Safeguard
Tag

container-security

Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.

385 articles

Container Security

How to scan container images for vulnerabilities with Trivy

Learn how to scan container images with Trivy: install it, run your first scan, filter by severity, and gate builds automatically in CI/CD pipelines.

Feb 19, 20267 min read
Container Security

How to implement Kubernetes Pod Security Standards

A step-by-step guide to implementing Kubernetes Pod Security Standards, from auditing pods to enforcing restricted mode and migrating off PSP.

Feb 19, 20268 min read
Container Security

Signing Container Images: Cosign, Notary, and Why It Matters

Signing container images cryptographically proves an image came from a trusted build and hasn't been tampered with since — here's how Cosign and Notary do it, and why registries alone can't guarantee that.

Feb 18, 20266 min read
Container Security

How to set up Kubernetes RBAC

A step-by-step kubernetes RBAC setup guide covering Roles, RoleBindings, service accounts, least-privilege patterns, and how to verify and troubleshoot access.

Feb 17, 20267 min read
Container Security

How to encrypt Kubernetes secrets at rest

A step-by-step guide to encrypting Kubernetes secrets at rest: choosing a KMS provider, configuring etcd encryption, re-encrypting existing secrets, and verifying it worked.

Feb 17, 20268 min read
Container Security

How to configure Falco for runtime security monitoring

A practical walkthrough to configure Falco runtime security in Kubernetes: install, customize rules, route alerts, tune noise, and verify detection end-to-end.

Feb 14, 20268 min read
Containers

Best Container Security Tools in 2026

Image scanners, runtime sensors, and Kubernetes posture tools each catch different failures. Here is how the leading options compare in 2026 — and how to pick a stack without buying three overlapping scanners.

Feb 12, 20266 min read
Containers

OSS Container Security: What Changes With Open-Source Base Images

Open-source base images change your patch cadence, your license exposure, and your provenance story — here's what OSS container security actually adds on top of standard image hardening.

Feb 11, 20265 min read
Container Security

How to set up OPA Gatekeeper for Kubernetes admission con...

A step-by-step guide to OPA Gatekeeper Kubernetes admission control: install, write constraint templates, roll out safely, and verify enforcement.

Feb 8, 20267 min read
Emerging Technology

Leaky Vessels: The runc Container Escape Class (2024)

Leaky Vessels bundled four CVEs that let container processes escape into the host. Two years later the class is still mispatched and misunderstood.

Feb 4, 20267 min read
Container Security

Firecracker vs Cloud Hypervisor vs Kata Containers: 2026 Buyer Guide

A practical comparison of Firecracker, Cloud Hypervisor, and Kata Containers across boot time, memory overhead, security boundary, and operational fit for serverless and multi-tenant workloads.

Feb 4, 20265 min read
Container Security

What is a Golden Image

A golden image is the hardened template every server and container is cloned from — powerful for consistency, dangerous when it goes stale. Here's how to secure it.

Feb 1, 20267 min read
container-security (Page 17) — Safeguard Blog