diff --git a/kubezero/falco/:w b/kubezero/falco/:w
new file mode 100644
index 0000000..d8a4a63
--- /dev/null
+++ b/kubezero/falco/:w
@@ -0,0 +1,73 @@
+# Contributor: Stefan Reimer <stefan@zero-downtime.net>
+# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
+pkgname=falco
+pkgver=0.36.2
+pkgrel=0
+pkgdesc="Falco is the open source solution for runtime security for hosts, containers, Kubernetes and the cloud"
+url="https://github.com/falcosecurity/falco"
+arch="x86_64 aarch64"
+license="AGPL-3.0"
+makedepends="cmake linux-headers bash perl autoconf elfutils-dev libtool argp-standalone musl-fts-dev musl-libintl musl-obstack-dev
+             protobuf-dev jq-dev openssl-dev curl-dev c-ares-dev grpc-dev yaml-dev yaml-cpp-dev zlib-dev jsoncpp-dev re2-dev onetbb-dev@edge-community"
+options="!check"
+depends="falco-kernel~$pkgver"
+
+# Original config
+# https://raw.githubusercontent.com/falcosecurity/rules/main/rules/falco_rules.yaml
+# https://raw.githubusercontent.com/falcosecurity/falco/master/falco.yaml
+
+source="
+  $pkgname-$pkgver.tar.gz::https://github.com/falcosecurity/falco/archive/refs/tags/$pkgver.tar.gz
+  alpine.patch
+  falco.patch
+  rules.patch
+  "
+
+prepare() {
+  [[ -d build ]] || mkdir build
+
+  # Disable static binaries
+  patch -i $srcdir/alpine.patch
+}
+
+build() {
+  cd build
+
+  cmake \
+    -DCPACK_GENERATOR=TGZ \
+    -DCMAKE_BUILD_TYPE=Release \
+    -DFALCO_VERSION=$pkgver \
+    -DCMAKE_INSTALL_PREFIX=/usr \
+    -DFALCO_ETC_DIR=/etc/falco \
+    -DUSE_BUNDLED_DEPS=Off \
+    -DBUILD_SHARED_LIBS=On \
+    -DMUSL_OPTIMIZED_BUILD=On \
+    -DBUILD_DRIVER=Off \
+    -DBUILD_BPF=Off \
+    -DBUILD_LIBSCAP_MODERN_BPF=Off \
+    ..
+
+  make falco falcoctl
+}
+
+package() {
+  cd build
+  make DESTDIR="${pkgdir}" install
+
+  # patch falco config
+  cd $pkgdir/etc/falco
+  patch -i $srcdir/falco.patch
+  patch -i $srcdir/rules.patch
+  
+  # We dont build anything on targets so remove sources
+  rm -rf $pkgdir/usr/src
+  rm -rf $pkgdir/usr/lib
+  rm -rf $pkgdir/usr/include
+}
+
+sha512sums="
+a3fef235ab4f3121bd0400827712652530ec417498c44ada8b6bf565f7631d035673b53dad94ea6ae9c854d45202ed71b2771f19e0c92eea3fc3503e5b75b02e  falco-0.36.2.tar.gz
+8ff7a677f723f2d4a09808939500ddff81f15b8a62a2e091d8042765d105d30b67f9993d05ef129dfad6c866ea37d608a3ae9bc7e99730995542f8b5181ba594  alpine.patch
+b152fcf6cd81895efa37797ab7ff1aac7350b5f51f2648aa9e3cce9d5ece55791ddf82c396e9da216293e2379a785a294cc972f28a91162dc5bc88ab09e1ab08  falco.patch
+d8f71ca7c6d854a866826b3f2f5630b6f30448f794c4c5a56a9ea656ee03c3645a1cf7663b5e79d3ea63d4fab8bd44f91a80b1752c8239c8310efa08b495f2e2  rules.patch
+"
diff --git a/kubezero/falco/APKBUILD b/kubezero/falco/APKBUILD
index 5536000..b2eb0c1 100644
--- a/kubezero/falco/APKBUILD
+++ b/kubezero/falco/APKBUILD
@@ -7,7 +7,6 @@ pkgdesc="Falco is the open source solution for runtime security for hosts, conta
 url="https://github.com/falcosecurity/falco"
 arch="x86_64 aarch64"
 license="AGPL-3.0"
-# These deps are for BUNLDE_DEPS=On
 makedepends="cmake linux-headers bash perl autoconf elfutils-dev libtool argp-standalone musl-fts-dev musl-libintl musl-obstack-dev
              protobuf-dev jq-dev openssl-dev curl-dev c-ares-dev grpc-dev yaml-dev yaml-cpp-dev jsoncpp-dev re2-dev"
 options="!check"
@@ -33,13 +32,21 @@ prepare() {
 
 build() {
   cd build
-  cmake .. \
+
+  cmake \
+    -DCPACK_GENERATOR=TGZ \
     -DCMAKE_BUILD_TYPE=Release \
     -DFALCO_VERSION=$pkgver \
     -DCMAKE_INSTALL_PREFIX=/usr \
+    -DFALCO_ETC_DIR=/etc/falco \
+    -DMINIMAL_BUILD=On \
     -DUSE_BUNDLED_DEPS=Off \
-    -DBUILD_DRIVER=Off \
     -DMUSL_OPTIMIZED_BUILD=On \
+    -DBUILD_DRIVER=Off \
+    -DBUILD_BPF=Off \
+    -DBUILD_LIBSCAP_MODERN_BPF=Off \
+    ..
+    #-DBUILD_SHARED_LIBS=On \
 
   make falco falcoctl
 }
@@ -61,7 +68,7 @@ package() {
 
 sha512sums="
 dc648d9b0a625a02320ff0235bbf4f4940e7ba40c684a8a1f972d34f0a3447b4a34e665d7fbc0ee1ec9a014f65f81a304dc76b4ec804fc7b4e448f330b9474af  falco-0.35.1.tar.gz
+8ff7a677f723f2d4a09808939500ddff81f15b8a62a2e091d8042765d105d30b67f9993d05ef129dfad6c866ea37d608a3ae9bc7e99730995542f8b5181ba594  alpine.patch
 b152fcf6cd81895efa37797ab7ff1aac7350b5f51f2648aa9e3cce9d5ece55791ddf82c396e9da216293e2379a785a294cc972f28a91162dc5bc88ab09e1ab08  falco.patch
 d8f71ca7c6d854a866826b3f2f5630b6f30448f794c4c5a56a9ea656ee03c3645a1cf7663b5e79d3ea63d4fab8bd44f91a80b1752c8239c8310efa08b495f2e2  rules.patch
-a067c340269b50354d8eff5cdcf1d60799819b8c20f2f4615af71746eb430d7db320062aa033b75822d4cb3fc2bc73f69d3a0b3ddaba5610155b630e28af6105  alpine.patch
 "
diff --git a/kubezero/falco/alpine.patch b/kubezero/falco/alpine.patch
index 271c256..9a0b7df 100644
--- a/kubezero/falco/alpine.patch
+++ b/kubezero/falco/alpine.patch
@@ -5,7 +5,7 @@
  
  if(MUSL_OPTIMIZED_BUILD)
 -  set(MUSL_FLAGS "-static -Os -fPIE -pie")
-+  set(MUSL_FLAGS "-Os -fPIE -pie")
++  set(MUSL_FLAGS "-fPIE -pie")
    add_definitions(-DMUSL_OPTIMIZED)
  endif()