Safeguard
Topic

Container Security

In-depth guides and analysis on container security from the Safeguard engineering team.

283 articles

Container Security

Hardening Google Kubernetes Engine clusters against attacks

A step-by-step guide to GKE security best practices: private clusters, Workload Identity, Shielded Nodes, Binary Authorization, and verification checks for real audits.

Jan 13, 20267 min read
Container Security

Enforcing signed and attested container images with Binar...

A step-by-step guide to enforcing signed, attested container images in GKE with Binary Authorization — from attestor setup to policy enforcement and troubleshooting.

Jan 12, 20268 min read
Container Security

How Container Threat Detection identifies runtime attacks...

How Container Threat Detection GCP watches GKE kernels for reverse shells, added binaries, and privilege escalation—and why runtime signals catch what image scanning can't.

Jan 10, 20266 min read
Container Security

Comparing security models of GKE Autopilot versus Standar...

GKE Autopilot security vs Standard clusters draw the shared-responsibility line very differently. Here's what changes for pod security and hardening.

Jan 9, 20267 min read
Container Security

Implementing keyless container image signing with Cosign ...

A hands-on guide to Cosign keyless signing GCP setups with Sigstore, Workload Identity Federation, and Cloud Build — sign and verify images with no key management.

Jan 9, 20267 min read
Container Security

Scanning Oracle Cloud Infrastructure Registry images for ...

A step-by-step guide to OCIR vulnerability scanning: enabling OCI's Vulnerability Scanning Service, triggering push-time scans, triaging CVEs, and signing verified images.

Jan 9, 20268 min read
Container Security

Hardening Oracle Kubernetes Engine (OKE) clusters

A practical, command-by-command guide to OKE security best practices: locking down the API endpoint, network security lists, pod security policies, IAM, and image signing.

Jan 8, 20268 min read
Container Security

Detecting container threats in OCI with Cloud Guard

How OCI Cloud Guard detects container threats in OKE — detector recipes, responder rules, real blind spots, and where Safeguard adds runtime and supply-chain coverage.

Jan 7, 20267 min read
Container Security

Comparing container registry security features across maj...

A practical, no-fluff comparison of ECR vs ACR vs GAR vs OCIR on scanning depth, signing, IAM, and compliance — plus where Harbor fits and how Safeguard unifies them.

Jan 6, 20268 min read
Container Security

How Log4Shell exposed cloud container images and how to d...

Log4Shell (CVE-2021-44228) still hides in container images years later. Here's how it works, its CVSS/EPSS/KEV context, and how to detect and remediate it across ECR, ACR, and GAR.

Jan 6, 20268 min read
Container Security

A Practical Kubernetes Operator Security Checklist

Kubernetes operators run with broad cluster access. This checklist covers the controls that matter most in 2025, from RBAC scoping to image provenance.

Nov 28, 20254 min read
Container Security

The 2019 Docker Hub Database Breach Exposing User Credent...

In April 2019, Docker Hub exposed 190,000 accounts' credentials and GitHub/Bitbucket tokens. Here's what happened, what leaked, and why it still matters for supply chain security.

Nov 19, 20257 min read
Container Security (Page 16) — Supply Chain Security Blog | Safeguard