container-security
Safeguard articles tagged "container-security" — guides, analysis, and best practices for software supply chain and application security.
385 articles
Kubernetes Security in 2026: CVEs and Hardening Priorities
The CVEs that hurt clusters lately live at the edges: admission controllers, ingress, and image supply chains. What the recent record says about where to harden first.
JFrog Xray vs Prisma Cloud: A 2026 Comparison
Where JFrog Xray and Prisma Cloud actually compete, where they don't, and how to pick between them for software supply chain and runtime security in 2026.
Critical RCE via ImageMagick: hacking Docker containers
ImageTragick and CVE-2022-44268 show how one image-processing library keeps handing attackers shells and secrets inside Docker containers.
Safeguard vs Trivy: vulnerability scanning depth and reme...
Trivy scans fast and free, but leaves remediation to you. See how Safeguard's platform handles cross-repo correlation, prioritization, and audit-ready fix tracking.
OSS container image scanning tools compared
Trivy finds CVEs fast and free. Safeguard compares how each handles fleet-wide inventory, triage, policy enforcement, and audit evidence at scale.
What is Trivy and how it compares to other open-source sc...
Trivy is Aqua Security's free open-source scanner for containers, IaC, and dependencies. Here's how it compares to Grype, Clair, and Snyk—and where it falls short.
Aqua Vulnerability Database (AVD) explained
AVD powers Trivy's scan results, but it's a curated aggregator, not a primary source. Here's how it differs from NVD, where its gaps are, and how to close them.
CNAPP according to Gartner: capabilities and evaluation c...
Gartner's CNAPP framework demands unified risk correlation, not bundled scanners. Here's how Trivy (Aqua) maps to it — and where supply chain security closes the gap.
Container image scanning: how it works and best tools
A practical guide to container image scanning: how layer-by-layer CVE detection works, how Trivy stacks up, and where Safeguard adds deeper coverage.
Container security best practices checklist
A practical container security checklist covering base images, scanning limits, runtime risk, and why CVE scans like Trivy alone miss most real supply chain threats.
Docker CIS Benchmark: what it checks and how to pass it
A practical breakdown of what the CIS Docker Benchmark actually checks, why Trivy alone only covers part of it, and how to remediate and stay compliant.
Container escape attacks: how they happen and how to prev...
Container escapes rarely need a zero-day — privileged flags, mounted sockets, and excess capabilities do the job. Here's how they happen, real CVEs, and how to stop them.