cis-benchmark
Safeguard articles tagged "cis-benchmark" — guides, analysis, and best practices for software supply chain and application security.
9 articles
The 2026 AWS Security Checklist: Account, IAM, Network, and Data Controls
One SSRF call against an unpatched WAF and a permissive IAM role were enough to expose 106 million Capital One records in 2019 — here's the checklist that stops it.
Hardening Amazon EKS With Native AWS Controls
AWS secures the EKS control plane and etcd — everything else, from IAM to security groups to node OS patching, is on you under the shared responsibility model.
Applying CIS Benchmarks to cloud infrastructure
CIS Benchmarks turn "be secure" into testable checks for AWS, Azure, and GCP — here's how to move from annual audit to continuous enforcement.
Docker CIS Benchmark: what it checks and how to pass it
A practical breakdown of what the CIS Docker Benchmark actually checks, why Trivy alone only covers part of it, and how to remediate and stay compliant.
Kubernetes vulnerability scanning and audit-ready compliance
Image scans can pass while your Kubernetes control plane stays exposed. See why CVE-2025-1974 and CIS Benchmark gaps break audits — and how to close them.
How to harden a Linux server
A step-by-step guide to harden Linux server security: SSH hardening, firewalls, patching, CIS benchmark alignment, and verification for production systems.
Best Kubernetes security scanning tools
A practical, no-fluff comparison of Kubernetes security scanning tools — CIS benchmark coverage, runtime detection, and where each real vendor falls short.
How Snyk IaC scans Kubernetes manifests and Helm charts f...
A technical walkthrough of how Snyk IaC parses Kubernetes manifests, renders Helm charts, and checks them against CIS benchmarks before deployment.
Kubernetes RBAC Sprawl and Why It's Rarely Audited
Kubernetes RBAC grows faster than anyone tracks it, and there's no built-in tool to audit it. Here's why sprawl happens and what a real audit checks.