container-security
Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.
385 articles
What is Image Signing
Container image signing binds a cryptographic signature to an image's digest so you can prove what's running is what was actually built — not just scanned.
What is Admission Control (Kubernetes)
Admission control is the last checkpoint in Kubernetes before an object is written to etcd — here's how webhooks, PSA, and policy engines enforce it.
What is Runtime Protection
Runtime protection catches what pre-deployment scanning can't — live attacks like the XZ Utils backdoor and Log4Shell exploitation, detected only in production.
Jira and Docker: Integrating Security Workflows
Jira docker integration for security teams usually means auto-filing tickets from container scan findings — here's how to wire it without flooding the backlog with noise.
What is the Principle of Least Functionality
The principle of least functionality (NIST CM-7) means shipping only the ports, services, and code a system needs—nothing extra "just in case."
A Healthcare System's Self-Healing Container Rollout
An anonymized account of how a regional North American healthcare system deployed Safeguard's self-healing container base images across 600+ workloads.
Docker MCP Server: Setup and Security Considerations
Running a docker mcp server puts an AI agent's tool access inside a container boundary, which helps containment but doesn't remove the need to scope credentials and network access carefully.
How to enable and configure Amazon ECR image scanning for...
A step-by-step guide to enabling AWS ECR image scanning, from basic vs. enhanced scanning and scan-on-push to CI/CD gating, finding triage, and troubleshooting.
Hardening Amazon EKS clusters against common attack paths
A step-by-step guide to EKS security best practices: lock down IAM, enforce pod security standards, segment networks, and verify every control.
Signing container images with AWS Signer for supply chain...
A practical walkthrough for signing container images with AWS Signer, verifying them in ECR and EKS, and closing supply chain gaps with cryptographic trust.
Continuous container vulnerability scanning with Amazon I...
How Amazon Inspector's continuous container scanning actually works, where Inspector vs Trivy differs, and the ECR blind spots teams need to cover.
Detecting malware and runtime threats in ECR and EKS with...
How GuardDuty ECR malware protection and EKS runtime monitoring catch cryptominers and malicious images, where the coverage gaps are, and how Safeguard closes them.