Safeguard
Tag

docker-security

Safeguard articles tagged "docker-security" — guides, analysis, and best practices for software supply chain and application security.

33 articles

Container Security

Containers Running in Privileged Mode: Risks and Fixes

Docker's --privileged flag strips seccomp, AppArmor, and capability limits in one line. Here's how attackers exploit it, real CVEs, and how to lock it down.

Oct 28, 20257 min read
Containers

Docker Privileged Mode: What It Unlocks and Why to Avoid It

One flag, --privileged, hands a container almost the same power as root on the host. Here is exactly what it turns on, why it breaks isolation, and the narrow capabilities that replace it.

Sep 16, 20256 min read
Container Security

How Snyk Container detects a Dockerfile's base image with...

Snyk Container identifies a Dockerfile's true base image by comparing layer digests against a registry database, no docker run required.

Sep 8, 20258 min read
Container Security

How Snyk's Docker Desktop Extension scans images before t...

How Snyk's Docker Desktop extension scans local images for CVEs before push, what it can and can't detect, and where it fits with CI and registry scanning.

Sep 4, 20257 min read
Containers

Docker Image for Node: Choosing Slim vs Full Builds

The default node image on Docker Hub ships a full Debian userland most services never touch — knowing when slim, alpine, or distroless actually pays off keeps builds smaller without breaking native modules.

Sep 3, 20256 min read
Container Security

Why Container Registries Are an Underexamined Supply Chai...

Registries decide what code actually runs in production, yet most security programs treat them as passive storage. Here's why that's a costly blind spot.

Aug 2, 20256 min read
Containers

Node Docker Images: Picking the Right Base for Production

The node docker image you pick as a base determines most of your container's attack surface and size. Here's how to choose between full, slim, and alpine variants for production.

May 27, 20255 min read
Containers

Docker and Container Security Best Practices: A Combined Checklist

A single, practical checklist covering dockers and containers together — image build, runtime config, and CI gates — instead of treating Docker security and container security as separate problems.

Mar 18, 20255 min read
Containers

Container Image Vulnerability Scanning in CI

How to wire container image vulnerability scanning into your CI pipeline so builds fail on real risk instead of shipping unscanned images to production.

Feb 18, 20256 min read
docker-security (Page 3) — Safeguard Blog