Safeguard
Topic

Containers

In-depth guides and analysis on containers from the Safeguard engineering team.

45 articles

Containers

Docker Security Concerns: The Real List

Docker security concerns that actually cause incidents are narrower than most checklists suggest — root-by-default containers, exposed daemon sockets, and unpatched base images account for most real-world breaches.

Apr 23, 20255 min read
Containers

Dockerfile Best Practices: Security, Size, and Build Speed

Most Dockerfiles are copy-pasted from a tutorial and never revisited. Here's what actually shrinks image size, closes the common security holes, and speeds up rebuilds.

Apr 14, 20255 min read
Containers

cAdvisor: Container Resource Monitoring, Explained

cAdvisor gives you per-container CPU, memory, network, and filesystem metrics out of the box — here's what it actually measures, how it fits with Prometheus and Kubernetes, and where its limits show up.

Mar 18, 20255 min read
Containers

Docker and Container Security Best Practices: A Combined Checklist

A single, practical checklist covering dockers and containers together — image build, runtime config, and CI gates — instead of treating Docker security and container security as separate problems.

Mar 18, 20255 min read
Containers

Node.js in Docker: Choosing and Securing Your Base Image

The Docker Node base image you pick decides your CVE count before you write a line of code. Here is how to choose between Debian, slim, and Alpine — and harden whichever you pick.

Mar 12, 20257 min read
Containers

"New Tag Scanned": What Container Registries Mean By It

A plain explanation of what the "new tag scanned" event actually means in registries like GHCR, ECR, and Docker Hub, and what to do when it flags a vulnerability.

Mar 11, 20255 min read
Containers

Container Image Vulnerability Scanning in CI

How to wire container image vulnerability scanning into your CI pipeline so builds fail on real risk instead of shipping unscanned images to production.

Feb 18, 20256 min read
Containers

Rebuilding Docker Images: Cache, Patching, and Reproducibility

A plain docker build reuses cached layers and silently skips your security patches. Here is how the cache actually works, how to force a real rebuild, and how to keep rebuilds reproducible.

Feb 18, 20256 min read
Containers

What Is a Docker Container? A Practical Explanation

A Docker container is a lightweight, isolated unit that packages an app with everything it needs to run — here's what that actually means under the hood and why it matters for security.

Mar 14, 20247 min read
Containers (Page 4) — Supply Chain Security Blog | Safeguard