Safeguard
Tag

docker

Safeguard articles tagged "docker" — guides, analysis, and best practices for software supply chain and application security.

60 articles

Security Guides

Node.js Docker Security Best Practices

A Node.js container is only as secure as its base image, its user, and its dependency layer. This is a Dockerfile-by-Dockerfile walkthrough of hardening a Node app image — multi-stage builds, non-root, distroless, and layer hygiene.

Jul 7, 20265 min read
DevSecOps

Reducing Docker image build time without sacrificing security

Multi-stage builds and minimal base images can cut CI build times dramatically — and they're the same changes that shrink your CVE attack surface.

Jul 7, 20266 min read
Container Security

Docker Secrets Management: Stop Baking Credentials Into Images

A secret written into a Docker layer is recoverable forever, even after you delete it. Learn the build-time and runtime patterns that keep credentials out of your images entirely.

Jul 6, 20266 min read
Guides

Container Security for Beginners: Keeping Your Docker Images Safe

Containers made shipping software wonderfully simple, but they also package up whatever risks come along for the ride. Here is a beginner-friendly introduction with a first image scan you can run today.

Jul 3, 20266 min read
Tutorials

How to Scan a Container Image for Vulnerabilities

Scan any Docker or OCI image for OS-package and application-layer vulnerabilities, understand the results, and gate risky images before they reach your registry — with copy-paste commands.

Jul 2, 20266 min read
Container Security

Docker Image Security Best Practices

Every Docker layer you ship is attack surface you have to defend. Learn how to build lean, non-root, secret-free images that survive a registry scan and a real audit.

Jul 1, 20265 min read
Container Security

Multi-Stage Docker Build Security in 2026

Multi-stage builds are the right way to ship secure container images, but the security benefits depend on getting the stage boundaries right. A guide for 2026.

Apr 21, 20267 min read
Guides

How to Harden a Dockerfile in 10 Practical Steps

Ten concrete Dockerfile changes — digest pinning, multi-stage builds, non-root users, BuildKit secrets, SBOM attestations — that remove whole classes of container risk.

Apr 20, 20266 min read
Container Security

Docker BuildKit Security Best Practices for 2026

BuildKit has been the default Docker builder for years, but its security features remain underused. Here are the practices that matter in 2026.

Apr 2, 20266 min read
Container Security

Container Image Supply Chain: From Dockerfile to Production

Every container pulled in production is a trust decision. Here's how to secure the chain from base image selection through Dockerfile to admission control.

Mar 30, 20268 min read
Best Practices

Dev Containers Security Baseline for 2026

A practical security baseline for devcontainer.json files in 2026, covering base image selection, features, lifecycle scripts, and the supply chain controls that actually matter.

Mar 19, 20266 min read
Best Practices

How to Scan Docker Images for Vulnerabilities

A production-grade vulnerability scanning pipeline for Docker images using Trivy and Grype, with reachability-based prioritization and admission enforcement.

Mar 17, 20267 min read
docker (Page 2) — Safeguard Blog