Safeguard
Tag

container-security

Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.

385 articles

Container Security

What is Container Security? (definition, lifecycle, threats)

Container security spans build, ship, and runtime: scanning, SBOMs, Kubernetes hardening, and runtime detection. How it works, and where Anchore leaves gaps.

Mar 28, 20268 min read
Container Security

Docker image security fundamentals (quick-start guide)

A practical guide to docker image security: how vulnerabilities hide in base images, common misconfigurations, how scanning works, and a five-step quick-start checklist.

Mar 27, 20268 min read
Container Security

Kubernetes vulnerability scanning and audit-ready compliance

Image scans can pass while your Kubernetes control plane stays exposed. See why CVE-2025-1974 and CIS Benchmark gaps break audits — and how to close them.

Mar 27, 20267 min read
Industry Analysis

What is Software Supply Chain Security (SSCS)?

SolarWinds, Log4Shell, and the XZ Utils backdoor show why supply chain security now means more than SBOMs. Here's what SSCS actually covers—and where Anchore's approach falls short.

Mar 27, 20267 min read
Container Security

Aqua Security Platform Buyer Review 2026

An in-depth 2026 buyer review of the Aqua Security platform: runtime protection, image scanning, Kubernetes posture, pricing, and where Aqua fits and where it does not.

Mar 26, 20265 min read
DevSecOps

What is DevSecOps? (principles, workflow, tooling)

DevSecOps explained: the principles, CI/CD workflow, and scanning tools that build security into every commit instead of bolting it on at release.

Mar 26, 20267 min read
DevSecOps

Anchore's approach to DevSecOps (case for shift-left secu...

How Anchore's devsecops approach uses SBOMs and shift-left scanning to catch vulnerabilities early, and why runtime visibility still matters.

Mar 26, 20268 min read
AI Security

MCP Server Sandbox Escapes: Threat Model

A threat model for sandbox escapes in Model Context Protocol servers, mapping attack surfaces from tool execution environments to host processes and shared state.

Mar 25, 20267 min read
Compliance

NIST 800-190 container security guide compliance

NIST 800-190 requires evidence across five container risk categories, not just image scans. Where Anchore-based pipelines fall short and how to close the gap.

Mar 24, 20267 min read
Compliance

STIG compliance scanning for hardened/Chainguard containe...

Chainguard images have near-zero CVEs, but shell-based scanners like Anchore flag them as STIG non-compliant. Here is why, and how to fix it.

Mar 23, 20267 min read
Container Security

What is Container Security

Container security protects images, runtimes, orchestration, and hosts. Here's what it covers, why 87% of images ship with critical CVEs, and how to fix it.

Mar 22, 20267 min read
Container Security

What is Container Scanning

Container scanning finds known CVEs, secrets, and misconfigurations in image layers before deployment. Here's how it works and where it falls short.

Mar 22, 20267 min read
container-security (Page 13) — Safeguard Blog