containers
Safeguard articles tagged "containers" — guides, analysis, and best practices for software supply chain and application security.
66 articles
Choosing a Container Security Scanner
A practical checklist for choosing a container security scanner, covering base-image coverage, registry integration, runtime relevance, and how scan noise actually gets managed.
Runtime Threat Detection in Cloud-Native Environments
Static analysis catches known vulnerabilities. Runtime detection catches exploitation. Here is how to implement runtime threat detection for containerized workloads.
Dockerizing Node.js and PHP Apps: A Practical Guide
Writing a node js dockerfile and learning how to dockerize php application deployments both hinge on the same handful of decisions — base image, layer order, and what you leave out of the final image.
Container Hardening Guide 2025: From Base Image to Production
A practical guide to hardening container images and deployments. Covers base image selection, build-time security, runtime protections, and Kubernetes-specific controls.
Docker and Container Security Best Practices: A Combined Checklist
A single, practical checklist covering dockers and containers together — image build, runtime config, and CI gates — instead of treating Docker security and container security as separate problems.
Rebuilding Docker Images: Cache, Patching, and Reproducibility
A plain docker build reuses cached layers and silently skips your security patches. Here is how the cache actually works, how to force a real rebuild, and how to keep rebuilds reproducible.
Earthly Containerized Builds Supply Chain
Earthly combines container isolation with Makefile-style ergonomics. Here's what that means for supply chain posture, with real Earthfile examples.
Deep Dive: Safeguard Container Scanning
Container images are supply chain artifacts. Safeguard's container scanning analyzes every layer -- base images, OS packages, and application dependencies -- for a complete risk picture.
How to Sign Container Images With Cosign: A Complete Guide
A practical walkthrough for signing container images with Cosign using keyless OIDC, verifying signatures, and enforcing policy in your Kubernetes cluster.
VM to Container: Supply Chain Implications of the Migration
What changes in your software supply chain when you move from virtual machines to containers, and how to adapt governance, scanning, and provenance accordingly.
Scratch vs Distroless: Choosing the Right Minimal Container Image
Both scratch and distroless promise minimal attack surface. The right choice depends on your runtime, your debugging needs, and your tolerance for complexity.
Running Containers in Rootless Mode: A Practical Security Guide
Root in the container often means root on the host. Rootless mode breaks that assumption. Here is how to run Docker and Podman without root and why it matters more than you think.