Safeguard
Tag

container-security

Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.

385 articles

Container Security

Scanning Azure Container Registry images for vulnerabilities

A step-by-step guide to enabling Azure Container Registry vulnerability scanning with Microsoft Defender for Containers, plus troubleshooting and gating deployments on scan results.

Jan 17, 20268 min read
DevSecOps

Signing container images and generating SBOMs in Azure pi...

A practical walkthrough for Azure container image signing with Notation and ACR content trust, plus generating SBOMs inside Azure DevOps pipelines.

Jan 15, 20267 min read
Container Security

Security best practices for Azure Container Apps and secr...

A step-by-step guide to Azure Container Apps security best practices: managed identity, Key Vault-backed secrets, network ingress, and supply chain hardening.

Jan 13, 20267 min read
Container Security

Hardening Google Kubernetes Engine clusters against attacks

A step-by-step guide to GKE security best practices: private clusters, Workload Identity, Shielded Nodes, Binary Authorization, and verification checks for real audits.

Jan 13, 20267 min read
Container Security

Enforcing signed and attested container images with Binar...

A step-by-step guide to enforcing signed, attested container images in GKE with Binary Authorization — from attestor setup to policy enforcement and troubleshooting.

Jan 12, 20268 min read
Container Security

How Container Threat Detection identifies runtime attacks...

How Container Threat Detection GCP watches GKE kernels for reverse shells, added binaries, and privilege escalation—and why runtime signals catch what image scanning can't.

Jan 10, 20266 min read
Vulnerability Analysis

Dirty Pipe Linux kernel arbitrary write (CVE-2022-0847)

Dirty Pipe (CVE-2022-0847) lets local attackers overwrite read-only files via a pipe buffer flaw, enabling fast, reliable root escalation on Linux and Android.

Jan 10, 20268 min read
Vulnerability Analysis

Kubernetes API server privilege escalation via aggregated API (CVE-2018-1002105)

A critical flaw in Kubernetes' aggregated API let unauthenticated users gain full admin privileges. Here's how it worked and how to fix it.

Jan 9, 20267 min read
Container Security

Comparing security models of GKE Autopilot versus Standar...

GKE Autopilot security vs Standard clusters draw the shared-responsibility line very differently. Here's what changes for pod security and hardening.

Jan 9, 20267 min read
Vulnerability Analysis

runc container escape via file descriptor overwrite (CVE-2019-5736)

CVE-2019-5736 let malicious containers overwrite the host runc binary and gain root — here's the mechanism, affected versions, and how to remediate it.

Jan 9, 20267 min read
Container Security

Implementing keyless container image signing with Cosign ...

A hands-on guide to Cosign keyless signing GCP setups with Sigstore, Workload Identity Federation, and Cloud Build — sign and verify images with no key management.

Jan 9, 20267 min read
Container Security

Scanning Oracle Cloud Infrastructure Registry images for ...

A step-by-step guide to OCIR vulnerability scanning: enabling OCI's Vulnerability Scanning Service, triggering push-time scans, triaging CVEs, and signing verified images.

Jan 9, 20268 min read
container-security (Page 19) — Safeguard Blog