docker
Safeguard articles tagged "docker" — guides, analysis, and best practices for software supply chain and application security.
60 articles
Running Containers in Rootless Mode: A Practical Security Guide
Root in the container often means root on the host. Rootless mode breaks that assumption. Here is how to run Docker and Podman without root and why it matters more than you think.
Container Image Hardening Checklist
A comprehensive checklist for hardening your container images, from base image selection to runtime protections, with practical Dockerfile examples.
Docker Desktop WSL2 Security Changes in 2022
Docker Desktop's WSL2 backend reshaped container security on Windows. Here is what changed in 2022 and the defects that forced those changes.
Podman vs Docker Security: What Actually Changes When You Drop the Daemon
Podman is daemonless, rootless by default, and fork-exec instead of client-server. Here is what those architectural differences mean for container security in practice.
Tern: Container SBOM Generation Through Layer Analysis
A review of Tern, the open source tool that generates SBOMs by inspecting container image layers, including its strengths, limitations, and where it fits in your toolchain.
Generating SBOMs from Container Images: A Practical Guide
Container images are opaque by default. Here's how to crack them open with SBOMs to see exactly what's running in production.
Docker Image Layer Security Analysis: What Lurks Beneath Your Containers
Every Docker image is a stack of layers, and each one can introduce vulnerabilities. Learn how to dissect image layers for security risks and what tools actually help.
Docker Security Best Practices for Developers
Practical Docker security from image building to runtime, covering multi-stage builds, user namespaces, and image scanning.
Docker Scout for Container Security Analysis: A Practical Guide
Docker Scout brings vulnerability scanning directly into the Docker CLI. Here is what it actually catches, where it falls short, and how to integrate it into your workflow.
Docker Container Escape Vulnerabilities: Techniques and Defenses
Containers are not VMs. When an attacker escapes a container, they own the host — and potentially every other container running on it. Here are the escape techniques you need to defend against.
Container Image Vulnerabilities: 2021 Year in Review
Container security matured significantly in 2021, but the vulnerability landscape in base images, registries, and runtime configurations remains concerning.
Docker Hub Malicious Images and Cryptomining Campaigns
Researchers found that millions of Docker Hub pulls go to images containing cryptominers, backdoors, and other malware. Here's how to protect your container pipeline.