Safeguard
Tag

container-security

Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.

385 articles

Container Security

Container configuration drift detection at runtime

Container images pass CI clean, but running containers drift within hours via exec sessions, sidecars, and webhooks. Here's how to detect it at runtime.

Jun 24, 20267 min read
Container Security

Detecting vulnerabilities in multi-stage Docker builds

Multi-stage Docker builds hide vulnerabilities, leaked secrets, and untracked dependencies in discarded layers. Here's what final-image scans miss and how to catch it.

Jun 24, 20266 min read
Container Security

Keeping Docker secrets secure without Kubernetes

Docker ships with tmpfs-backed Swarm secrets, BuildKit secret mounts, and Compose file secrets — here's how to use them without Kubernetes.

Jun 24, 20268 min read
Container Security

Container security throughout the SDLC

A clean build-time scan doesn't mean a secure container. Here's why container security has to span code, build, deploy, and runtime — with real CVE examples.

Jun 23, 20267 min read
Container Security

Minimizing container attack surface

Container images ship 400+ CVEs on average but under 15% are reachable. Learn concrete, numbers-backed steps to cut container attack surface.

Jun 23, 20266 min read
Container Security

Signing and verifying container images with Sigstore/cosign

How cosign and Sigstore replace long-lived signing keys with short-lived, identity-based certificates and a public transparency log for containers.

Jun 23, 20267 min read
Container Security

Detecting cryptomining malware in container images

Cryptomining malware like Kinsing and TeamTNT quietly hijacks container CPU cycles to mine Monero. Here's how it gets in, how to spot it, and how to stop it.

Jun 23, 20267 min read
Container Security

EKS vs GKE vs AKS: managed Kubernetes security compared

A technical breakdown of EKS, GKE, and AKS security: default hardening gaps, IAM models, real CVEs, and audit logging differences teams must know.

Jun 22, 20268 min read
Container Security

Security implications of Kubernetes operators

Kubernetes Operators run with elevated, cluster-wide privilege by design. IngressNightmare, Argo CD, and cert-manager CVEs show what happens when that trust is abused.

Jun 22, 20267 min read
Cloud Security

Container security for Kubernetes and Docker

A practical glossary breakdown of container security for Kubernetes and Docker: the real risks, key benchmarks, and where code-scanning tools like Checkmarx fall short.

Jun 22, 20267 min read
Container Security

OCI image vulnerability scanning explained

A concrete breakdown of how OCI image vulnerability scanning works, where scanners miss real risk, and how to build a scan workflow that doesn't drown teams in noise.

Jun 22, 20267 min read
Container Security

Container escape vulnerabilities explained

Container escape vulnerabilities let attackers break out of isolation and reach the host kernel. Here's how CVE-2024-21626 and CVE-2019-5736 actually work.

Jun 22, 20267 min read
container-security (Page 7) — Safeguard Blog