Safeguard
Tag

cloud-native-security

Safeguard articles tagged "cloud-native-security" — guides, analysis, and best practices for software supply chain and application security.

25 articles

Container Security

eBPF in Kubernetes

eBPF gives Kubernetes deep runtime visibility, but it only sees what a container does after it starts. Here's what Aqua's Tracee gets right, and where supply chain gaps remain.

Apr 15, 20267 min read
Container Security

What is Container Runtime Security

Container runtime security monitors running containers for malicious behavior that image scanning can't catch — here's how it works and why it matters.

Mar 21, 20267 min read
Container Security

What is Container Orchestration

Container orchestration automates how containers deploy, scale, and recover across clusters — and it's also one of the highest-value targets in the software supply chain.

Mar 21, 20266 min read
Container Security

What is Container Monitoring

Container monitoring tracks metrics, logs, and runtime behavior across ephemeral containers—here's what it covers, why it matters, and how it differs from VM monitoring.

Mar 20, 20267 min read
Container Security

What is Kubernetes Security

Kubernetes security spans four layers — cloud, cluster, container, code — and misconfiguration, not novel exploits, causes most real-world incidents.

Mar 19, 20268 min read
Container Security

What Are Kubernetes Network Policies

Kubernetes clusters default to flat, all-to-all pod networking. Here's how NetworkPolicy objects, CNI enforcement, and default-deny rules actually stop lateral movement.

Mar 19, 20267 min read
Container Security

What is Kubernetes Pod Security

Pod Security Standards replaced PodSecurityPolicy in Kubernetes 1.25. Here's what Kubernetes pod security means and how to enforce it in production.

Mar 18, 20266 min read
Cloud Security

What is Cloud Native Security

Cloud native security explained: what it is, the 4C's model, real breach examples, SBOM requirements, and the tools that secure containers and Kubernetes.

Mar 18, 20267 min read
Cloud Security

What is a CNAPP (Cloud Native Application Protection Platform)

CNAPP unifies CSPM, CWPP, and CIEM into one platform. Here's what it actually does, how it emerged, and where today's tools fall short.

Mar 18, 20266 min read
Software Supply Chain Security

5G network function virtualization (NFV) and Open RAN sof...

5G networks now run on open-source-heavy virtualized and Open RAN software stacks. Here's where the real supply chain risk hides, and how to manage it.

Dec 25, 20258 min read
Vulnerability Analysis

Kubernetes RBAC misconfiguration explained

RBAC misconfigurations like wildcard rules and default service account bindings have powered real cluster takeovers, from CVE-2018-1002105 to Siloscape.

Dec 4, 20256 min read
Open Source Security

Cloud-native Go services vulnerability landscape

A runc escape trilogy, a gRPC-Go bypass, and a lingering SSH auth flaw reveal how concentrated risk in Go now shapes the cloud native vulnerability landscape.

Nov 19, 20258 min read
cloud-native-security (Page 2) — Safeguard Blog