admission-controller
Safeguard articles tagged "admission-controller" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Security implications of Kubernetes operators
Kubernetes Operators run with elevated, cluster-wide privilege by design. IngressNightmare, Argo CD, and cert-manager CVEs show what happens when that trust is abused.
Getting Started: Safeguard Kubernetes Admission
Deploy the Safeguard admission controller to block images with unresolved critical vulnerabilities before they run in your cluster.
How to implement Kubernetes Pod Security Standards
A step-by-step guide to implementing Kubernetes Pod Security Standards, from auditing pods to enforcing restricted mode and migrating off PSP.
Kubernetes Pod Security Standards: From PodSecurityPolicy to the New Admission Controller
PodSecurityPolicy is dead. Pod Security Standards replaced it. Here is what changed, what the three levels mean, and how to migrate without breaking your clusters.
Kubernetes Admission Controllers for Supply Chain Policy
Admission controllers are the only Kubernetes enforcement point that sees every workload before it runs. That makes them the right place to enforce image provenance, signing, and SBOM policies.
Kubernetes Supply Chain Policy Engines: Enforcing What Gets Deployed
Scanning for vulnerabilities means nothing if you cannot enforce the results. Supply chain policy engines in Kubernetes turn security findings into hard deployment gates.