Safeguard
Tag

docker-security

Safeguard articles tagged "docker-security" — guides, analysis, and best practices for software supply chain and application security.

33 articles

Container Security

Detecting cryptomining malware in container images

Cryptomining malware like Kinsing and TeamTNT quietly hijacks container CPU cycles to mine Monero. Here's how it gets in, how to spot it, and how to stop it.

Jun 23, 20267 min read
Cloud Security

Container security for Kubernetes and Docker

A practical glossary breakdown of container security for Kubernetes and Docker: the real risks, key benchmarks, and where code-scanning tools like Checkmarx fall short.

Jun 22, 20267 min read
Vulnerability Analysis

Critical RCE via ImageMagick: hacking Docker containers

ImageTragick and CVE-2022-44268 show how one image-processing library keeps handing attackers shells and secrets inside Docker containers.

May 1, 20266 min read
Container Security

Docker CIS Benchmark: what it checks and how to pass it

A practical breakdown of what the CIS Docker Benchmark actually checks, why Trivy alone only covers part of it, and how to remediate and stay compliant.

Apr 26, 20268 min read
Container Security

Docker CIS Benchmark

A practical breakdown of the Docker CIS Benchmark's 100+ controls, the checks teams fail most, how Aqua Security handles compliance, and what audit failures actually cost.

Apr 16, 20267 min read
Container Security

What is Docker Security

Docker security spans image scanning, SBOMs, and runtime controls — see the CVEs, misconfigurations, and real breaches that show why each layer matters.

Mar 20, 20268 min read
Container Security

Top 5 Docker Security Vulnerabilities

Runc escapes, exposed daemons, stale base images, privileged containers, and leaked secrets: the five Docker vulnerabilities behind most real container breaches.

Mar 20, 20267 min read
Compliance

Docker Compliance and Scanning for Regulated Teams

Regulated teams can't treat container scanning as a one-time gate — auditors want a documented, continuous process tied to actual docker vulnerability news, not a clean scan from six months ago.

Mar 11, 20265 min read
Container Security

Container escape

A container escape lets attackers break out of a container into the host or other workloads. Learn how these attacks work, real CVEs, and Kubernetes risk.

Feb 22, 20267 min read
Vulnerability Analysis

Docker symlink race condition escape (CVE-2018-15664)

A TOCTOU race in Docker's docker cp symlink resolution let malicious containers write to host files as root. Impact, CVSS, and fixes inside.

Dec 15, 20258 min read
Vulnerability Analysis

runc Container Breakout via /proc/self/exe Overwrite (CVE...

CVE-2019-5736 let a malicious container overwrite the host runc binary, escaping isolation to gain root on the Docker or Kubernetes host.

Nov 21, 20257 min read
Container Security

Containers Not Dropping Default Linux Capabilities

Docker grants every container 14 Linux capabilities by default. Here's why NET_RAW, SYS_CHROOT, and friends turn contained compromises into breakouts—and how to drop them safely.

Oct 28, 20257 min read
docker-security (Page 2) — Safeguard Blog