container-security
Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.
385 articles
What is Container Security? (definition, lifecycle, threats)
Container security spans build, ship, and runtime: scanning, SBOMs, Kubernetes hardening, and runtime detection. How it works, and where Anchore leaves gaps.
Docker image security fundamentals (quick-start guide)
A practical guide to docker image security: how vulnerabilities hide in base images, common misconfigurations, how scanning works, and a five-step quick-start checklist.
Kubernetes vulnerability scanning and audit-ready compliance
Image scans can pass while your Kubernetes control plane stays exposed. See why CVE-2025-1974 and CIS Benchmark gaps break audits — and how to close them.
What is Software Supply Chain Security (SSCS)?
SolarWinds, Log4Shell, and the XZ Utils backdoor show why supply chain security now means more than SBOMs. Here's what SSCS actually covers—and where Anchore's approach falls short.
Aqua Security Platform Buyer Review 2026
An in-depth 2026 buyer review of the Aqua Security platform: runtime protection, image scanning, Kubernetes posture, pricing, and where Aqua fits and where it does not.
What is DevSecOps? (principles, workflow, tooling)
DevSecOps explained: the principles, CI/CD workflow, and scanning tools that build security into every commit instead of bolting it on at release.
Anchore's approach to DevSecOps (case for shift-left secu...
How Anchore's devsecops approach uses SBOMs and shift-left scanning to catch vulnerabilities early, and why runtime visibility still matters.
MCP Server Sandbox Escapes: Threat Model
A threat model for sandbox escapes in Model Context Protocol servers, mapping attack surfaces from tool execution environments to host processes and shared state.
NIST 800-190 container security guide compliance
NIST 800-190 requires evidence across five container risk categories, not just image scans. Where Anchore-based pipelines fall short and how to close the gap.
STIG compliance scanning for hardened/Chainguard containe...
Chainguard images have near-zero CVEs, but shell-based scanners like Anchore flag them as STIG non-compliant. Here is why, and how to fix it.
What is Container Security
Container security protects images, runtimes, orchestration, and hosts. Here's what it covers, why 87% of images ship with critical CVEs, and how to fix it.
What is Container Scanning
Container scanning finds known CVEs, secrets, and misconfigurations in image layers before deployment. Here's how it works and where it falls short.