Safeguard
Tag

docker

Safeguard articles tagged "docker" — guides, analysis, and best practices for software supply chain and application security.

60 articles

Container Security

Container Base Image Hygiene: An Underrated Lever for Red...

Swapping bloated base images for minimal ones can cut container CVE counts by 60-90% without touching app code. Here's the data and how to start.

Aug 5, 20259 min read
Containers

Dockerizing Node.js and PHP Apps: A Practical Guide

Writing a node js dockerfile and learning how to dockerize php application deployments both hinge on the same handful of decisions — base image, layer order, and what you leave out of the final image.

Jun 23, 20255 min read
Containers

Docker Privileged Containers: `docker run` and Compose Risks

docker run privileged and docker compose privileged both hand a container root-equivalent access to the host — here's exactly what that means and when, if ever, it's justified.

May 9, 20255 min read
DevSecOps

Container Hardening Guide 2025: From Base Image to Production

A practical guide to hardening container images and deployments. Covers base image selection, build-time security, runtime protections, and Kubernetes-specific controls.

May 5, 20256 min read
Containers

Rebuilding Docker Images: Cache, Patching, and Reproducibility

A plain docker build reuses cached layers and silently skips your security patches. Here is how the cache actually works, how to force a real rebuild, and how to keep rebuilds reproducible.

Feb 18, 20256 min read
Engineering

Container Image Digests vs Tags: Why Pinning Matters

A tag is a mutable pointer; a digest is the image. Pinning by digest is the difference between deploying what you tested and deploying whatever the registry says today.

Feb 16, 20256 min read
Best Practices

Container Security Best Practices for 2025: Beyond Image Scanning

Container security has evolved far past vulnerability scanning. Here is what mature container security programs look like heading into 2025.

Dec 1, 20247 min read
Product

Deep Dive: Safeguard Container Scanning

Container images are supply chain artifacts. Safeguard's container scanning analyzes every layer -- base images, OS packages, and application dependencies -- for a complete risk picture.

Aug 15, 20246 min read
DevSecOps

Container Security Scanning in 2024: Benchmarks, Tools, and What Actually Matters

Container image scanning tools vary widely in detection rates, false positive rates, and coverage. Here is a practical assessment of the container security scanning landscape in 2024.

Apr 20, 20246 min read
Container Security

BuildKit Cache Security Considerations for Container Builds

BuildKit's caching is what makes container builds fast. It is also a potential vector for cache poisoning attacks if not properly secured.

Apr 12, 20245 min read
DevSecOps

Multi-Stage Docker Builds: The Security Implications Nobody Talks About

Multi-stage builds reduce image size, but they also introduce security considerations around build secrets, layer caching, and dependency leakage.

Feb 12, 20246 min read
Container Security

Container Base Image Selection: A Security-First Decision Framework

Your base image choice determines your container security baseline. Most teams pick based on size or familiarity, not security properties.

Jun 12, 20236 min read
docker (Page 4) — Safeguard Blog