Safeguard
Tag

containers

Safeguard articles tagged "containers" — guides, analysis, and best practices for software supply chain and application security.

66 articles

Container Security

Runtime Container Drift: Supply Chain Implications

Runtime drift is the last honest witness in container supply chain defence. This post covers what drift signals tell you, how to instrument for them, and how to investigate without overwhelming on-call.

Mar 19, 20267 min read
Cloud Security

Cloud-Native Security Practices That Actually Scale

Containers, Kubernetes, and ephemeral infrastructure broke the perimeter security model. These are the cloud-native security practices that hold up past your first hundred services.

Mar 19, 20264 min read
Containers

What Gartner's Container Security Coverage Gets Right (and Skips)

Gartner's container security research correctly frames the shift toward CNAPP consolidation, but its category boundaries often lag how teams actually operate scanning day to day.

Mar 19, 20265 min read
Container Security

Chiseled / Distroless Image Rollout Program

What it takes to standardise on chiseled and distroless container images across an engineering organisation: which workloads benefit, which do not, and how to handle the operational quirks of imageless containers.

Mar 14, 20267 min read
Container Security

Service Mesh Supply Chain Policy 2026

Service meshes are a control plane and a data plane and a supply chain risk surface all at once. This post covers the policy controls that matter in 2026 for sidecars, control planes, and mesh-issued certificates.

Mar 9, 20267 min read
Container Security

Kubernetes Operator Supply Chain Controls

Operators are powerful, privileged, and often under-governed. This post covers the supply chain controls that keep operator installations from becoming the largest attack surface in your cluster.

Mar 4, 20267 min read
Cloud Security

Container Runtime Security in 2026: What's Changed and What Hasn't

Container security has matured significantly, but runtime protection remains a weak spot. Here's a practical guide to what works.

Mar 1, 20266 min read
Security

Container Security: Why Reachability Analysis Changes Everything

Stop chasing phantom vulnerabilities. Learn how reachability analysis reduces CVE noise by 80% and focuses remediation on what actually matters.

Mar 1, 20263 min read
Container Security

Helm Chart Supply Chain Defence Blueprint

Helm charts are the most common Kubernetes deployment artifact and the least scrutinised. This blueprint covers chart provenance, signing, value validation, and the runtime correspondence checks that close the loop.

Feb 27, 20267 min read
Container Security

Multi-Arch Image Builds and Attestation Pitfalls

Why multi-architecture container images break assumptions baked into signing, SBOM, and attestation tooling, and how to build a multi-arch pipeline that stays verifiable.

Feb 22, 20268 min read
Product

Self-Healing Containers Now Generally Available

Self-healing containers detect, remediate, and rebuild images when CVEs appear in their dependency closure. Here is how the GA feature works in practice.

Feb 20, 20267 min read
Container Security

Distroless Node.js 20 on Debian 12 Image Deep Dive

A deep dive into the gcr.io/distroless/nodejs20-debian12 image: contents, attack surface, real-world CVE exposure, and where it fits in production.

Feb 19, 20265 min read
containers (Page 3) — Safeguard Blog