base-images
Safeguard articles tagged "base-images" — guides, analysis, and best practices for software supply chain and application security.
19 articles
How Snyk Container's automatic base image remediation PRs...
How Snyk Container's automatic base image remediation PRs pick replacement tags, what triggers them, and what they actually change in a Dockerfile.
How Snyk Container's exclude and allow policies reduce no...
Snyk Container's exclude and allow policies scope ignore rules to specific paths and layers, filtering base-image noise without hiding real application risk.
Container Base Image Hygiene: An Underrated Lever for Red...
Swapping bloated base images for minimal ones can cut container CVE counts by 60-90% without touching app code. Here's the data and how to start.
Node.js in Docker: Choosing and Securing Your Base Image
The Docker Node base image you pick decides your CVE count before you write a line of code. Here is how to choose between Debian, slim, and Alpine — and harden whichever you pick.
Wolfi OS: The Linux Distribution Built for Secure Containers
Wolfi is not a general-purpose Linux distro. It exists to solve one problem: provide secure, minimal, up-to-date packages for container images. Here is why that matters and how to use it.
Container Base Image Selection: A Security-First Decision Framework
Your base image choice determines your container security baseline. Most teams pick based on size or familiarity, not security properties.
Container Image Vulnerabilities: 2021 Year in Review
Container security matured significantly in 2021, but the vulnerability landscape in base images, registries, and runtime configurations remains concerning.