container-registry
Safeguard articles tagged "container-registry" — guides, analysis, and best practices for software supply chain and application security.
11 articles
Securing Container Registries: From Push to Pull
Your registry is the single point every image passes through — and a favorite target for attackers who want to poison many deployments at once. Here is how to lock it down end to end.
Comparing container registry security features across maj...
A practical, no-fluff comparison of ECR vs ACR vs GAR vs OCIR on scanning depth, signing, IAM, and compliance — plus where Harbor fits and how Safeguard unifies them.
Harbor Registry Privilege Escalation via Self-Registratio...
CVE-2019-16097 let attackers self-register as Harbor admins via a single API call. Here's the impact, affected versions, timeline, and how to remediate it.
Harbor Arbitrary File Overwrite via Chart Upload Path Tra...
CVE-2020-13788 let authenticated users overwrite arbitrary files on Harbor via path traversal in Helm chart uploads. Here's the impact, fix, and remediation steps.
Harbor CSRF Token Bypass Enabling Session Hijack (CVE-202...
CVE-2022-31663 let attackers bypass Harbor's CSRF protections to hijack authenticated sessions. Here's the impact, affected versions, and how to remediate.
The 2019 Docker Hub Database Breach Exposing User Credent...
In April 2019, Docker Hub exposed 190,000 accounts' credentials and GitHub/Bitbucket tokens. Here's what happened, what leaked, and why it still matters for supply chain security.
"New Tag Scanned": What Container Registries Mean By It
A plain explanation of what the "new tag scanned" event actually means in registries like GHCR, ECR, and Docker Hub, and what to do when it flags a vulnerability.
Azure Container Registry Trust Model
What Azure Container Registry actually guarantees about the images you pull — signing, attestation, content trust, and where the trust chain breaks in practice.
GitHub Packages Security Features: What You Get and What You Do Not
GitHub Packages integrates tightly with GitHub Actions and repositories. Its security features are convenient but have gaps that teams need to understand.
Azure Container Registry Security: Locking Down Your Image Pipeline
How to secure Azure Container Registry with network isolation, content trust, and Microsoft Defender for Containers integration.
Harbor Registry Security Configuration: A Complete Hardening Guide
Harbor is the most popular open-source container registry. Its security features are powerful but require deliberate configuration to be effective.