diff --git a/README.md b/README.md
index a609b64..30a8138 100644
--- a/README.md
+++ b/README.md
@@ -374,6 +374,7 @@ A collection of delicious docker recipes.
 - [x] quay.io/coreos/etcd
 - [x] audreyt/ethercalc
 - [x] facefusion/facefusion
+- [x] falcosecurity/falco
 - [x] flogo/flogo-docker
 - [x] mher/flower
 - [x] fluent/fluent-bit
diff --git a/falco/README.md b/falco/README.md
new file mode 100644
index 0000000..1111fa5
--- /dev/null
+++ b/falco/README.md
@@ -0,0 +1,7 @@
+falco
+=====
+
+[Falco][1] is a cloud native security tool that provides runtime security across
+hosts, containers, Kubernetes, and cloud environments.
+
+[1]: https://github.com/falcosecurity/falco
diff --git a/falco/docker-compose.yml b/falco/docker-compose.yml
new file mode 100644
index 0000000..b7cf7e3
--- /dev/null
+++ b/falco/docker-compose.yml
@@ -0,0 +1,14 @@
+services:
+  falco:
+    image: falcosecurity/falco:0.40.0-debian
+    volumes:
+    - /etc:/host/etc
+    - /proc:/host/proc:ro
+    - /var/run/docker.sock:/host/var/run/docker.sock
+    cap_drop:
+    - ALL
+    cap_add:
+    - SYS_ADMIN
+    - SYS_RESOURCE
+    - SYS_PTRACE
+    restart: unless-stopped