Safeguard
Tag

container-security

Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.

385 articles

Vulnerability Management

How to reduce alert fatigue from vulnerability scanners

Container scanners like Trivy can return thousands of CVE findings per scan. Here's why most are noise, and how reachability and exploit data cut the list to what matters.

Apr 24, 20267 min read
Containers

Open Source Container Security: A Practical Guide

You can build a solid container security stack entirely from open source tools — here's which ones cover which layer, and where the gaps show up at scale.

Apr 22, 20265 min read
Container Security

Announcing Kubernetes workload protection in Snyk Container

Snyk added Kubernetes workload protection to Snyk Container. Here's what it does, why it matters now, and what security teams should ask before relying on it.

Apr 22, 20267 min read
SBOM

SBOM for Containers: 2026 Buyer's Guide

How to generate, manage, and act on SBOMs for containers in 2026: tool comparison, layered SBOMs, signing, and runtime drift detection.

Apr 19, 20265 min read
Container Security

Image Scanning

How container image scanning works, where tools like Aqua Security's Trivy fall short on noise and reachability, and what modern scanning workflows require.

Apr 16, 20268 min read
Container Security

Container Registry Scanning

How container registry scanning actually works, why Aqua's Trivy isn't enough on its own, what the xz-utils backdoor exposed, and how Safeguard prioritizes findings that matter.

Apr 16, 20268 min read
Container Security

Docker CIS Benchmark

A practical breakdown of the Docker CIS Benchmark's 100+ controls, the checks teams fail most, how Aqua Security handles compliance, and what audit failures actually cost.

Apr 16, 20267 min read
Container Security

Kubernetes CIS Benchmark

CIS Kubernetes Benchmark controls, common failure patterns, how Aqua Security's kube-bench fits in, and how continuous, supply-chain-aware scanning closes the gaps a point-in-time scan leaves open.

Apr 15, 20267 min read
Container Security

Kubernetes Secrets

Kubernetes Secrets are base64, not encrypted, by default. Here is how they actually leak, why scanners like Aqua fall short, and how to fix it.

Apr 15, 20268 min read
Container Security

eBPF in Kubernetes

eBPF gives Kubernetes deep runtime visibility, but it only sees what a container does after it starts. Here's what Aqua's Tracee gets right, and where supply chain gaps remain.

Apr 15, 20267 min read
Containers

Tracking Kubernetes CVEs in 2026: A Practical Method

Kubernetes CVE news moves fast across control plane, kubelet, and CNI components — here's a repeatable method for tracking what actually applies to your cluster.

Apr 14, 20264 min read
Vulnerability Management

Trivy (Open Source Scanner)

Trivy is free and fast, but Aqua Security built it as a funnel to its paid CNAPP. Here's what the open-source scanner misses and how Safeguard closes the gap.

Apr 12, 20267 min read
container-security (Page 10) — Safeguard Blog