Container Security
In-depth guides and analysis on container security from the Safeguard engineering team.
283 articles
Docker Scout for Container Security Analysis: A Practical Guide
Docker Scout brings vulnerability scanning directly into the Docker CLI. Here is what it actually catches, where it falls short, and how to integrate it into your workflow.
Container Runtime Security Monitoring: Catching What Scanners Miss
Image scanning finds known vulnerabilities before deployment. Runtime monitoring catches actual exploitation, zero-days, and behavioral anomalies after deployment. You need both.
Docker Container Escape Vulnerabilities: Techniques and Defenses
Containers are not VMs. When an attacker escapes a container, they own the host — and potentially every other container running on it. Here are the escape techniques you need to defend against.
Container Registry Hardening: The 2022 Baseline
Your container registry is a signing oracle, a software distribution system, and a typosquat target rolled into one. Here is the hardening baseline for 2022.
Kubernetes Supply Chain Security: Best Practices for 2022
Kubernetes does not run your code — it runs container images built from layers of dependencies you may not control. Securing the K8s supply chain requires thinking beyond pod security policies.
Container Image Vulnerabilities: 2021 Year in Review
Container security matured significantly in 2021, but the vulnerability landscape in base images, registries, and runtime configurations remains concerning.
Docker Hub Malicious Images and Cryptomining Campaigns
Researchers found that millions of Docker Hub pulls go to images containing cryptominers, backdoors, and other malware. Here's how to protect your container pipeline.