Safeguard
Topic

Container Security

In-depth guides and analysis on container security from the Safeguard engineering team.

283 articles

Container Security

Prisma Cloud vs Wiz: Supply Chain Features

Both Prisma Cloud and Wiz have expanded into supply chain territory from cloud security origins. A head-to-head on what each actually delivers on the supply chain dimension.

Oct 2, 20255 min read
Container Security

How Snyk Container detects a Dockerfile's base image with...

Snyk Container identifies a Dockerfile's true base image by comparing layer digests against a registry database, no docker run required.

Sep 8, 20258 min read
Container Security

How Snyk Container maps vulnerabilities to specific image...

How Snyk Container uses OCI manifest metadata, diff_ids, and Dockerfile history to trace a vulnerable package to the exact layer and build instruction that introduced it.

Sep 7, 20258 min read
Container Security

How Snyk Container's Base Image filter isolates OS-level ...

How Snyk Container's Base Image filter separates OS-level vulnerabilities from application dependencies, how it identifies base images, and where attribution breaks down.

Sep 7, 20257 min read
Container Security

How Snyk Container scans distroless and minimal (Wolfi-st...

Distroless and Wolfi-style images strip out package managers, breaking traditional scanners. Here's how Snyk Container identifies vulnerable packages anyway.

Sep 7, 20258 min read
Container Security

How Snyk Container's static filesystem analysis avoids th...

How Snyk Container inspects image layers, package databases, and lockfiles without ever running the container — and where static filesystem analysis hits its limits.

Sep 6, 20258 min read
Container Security

How Snyk Container integrates with Kubernetes workloads f...

How Snyk Container's Kubernetes integration uses a read-only controller to continuously re-check running workload images as new CVEs are disclosed.

Sep 6, 20257 min read
Container Security

How Snyk Container handles multi-stage Docker builds duri...

How Snyk Container identifies base images, attributes vulnerabilities to Dockerfile instructions, and scopes scans across multi-stage Docker builds.

Sep 6, 20257 min read
Container Security

How Snyk Container's registry integrations authenticate a...

A technical walkthrough of how Snyk Container authenticates and pulls images from ECR, ACR, GCR, and Artifactory using IAM roles, service principals, and tokens.

Sep 5, 20257 min read
Container Security

How Snyk Broker's Container Registry Agent scans private,...

How Snyk's Broker Container Registry Agent scans private, self-hosted registries like Artifactory and Nexus without exposing credentials or images to the cloud.

Sep 5, 20257 min read
Container Security

How Snyk's Docker Desktop Extension scans images before t...

How Snyk's Docker Desktop extension scans local images for CVEs before push, what it can and can't detect, and where it fits with CI and registry scanning.

Sep 4, 20257 min read
Container Security

How Snyk Container's automatic base image remediation PRs...

How Snyk Container's automatic base image remediation PRs pick replacement tags, what triggers them, and what they actually change in a Dockerfile.

Sep 4, 20256 min read
Container Security (Page 18) — Supply Chain Security Blog | Safeguard