Safeguard
Tag

container-security

Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.

385 articles

Container Security

Docker Hub malicious image detection

Docker Hub's open upload model has enabled real cryptojacking and phishing campaigns — here's how attackers hide malware in images and how to detect them.

Jun 21, 20267 min read
Container Security

Securing serverless containers on Fargate and Cloud Run

No SSH, no DaemonSets, no host agents. Here's how Firecracker and gVisor isolation change container security on Fargate and Cloud Run — and what still gets you breached.

Jun 21, 20267 min read
Container Security

Reducing CVEs in container base images

Base images inherit hundreds of OS-level CVEs your app never touches. Here's how reachability analysis and minimal bases cut real risk, not just counts.

Jun 21, 20267 min read
Container Security

Deep visibility into hardened/minimal container images (d...

Distroless images strip the package managers most scanners rely on. Here's how Safeguard achieves deep visibility into hardened images, compared to Black Duck's SCA heritage.

Jun 15, 20268 min read
Buyer's Guides

Best CNAPP Platforms in 2026: An Honest Buyer's Guide

An honest, opinionated guide to the best CNAPP platforms in 2026 — Wiz, Prisma Cloud, Microsoft Defender for Cloud, CrowdStrike, Aqua, Orca, and Sysdig — plus where the cloud-native security category is heading on AI-SPM, runtime, and supply chain.

Jun 7, 20268 min read
Buyer's Guides

Best Container Scanning Tools in 2026: An Honest Buyer's Guide

An honest guide to the best container scanning tools in 2026 — from open-source scanners like Trivy and Grype to cloud-context platforms like Wiz and Aqua — with clear guidance on which fits your CI/CD pipeline, registry, and runtime.

Jun 4, 20268 min read
Tools

Best Container Base Images for Security in 2026

Chainguard, distroless, Alpine, UBI micro, Ubuntu chiseled, and scratch, compared on CVE counts, size, libc, and the operational costs nobody puts in the marketing.

Jun 2, 20267 min read
Vulnerability Management

Vulnerability scanning tools and techniques compared

A verifiable comparison of Safeguard and JFrog Xray on scan coverage, data sourcing, reachability analysis, and CI/CD integration for vulnerability scanning.

Jun 1, 20268 min read
Container Security

Top container security tools to evaluate

Comparing Safeguard and Mend.io on the dimensions that actually matter for container security: scanning engine transparency, air-gapped support, registry coverage, and product origin.

May 25, 20268 min read
Container Security

CVE-2026-42945: A Buffer Overflow in NGINX's Rewrite Module Reaches Into Your Kubernetes Clusters (May 2026)

Disclosed May 17, 2026 with public PoC and in-the-wild activity, CVE-2026-42945 is a buffer overflow in NGINX's ngx_http_rewrite_module. It affects core NGINX and the ingress controllers that wrap it, putting cluster ingress in scope.

May 18, 202612 min read
DevSecOps

The 4 best DevSecOps tools for a secure DevOps workflow

The 4 DevSecOps tool categories a secure pipeline needs — SCA, SAST, container/IaC scanning, secrets scanning — with real incidents and fixes.

May 18, 20267 min read
Cloud Security

CNAPP Security: What It Actually Covers

CNAPP bundles CSPM, CWPP, and vulnerability scanning under one label, but the exact scope varies widely by vendor — here's what a genuine CNAPP platform actually needs to cover.

May 14, 20264 min read
container-security (Page 8) — Safeguard Blog