Safeguard
Tag

attack-surface-reduction

Safeguard articles tagged "attack-surface-reduction" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Container Security

Minimal container images with ko: evaluating distroless Go builds

ko builds Go containers straight from source onto a shell-less distroless base with no Dockerfile — cutting attack surface, and debugging tools, at once.

Jul 12, 20267 min read
Container Security

Minimal Base Images for Security: A Practical Guide

Minimal base images cut CVE counts by up to 95% by shipping only what your app needs. Here is how to choose between distroless, Wolfi, Alpine, and scratch — and build on each safely.

Jul 6, 20265 min read
Container Security

Alpine vs Debian Base Image Security: Which Is Safer?

Alpine is tiny and dodged the xz backdoor; Debian has deeper security tracking and broader compatibility. Here is how the two base images actually compare on security — and how to harden either one.

Jul 5, 20265 min read
Container Security

Reducing the Attack Surface of Your Docker Images

Every binary, library, and shell in a Docker image is attack surface. Here is how to strip an image down to the bytes your app actually needs — and cut your CVE count by up to 95%.

Jul 3, 20265 min read
Container Security

Distroless container images explained

Distroless images cut container size by up to 90% and eliminate OS-level CVEs, but they don't secure app dependencies. Here's how they work and where they fall short.

Jun 27, 20267 min read
Container Security

Minimizing container attack surface

Container images ship 400+ CVEs on average but under 15% are reachable. Learn concrete, numbers-backed steps to cut container attack surface.

Jun 23, 20266 min read
Application Security

Attack surface reduction: practical strategies to minimiz...

Base images are one layer. Real attack surface reduction covers dependencies, build pipelines, and provenance too — here's what Chainguard's approach misses.

Apr 2, 20267 min read
Application Security

What is Attack Surface Reduction

Attack surface reduction means shrinking every entry point attackers can use—code, network, and identity. Here's how to define, measure, and act on it.

Jan 30, 20267 min read
attack-surface-reduction — Safeguard Blog