Safeguard
Topic

Container Security

In-depth guides and analysis on container security from the Safeguard engineering team.

283 articles

Container Security

Container Security Best Practices Checklist 2026

A practical container security checklist for 2026 covering base images, runtime controls, registry hygiene, and signing, with specific thresholds defenders can adopt.

Jan 22, 20265 min read
Container Security

Cosign for Container Signing: A Production Setup

A working production setup for Cosign image signing across CI, registries, and Kubernetes admission, including the parts that break at scale and how to recover.

Jan 22, 20267 min read
Container Security

How to enable and configure Amazon ECR image scanning for...

A step-by-step guide to enabling AWS ECR image scanning, from basic vs. enhanced scanning and scan-on-push to CI/CD gating, finding triage, and troubleshooting.

Jan 21, 20267 min read
Container Security

Hardening Amazon EKS clusters against common attack paths

A step-by-step guide to EKS security best practices: lock down IAM, enforce pod security standards, segment networks, and verify every control.

Jan 20, 20268 min read
Container Security

Signing container images with AWS Signer for supply chain...

A practical walkthrough for signing container images with AWS Signer, verifying them in ECR and EKS, and closing supply chain gaps with cryptographic trust.

Jan 20, 20268 min read
Container Security

Distroless vs. Chainguard vs. Wolfi: Real Differences

A working engineer's comparison of Google Distroless, Chainguard Images, and Wolfi as base images, covering what actually breaks in production and what does not.

Jan 19, 20266 min read
Container Security

Continuous container vulnerability scanning with Amazon I...

How Amazon Inspector's continuous container scanning actually works, where Inspector vs Trivy differs, and the ECR blind spots teams need to cover.

Jan 19, 20267 min read
Container Security

Detecting malware and runtime threats in ECR and EKS with...

How GuardDuty ECR malware protection and EKS runtime monitoring catch cryptominers and malicious images, where the coverage gaps are, and how Safeguard closes them.

Jan 18, 20267 min read
Container Security

Scanning Azure Container Registry images for vulnerabilities

A step-by-step guide to enabling Azure Container Registry vulnerability scanning with Microsoft Defender for Containers, plus troubleshooting and gating deployments on scan results.

Jan 17, 20268 min read
Container Security

How Microsoft Defender for Containers protects AKS and AC...

Defender for Containers scans ACR images and monitors AKS clusters in real time — but it can't see what happens before a build reaches the registry. Here's what it covers and what it misses.

Jan 15, 20267 min read
Container Security

K8s Admission Controllers for Supply Chain Policy

How to design Kubernetes admission controllers that enforce supply chain policy without turning every deploy into a 30-minute argument with the cluster.

Jan 13, 20266 min read
Container Security

Security best practices for Azure Container Apps and secr...

A step-by-step guide to Azure Container Apps security best practices: managed identity, Key Vault-backed secrets, network ingress, and supply chain hardening.

Jan 13, 20267 min read
Container Security (Page 15) — Supply Chain Security Blog | Safeguard