Safeguard
Tag

docker

Safeguard articles tagged "docker" — guides, analysis, and best practices for software supply chain and application security.

60 articles

Engineering

Alpine vs Distroless vs Ubuntu Base Images: Security Tradeoffs

Alpine is small, distroless is smaller, Ubuntu is comfortable. The real security question is CVE surface vs debuggability vs compatibility — with numbers.

Mar 2, 20267 min read
AI Security

AI-Generated Dockerfile Vulnerability Patterns

LLM-generated Dockerfiles repeat the same six or seven mistakes. Here is the pattern catalog and how to catch them before they ship.

Feb 18, 20267 min read
Application Security

How to configure OWASP ZAP for automated scanning

A step-by-step guide to configuring OWASP ZAP for automated scanning in CI/CD, from Docker setup through baseline and API scans to pipeline gating.

Feb 15, 20268 min read
Container Security

Container Security Best Practices Checklist 2026

A practical container security checklist for 2026 covering base images, runtime controls, registry hygiene, and signing, with specific thresholds defenders can adopt.

Jan 22, 20265 min read
Vulnerability Analysis

containerd-shim Abstract Unix Socket Exposure Enabling Co...

CVE-2020-15257 lets processes in host-networked containers reach the containerd-shim socket and escape to the host. Impact, affected versions, and fixes explained.

Nov 21, 20258 min read
Vulnerability Response

CVE-2025-31133 in runc: Patch Posture & SBOM Response

runc container-escape via /proc mount manipulation affects Docker, Kubernetes, and every CRI runtime. Defender playbook below.

Nov 19, 20257 min read
Containers

Node.js in Docker: A Practical Setup Guide

A practical setup guide for running node.js docker containers in production, choosing between docker node slim and full images, and locking down what actually matters for security.

Nov 12, 20255 min read
SBOM

Container SBOM Generation: Best Practices for 2025

Container images are multi-layered artifacts that challenge SBOM generators. Here is how to generate comprehensive, accurate SBOMs for containerized applications.

Oct 1, 20256 min read
Containers

Scanning Docker Images for Vulnerabilities: How To

Knowing how to scan Docker images for vulnerabilities before they ship is the difference between catching a known CVE in CI and finding it in an incident report.

Sep 16, 20255 min read
Containers

Choosing a Container Security Scanner

A practical checklist for choosing a container security scanner, covering base-image coverage, registry integration, runtime relevance, and how scan noise actually gets managed.

Sep 16, 20255 min read
Container Security

How Snyk Container handles multi-stage Docker builds duri...

How Snyk Container identifies base images, attributes vulnerabilities to Dockerfile instructions, and scopes scans across multi-stage Docker builds.

Sep 6, 20257 min read
Vulnerability Response

CVE-2025-9074 in Docker Desktop: Patch Posture & SBOM Response

Docker Desktop container-to-host escape scored CVSS 9.3. Affected Windows and macOS developer fleets need a fast patch rollout. Defender playbook below.

Aug 21, 20256 min read
docker (Page 3) — Safeguard Blog