container-hardening
Safeguard articles tagged "container-hardening" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Hardening PHP-FPM and Apache Container Images
PHP containers ship with defaults built for compatibility, not security. Opcache settings, disabled functions, and process ownership close the gaps.
Docker Security Pro Tips: Hardening Beyond the Basics
You already use a non-root user and a slim base. These are the pro-level Docker hardening tips — read-only filesystems, dropped capabilities, and the docker.sock trap — that actually stop breakouts.
Containers Not Dropping Default Linux Capabilities
Docker grants every container 14 Linux capabilities by default. Here's why NET_RAW, SYS_CHROOT, and friends turn contained compromises into breakouts—and how to drop them safely.
Docker Container Security: A Hardening Checklist
Most container breaches trace back to a handful of avoidable mistakes — root users, bloated images, exposed sockets, unscanned dependencies. This checklist closes them, image to runtime.
Kubernetes SecurityContext Capabilities: Drop vs Add
Kubernetes securityContext capabilities let you strip Linux kernel privileges from a container instead of accepting the runtime default set — here's when to drop, when to add back, and why dropping ALL first is the right starting point.