Safeguard
Tag

container-security

Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.

385 articles

DevSecOps

Container Security Scanning in 2024: Benchmarks, Tools, and What Actually Matters

Container image scanning tools vary widely in detection rates, false positive rates, and coverage. Here is a practical assessment of the container security scanning landscape in 2024.

Apr 20, 20246 min read
Container Security

Kubernetes Network Policies: The Supply Chain Angle

Network policies are usually framed as a zero-trust tool. They are also one of the best defenses against a compromised dependency.

Apr 8, 20247 min read
Container Security

GCP Cloud Run Supply Chain Security

A practical playbook for protecting the supply chain of services running on Cloud Run: image provenance, Binary Authorization, runtime identity, and the gaps the default configuration leaves wide open.

Mar 25, 20247 min read
Container Security

Wolfi OS: The Linux Distribution Built for Secure Containers

Wolfi is not a general-purpose Linux distro. It exists to solve one problem: provide secure, minimal, up-to-date packages for container images. Here is why that matters and how to use it.

Mar 22, 20246 min read
Tool Reviews

Prisma Cloud Container Security: Palo Alto's Cloud Native Play

A review of Prisma Cloud's container and cloud workload security features, covering image scanning, runtime protection, compliance, and the Twistlock heritage.

Mar 20, 20245 min read
Containers

What Is a Docker Container? A Practical Explanation

A Docker container is a lightweight, isolated unit that packages an app with everything it needs to run — here's what that actually means under the hood and why it matters for security.

Mar 14, 20247 min read
Vulnerability Analysis

Kubernetes CVE-2024-3177: Bypassing Mountable Secrets Policy

A medium-severity Kubernetes vulnerability allowed pods to access secrets they should not have been able to mount, undermining RBAC-based secret isolation in multi-tenant clusters.

Mar 10, 20245 min read
Container Security

Kubernetes Secrets Encryption Providers Reviewed

etcd encryption at rest finally works out of the box. The question is which provider you use, and the trade-offs have sharpened in 2024.

Mar 5, 20248 min read
Container Security

gVisor Runtime Security Deep Dive

gVisor intercepts syscalls in userspace and implements a minimal kernel in Go. It is a genuinely different approach, with genuinely different trade-offs.

Feb 18, 20247 min read
DevSecOps

Multi-Stage Docker Builds: The Security Implications Nobody Talks About

Multi-stage builds reduce image size, but they also introduce security considerations around build secrets, layer caching, and dependency leakage.

Feb 12, 20246 min read
Cloud Security

Multi-Cloud Container Security: Building a Unified Strategy

How to maintain consistent container security across AWS, Azure, and GCP without drowning in tool sprawl and fragmented visibility.

Dec 8, 20238 min read
Container Security

OpenShift Security Context Constraints: A Guide

SCCs predate Pod Security Admission by a decade and are more powerful. That power is also why OpenShift newcomers find them confusing.

Dec 6, 20237 min read
container-security (Page 30) — Safeguard Blog