Safeguard
Tag

cloud-native-security

Safeguard articles tagged "cloud-native-security" — guides, analysis, and best practices for software supply chain and application security.

25 articles

Kubernetes Security

Default-deny NetworkPolicy: closing the pod-to-pod gap in Kubernetes

Kubernetes pods allow all traffic by default, and many clusters' NetworkPolicy YAML silently does nothing because the CNI plugin never enforces it.

Jul 15, 20266 min read
Kubernetes Security

A practical guide to least privilege in Kubernetes RBAC

One RBAC flaw, CVE-2018-1002105 (CVSS 9.8), let any authenticated user escalate to cluster-admin — here's how to actually scope roles so that never happens again.

Jul 13, 20266 min read
Best Practices

Defense-in-depth for a modern cloud-native application stack

Log4Shell and the XZ backdoor were caught two different ways — one by patching, one by a developer noticing 500ms of extra SSH latency. Neither alone is a strategy.

Jul 8, 20266 min read
Container Security

Kubernetes network policies for zero trust

Kubernetes network policies default to allow-all. Here is how default-deny rules, CNI enforcement, and policy testing build real zero-trust segmentation.

Jun 26, 20267 min read
Container Security

Runtime security tools for Kubernetes clusters

A concrete look at Kubernetes runtime security tools — Falco, Tetragon, Tracee, eBPF, and recent CVEs — and what to check before you buy one.

Jun 25, 20267 min read
Container Security

Container configuration drift detection at runtime

Container images pass CI clean, but running containers drift within hours via exec sessions, sidecars, and webhooks. Here's how to detect it at runtime.

Jun 24, 20267 min read
Infrastructure Security

Applying least privilege IAM in cloud-native environments

Least privilege IAM fails in practice because permissions are granted for convenience and rarely revoked. Here's how to fix that at cloud scale.

Jun 15, 20267 min read
AppSec

API Security Posture Management, Explained

API security posture management inventories every API you actually have, then continuously checks it against the rules you meant to enforce.

Jun 2, 20265 min read
Industry Analysis

The State of Cloud Native Application Security survey

New 2026 survey data reveals a widening gap between vulnerability alert volume and remediation capacity — and what security teams say actually helps.

Apr 25, 20267 min read
Buyer's Guides

Snyk Alternatives for cloud-native security teams

Comparing Snyk alternatives for cloud-native teams: how Wiz's cloud posture platform and Safeguard's supply chain security approach differ — and where each actually fits.

Apr 21, 20267 min read
Cloud Security

What is Cloud Security? Ultimate guide to the modern cloud

Cloud misconfigurations and supply chain attacks now drive most breaches. Here's what cloud security actually means in 2026, and how it differs from what Wiz covers.

Apr 20, 20267 min read
Container Security

Kubernetes CIS Benchmark

CIS Kubernetes Benchmark controls, common failure patterns, how Aqua Security's kube-bench fits in, and how continuous, supply-chain-aware scanning closes the gaps a point-in-time scan leaves open.

Apr 15, 20267 min read
cloud-native-security — Safeguard Blog