containers
Safeguard articles tagged "containers" — guides, analysis, and best practices for software supply chain and application security.
66 articles
Runtime Container Drift: Supply Chain Implications
Runtime drift is the last honest witness in container supply chain defence. This post covers what drift signals tell you, how to instrument for them, and how to investigate without overwhelming on-call.
Cloud-Native Security Practices That Actually Scale
Containers, Kubernetes, and ephemeral infrastructure broke the perimeter security model. These are the cloud-native security practices that hold up past your first hundred services.
What Gartner's Container Security Coverage Gets Right (and Skips)
Gartner's container security research correctly frames the shift toward CNAPP consolidation, but its category boundaries often lag how teams actually operate scanning day to day.
Chiseled / Distroless Image Rollout Program
What it takes to standardise on chiseled and distroless container images across an engineering organisation: which workloads benefit, which do not, and how to handle the operational quirks of imageless containers.
Service Mesh Supply Chain Policy 2026
Service meshes are a control plane and a data plane and a supply chain risk surface all at once. This post covers the policy controls that matter in 2026 for sidecars, control planes, and mesh-issued certificates.
Kubernetes Operator Supply Chain Controls
Operators are powerful, privileged, and often under-governed. This post covers the supply chain controls that keep operator installations from becoming the largest attack surface in your cluster.
Container Runtime Security in 2026: What's Changed and What Hasn't
Container security has matured significantly, but runtime protection remains a weak spot. Here's a practical guide to what works.
Container Security: Why Reachability Analysis Changes Everything
Stop chasing phantom vulnerabilities. Learn how reachability analysis reduces CVE noise by 80% and focuses remediation on what actually matters.
Helm Chart Supply Chain Defence Blueprint
Helm charts are the most common Kubernetes deployment artifact and the least scrutinised. This blueprint covers chart provenance, signing, value validation, and the runtime correspondence checks that close the loop.
Multi-Arch Image Builds and Attestation Pitfalls
Why multi-architecture container images break assumptions baked into signing, SBOM, and attestation tooling, and how to build a multi-arch pipeline that stays verifiable.
Self-Healing Containers Now Generally Available
Self-healing containers detect, remediate, and rebuild images when CVEs appear in their dependency closure. Here is how the GA feature works in practice.
Distroless Node.js 20 on Debian 12 Image Deep Dive
A deep dive into the gcr.io/distroless/nodejs20-debian12 image: contents, attack surface, real-world CVE exposure, and where it fits in production.