Containers
In-depth guides and analysis on containers from the Safeguard engineering team.
45 articles
Kubernetes Security in 2026: CVEs and Hardening Priorities
The CVEs that hurt clusters lately live at the edges: admission controllers, ingress, and image supply chains. What the recent record says about where to harden first.
Open Source Container Security: A Practical Guide
You can build a solid container security stack entirely from open source tools — here's which ones cover which layer, and where the gaps show up at scale.
Tracking Kubernetes CVEs in 2026: A Practical Method
Kubernetes CVE news moves fast across control plane, kubelet, and CNI components — here's a repeatable method for tracking what actually applies to your cluster.
What Gartner's Container Security Coverage Gets Right (and Skips)
Gartner's container security research correctly frames the shift toward CNAPP consolidation, but its category boundaries often lag how teams actually operate scanning day to day.
Best Container Security Tools in 2026
Image scanners, runtime sensors, and Kubernetes posture tools each catch different failures. Here is how the leading options compare in 2026 — and how to pick a stack without buying three overlapping scanners.
OSS Container Security: What Changes With Open-Source Base Images
Open-source base images change your patch cadence, your license exposure, and your provenance story — here's what OSS container security actually adds on top of standard image hardening.
Container Security Solutions vs Platforms: What You're Actually Buying
Container security solutions and container security platforms get marketed almost interchangeably — here's the actual difference in scope and what each one leaves you to build yourself.
Docker Vulnerability Scanners: What They Catch and Miss
Image scanners are excellent at matching OS packages and language dependencies against CVE databases — and structurally blind to config flaws, runtime behavior, and code you compiled yourself. Where the line sits.
Node.js in Docker: A Practical Setup Guide
A practical setup guide for running node.js docker containers in production, choosing between docker node slim and full images, and locking down what actually matters for security.
Golang Docker Images: Building Them Right
How to build Golang Docker images that stay small, patch cleanly, and don't ship a compiler toolchain into production, using multi-stage builds done properly.
Writing a Container Security Policy That Actually Holds
Most container security policies get written once, ignored during the next sprint, and rediscovered during an audit — here's how to write one that engineers actually follow.
Kubernetes SecurityContext: The Settings That Matter
A pod's securityContext decides whether a compromised container is contained or a launchpad. Here are the fields that actually reduce blast radius — and the copy-paste block that sets a hardened baseline.