Safeguard
Tag

containers

Safeguard articles tagged "containers" — guides, analysis, and best practices for software supply chain and application security.

66 articles

Containers

Choosing a Container Security Scanner

A practical checklist for choosing a container security scanner, covering base-image coverage, registry integration, runtime relevance, and how scan noise actually gets managed.

Sep 16, 20255 min read
Cloud Security

Runtime Threat Detection in Cloud-Native Environments

Static analysis catches known vulnerabilities. Runtime detection catches exploitation. Here is how to implement runtime threat detection for containerized workloads.

Aug 18, 20256 min read
Containers

Dockerizing Node.js and PHP Apps: A Practical Guide

Writing a node js dockerfile and learning how to dockerize php application deployments both hinge on the same handful of decisions — base image, layer order, and what you leave out of the final image.

Jun 23, 20255 min read
DevSecOps

Container Hardening Guide 2025: From Base Image to Production

A practical guide to hardening container images and deployments. Covers base image selection, build-time security, runtime protections, and Kubernetes-specific controls.

May 5, 20256 min read
Containers

Docker and Container Security Best Practices: A Combined Checklist

A single, practical checklist covering dockers and containers together — image build, runtime config, and CI gates — instead of treating Docker security and container security as separate problems.

Mar 18, 20255 min read
Containers

Rebuilding Docker Images: Cache, Patching, and Reproducibility

A plain docker build reuses cached layers and silently skips your security patches. Here is how the cache actually works, how to force a real rebuild, and how to keep rebuilds reproducible.

Feb 18, 20256 min read
DevSecOps

Earthly Containerized Builds Supply Chain

Earthly combines container isolation with Makefile-style ergonomics. Here's what that means for supply chain posture, with real Earthfile examples.

Nov 8, 20247 min read
Product

Deep Dive: Safeguard Container Scanning

Container images are supply chain artifacts. Safeguard's container scanning analyzes every layer -- base images, OS packages, and application dependencies -- for a complete risk picture.

Aug 15, 20246 min read
Container Security

How to Sign Container Images With Cosign: A Complete Guide

A practical walkthrough for signing container images with Cosign using keyless OIDC, verifying signatures, and enforcing policy in your Kubernetes cluster.

Jun 10, 20245 min read
Container Security

VM to Container: Supply Chain Implications of the Migration

What changes in your software supply chain when you move from virtual machines to containers, and how to adapt governance, scanning, and provenance accordingly.

Mar 8, 20247 min read
Container Security

Scratch vs Distroless: Choosing the Right Minimal Container Image

Both scratch and distroless promise minimal attack surface. The right choice depends on your runtime, your debugging needs, and your tolerance for complexity.

Oct 12, 20236 min read
Container Security

Running Containers in Rootless Mode: A Practical Security Guide

Root in the container often means root on the host. Rootless mode breaks that assumption. Here is how to run Docker and Podman without root and why it matters more than you think.

Apr 5, 20237 min read
containers (Page 5) — Safeguard Blog