< glossary_tooltip text="driver" term_id="drivers" >}} needs to be installed.
 
-For other installation scenarios, such as consuming cloud events or other data sources using plugins, please refer to the [Plugins](docs/plugins/) section.
+For other installation scenarios, such as consuming cloud events or other data sources using plugins, please refer to the [Plugins](/docs/concepts/plugins/) section.
 {{% /pageinfo %}}
 
 There are two main methods to install Falco on your host using the [released Falco packages](/docs/download):
-Original file line number
+Diff line change
@@ Expand Up @@
     Invoke-AtomicTest T1037.004 -ShowDetails
     ```
-    ![](images/re-local.png)
     We can see from the command that it is using the 'python3' command to run Python scripts. However, the script itself is executed as a base64-encoded string to evade some traditional detection tools.
@@ Expand Down @@