Safeguard
Tag

container-security

Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.

385 articles

Container Security

Docker Desktop WSL2 Security Changes in 2022

Docker Desktop's WSL2 backend reshaped container security on Windows. Here is what changed in 2022 and the defects that forced those changes.

Nov 18, 20226 min read
Container Security

Podman vs Docker Security: What Actually Changes When You Drop the Daemon

Podman is daemonless, rootless by default, and fork-exec instead of client-server. Here is what those architectural differences mean for container security in practice.

Nov 15, 20227 min read
Container Security

Runtime vs Static Container Analysis: Complementary, Not Competing

Static scanning finds known vulnerabilities. Runtime analysis finds actual exploitation. Using only one gives you half the picture.

Nov 12, 20226 min read
Tool Reviews

Tern: Container SBOM Generation Through Layer Analysis

A review of Tern, the open source tool that generates SBOMs by inspecting container image layers, including its strengths, limitations, and where it fits in your toolchain.

Oct 12, 20225 min read
Container Security

Kubernetes Admission Controllers for Supply Chain Policy

Admission controllers are the only Kubernetes enforcement point that sees every workload before it runs. That makes them the right place to enforce image provenance, signing, and SBOM policies.

Sep 18, 20226 min read
Tool Comparisons

Trivy vs Grype: Open Source Vulnerability Scanners Compared

A practical comparison of Trivy and Grype for vulnerability scanning, covering detection accuracy, performance, SBOM support, and real-world usage patterns.

Sep 15, 20225 min read
Container Security

Docker Image Layer Security Analysis: What Lurks Beneath Your Containers

Every Docker image is a stack of layers, and each one can introduce vulnerabilities. Learn how to dissect image layers for security risks and what tools actually help.

Aug 12, 20227 min read
Container Security

Docker Scout for Container Security Analysis: A Practical Guide

Docker Scout brings vulnerability scanning directly into the Docker CLI. Here is what it actually catches, where it falls short, and how to integrate it into your workflow.

Jul 5, 20226 min read
Container Security

Container Runtime Security Monitoring: Catching What Scanners Miss

Image scanning finds known vulnerabilities before deployment. Runtime monitoring catches actual exploitation, zero-days, and behavioral anomalies after deployment. You need both.

Jun 8, 20225 min read
Container Security

Docker Container Escape Vulnerabilities: Techniques and Defenses

Containers are not VMs. When an attacker escapes a container, they own the host — and potentially every other container running on it. Here are the escape techniques you need to defend against.

May 12, 20226 min read
SBOM

Generating SBOMs with Syft: The Complete Guide

Syft is the most popular open-source SBOM generator. Here's how to use it effectively for containers, directories, archives, and CI/CD pipelines.

Apr 8, 20226 min read
Container Security

Kubernetes Supply Chain Security: Best Practices for 2022

Kubernetes does not run your code — it runs container images built from layers of dependencies you may not control. Securing the K8s supply chain requires thinking beyond pod security policies.

Mar 15, 20225 min read
container-security (Page 32) — Safeguard Blog