Safeguard
Tag

container-security

Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.

385 articles

Vulnerability Analysis

Secrets leakage in Docker images explained

How credentials get baked into Docker image layers, real incidents that exposed them, and how to detect and stop secrets leakage in container images.

Dec 3, 20257 min read
Container Security

A Practical Kubernetes Operator Security Checklist

Kubernetes operators run with broad cluster access. This checklist covers the controls that matter most in 2025, from RBAC scoping to image provenance.

Nov 28, 20254 min read
Vulnerability Analysis

Helm 2 Tiller's Default Unauthenticated gRPC Endpoint (CV...

CVE-2019-18658 shows how Helm 2's Tiller ran an unauthenticated gRPC endpoint by default, letting network-adjacent attackers seize cluster-admin control.

Nov 24, 20257 min read
Vulnerability Analysis

Project Quay Improper Access Control Exposing Private Ima...

CVE-2020-27838 exposed private container images in Project Quay due to improper access control. Here's what happened, who's affected, and how to remediate it.

Nov 21, 20258 min read
Containers

Docker Vulnerability Scanners: What They Catch and Miss

Image scanners are excellent at matching OS packages and language dependencies against CVE databases — and structurally blind to config flaws, runtime behavior, and code you compiled yourself. Where the line sits.

Nov 20, 20258 min read
Vulnerability Analysis

BuildKit Build-Time Container Teardown Arbitrary File Del...

A malicious Dockerfile can exploit CVE-2024-23652 to make BuildKit delete arbitrary host files during build teardown. Here's what's affected and how to fix it.

Nov 20, 20257 min read
Vulnerability Analysis

BuildKit Mount Cache Race Condition Vulnerability (CVE-20...

CVE-2024-23651 is a high-severity BuildKit race condition that can expose host files to build containers via shared cache mounts. Here's the full breakdown.

Nov 20, 20258 min read
Open Source Security

Kubernetes and Go supply chain risk report

Kubernetes leans on thousands of Go modules. New analysis shows how typosquats and vendored code turn that dependency into real supply chain risk.

Nov 19, 20258 min read
Container Security

The 2019 Docker Hub Database Breach Exposing User Credent...

In April 2019, Docker Hub exposed 190,000 accounts' credentials and GitHub/Bitbucket tokens. Here's what happened, what leaked, and why it still matters for supply chain security.

Nov 19, 20257 min read
Open Source Security

Cloud-native Go services vulnerability landscape

A runc escape trilogy, a gRPC-Go bypass, and a lingering SSH auth flaw reveal how concentrated risk in Go now shapes the cloud native vulnerability landscape.

Nov 19, 20258 min read
Container Security

Docker Hub malicious image report

Researchers estimate roughly 3% of public Docker Hub images carry malicious payloads. Here's what's inside them, how they spread, and how to defend your pipeline.

Nov 18, 20257 min read
Container Security

Top vulnerable base images on Docker Hub

A look at why Docker Hub's most-pulled base images still ship hundreds of known CVEs, and how reachability analysis cuts the noise down to what's actually exploitable.

Nov 18, 20257 min read
container-security (Page 21) — Safeguard Blog