Safeguard
Tag

container-security

Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.

385 articles

Container Security

What is Image Signing

Container image signing binds a cryptographic signature to an image's digest so you can prove what's running is what was actually built — not just scanned.

Feb 1, 20267 min read
Container Security

What is Admission Control (Kubernetes)

Admission control is the last checkpoint in Kubernetes before an object is written to etcd — here's how webhooks, PSA, and policy engines enforce it.

Jan 31, 20267 min read
Cloud Security

What is Runtime Protection

Runtime protection catches what pre-deployment scanning can't — live attacks like the XZ Utils backdoor and Log4Shell exploitation, detected only in production.

Jan 31, 20266 min read
DevSecOps

Jira and Docker: Integrating Security Workflows

Jira docker integration for security teams usually means auto-filing tickets from container scan findings — here's how to wire it without flooding the backlog with noise.

Jan 28, 20265 min read
Best Practices

What is the Principle of Least Functionality

The principle of least functionality (NIST CM-7) means shipping only the ports, services, and code a system needs—nothing extra "just in case."

Jan 27, 20267 min read
Case Studies

A Healthcare System's Self-Healing Container Rollout

An anonymized account of how a regional North American healthcare system deployed Safeguard's self-healing container base images across 600+ workloads.

Jan 22, 20267 min read
AI Security

Docker MCP Server: Setup and Security Considerations

Running a docker mcp server puts an AI agent's tool access inside a container boundary, which helps containment but doesn't remove the need to scope credentials and network access carefully.

Jan 22, 20265 min read
Container Security

How to enable and configure Amazon ECR image scanning for...

A step-by-step guide to enabling AWS ECR image scanning, from basic vs. enhanced scanning and scan-on-push to CI/CD gating, finding triage, and troubleshooting.

Jan 21, 20267 min read
Container Security

Hardening Amazon EKS clusters against common attack paths

A step-by-step guide to EKS security best practices: lock down IAM, enforce pod security standards, segment networks, and verify every control.

Jan 20, 20268 min read
Container Security

Signing container images with AWS Signer for supply chain...

A practical walkthrough for signing container images with AWS Signer, verifying them in ECR and EKS, and closing supply chain gaps with cryptographic trust.

Jan 20, 20268 min read
Container Security

Continuous container vulnerability scanning with Amazon I...

How Amazon Inspector's continuous container scanning actually works, where Inspector vs Trivy differs, and the ECR blind spots teams need to cover.

Jan 19, 20267 min read
Container Security

Detecting malware and runtime threats in ECR and EKS with...

How GuardDuty ECR malware protection and EKS runtime monitoring catch cryptominers and malicious images, where the coverage gaps are, and how Safeguard closes them.

Jan 18, 20267 min read
container-security (Page 18) — Safeguard Blog