container-security
Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.
385 articles
Cryptomining malware hidden in public Docker images
Cryptomining malware keeps resurfacing in public Docker images. Here's how attackers hide miners in plain sight — and how to catch them before they run.
Docker Hub typosquatting of official images
Attackers are cloning popular Docker Official Images under lookalike names, tricking `docker pull` into fetching malware instead of trusted base images.
Best container image scanning tools
A practical comparison of container image scanning tools — Trivy, Grype, Snyk, Docker Scout, Clair, and Anchore — with real strengths, limits, and how to pick one.
Container image supply chain attack trends
Container images have become the software supply chain's most contested attack surface. A look at the xz-utils backdoor, registry-borne malware campaigns, and the detection gaps behind them.
Best Kubernetes security scanning tools
A practical, no-fluff comparison of Kubernetes security scanning tools — CIS benchmark coverage, runtime detection, and where each real vendor falls short.
Alpine vs Debian base image vulnerability comparison
A 2026 look at Alpine vs. Debian base image CVEs shows raw vulnerability counts mislead — patch cadence and reachability matter more than distro choice.
Outdated container images still running in production
New industry data shows most production containers still run on stale, vulnerable base images months after fixes ship -- here's why, and how to close the gap.
Container registry credential leak trends
2026 data shows container registry credential leaks accelerating as CI pipelines speed up — and why layer-aware scanning, not just final-image checks, is now essential.
Distroless image security trend report
Distroless adoption is up nearly 3x since 2024, but Safeguard's 2026 scan data shows SBOM gaps, missed dependencies, and inflated CVE lists still undermine the hardening it promises.
Kubernetes Helm chart vulnerability trends
New Safeguard research finds most public Helm charts ship risky defaults and stale image pins—here's what the data shows and how to fix it.
Node.js in Docker: A Practical Setup Guide
A practical setup guide for running node.js docker containers in production, choosing between docker node slim and full images, and locking down what actually matters for security.
Best runtime container security tools
A practical comparison of runtime container security tools, from eBPF-based monitoring to commercial threat detection platforms, and what to weigh before buying.