Safeguard
Tag

docker

Safeguard articles tagged "docker" — guides, analysis, and best practices for software supply chain and application security.

60 articles

Container Security

Running Containers in Rootless Mode: A Practical Security Guide

Root in the container often means root on the host. Rootless mode breaks that assumption. Here is how to run Docker and Podman without root and why it matters more than you think.

Apr 5, 20237 min read
Best Practices

Container Image Hardening Checklist

A comprehensive checklist for hardening your container images, from base image selection to runtime protections, with practical Dockerfile examples.

Jan 12, 20236 min read
Container Security

Docker Desktop WSL2 Security Changes in 2022

Docker Desktop's WSL2 backend reshaped container security on Windows. Here is what changed in 2022 and the defects that forced those changes.

Nov 18, 20226 min read
Container Security

Podman vs Docker Security: What Actually Changes When You Drop the Daemon

Podman is daemonless, rootless by default, and fork-exec instead of client-server. Here is what those architectural differences mean for container security in practice.

Nov 15, 20227 min read
Tool Reviews

Tern: Container SBOM Generation Through Layer Analysis

A review of Tern, the open source tool that generates SBOMs by inspecting container image layers, including its strengths, limitations, and where it fits in your toolchain.

Oct 12, 20225 min read
SBOM

Generating SBOMs from Container Images: A Practical Guide

Container images are opaque by default. Here's how to crack them open with SBOMs to see exactly what's running in production.

Oct 8, 20227 min read
Container Security

Docker Image Layer Security Analysis: What Lurks Beneath Your Containers

Every Docker image is a stack of layers, and each one can introduce vulnerabilities. Learn how to dissect image layers for security risks and what tools actually help.

Aug 12, 20227 min read
DevSecOps

Docker Security Best Practices for Developers

Practical Docker security from image building to runtime, covering multi-stage builds, user namespaces, and image scanning.

Aug 8, 20224 min read
Container Security

Docker Scout for Container Security Analysis: A Practical Guide

Docker Scout brings vulnerability scanning directly into the Docker CLI. Here is what it actually catches, where it falls short, and how to integrate it into your workflow.

Jul 5, 20226 min read
Container Security

Docker Container Escape Vulnerabilities: Techniques and Defenses

Containers are not VMs. When an attacker escapes a container, they own the host — and potentially every other container running on it. Here are the escape techniques you need to defend against.

May 12, 20226 min read
Container Security

Container Image Vulnerabilities: 2021 Year in Review

Container security matured significantly in 2021, but the vulnerability landscape in base images, registries, and runtime configurations remains concerning.

Dec 22, 20216 min read
Container Security

Docker Hub Malicious Images and Cryptomining Campaigns

Researchers found that millions of Docker Hub pulls go to images containing cryptominers, backdoors, and other malware. Here's how to protect your container pipeline.

Oct 5, 20216 min read
docker (Page 5) — Safeguard Blog