ebpf
Safeguard articles tagged "ebpf" — guides, analysis, and best practices for software supply chain and application security.
20 articles
Connecting build, deploy, and runtime security into one AppSec lifecycle
The XZ Utils backdoor (CVE-2024-3094) was found in the build chain; most tools that would have caught it stop at deploy. Here's how to close that gap.
Falco vs. Tetragon vs. Tracee: choosing a Kubernetes runtime security tool
Falco graduated CNCF in February 2024, Tetragon enforces in-kernel, and Tracee ships 330+ prebuilt eBPF detections — here's when each one actually wins.
Container Runtime Security Monitoring: Catching the Breach in Progress
Scanning tells you what could go wrong before deploy. Runtime monitoring tells you what is going wrong right now. Here is how to detect container attacks as they happen.
eBPF Runtime Security for Kubernetes
eBPF lets you observe and enforce security at the kernel level — every syscall, network connection, and process exec — without kernel modules or instrumenting your apps. Here is how tools like Falco, Tetragon, and Cilium use it to catch what image scanning cannot.
Runtime security tools for Kubernetes clusters
A concrete look at Kubernetes runtime security tools — Falco, Tetragon, Tracee, eBPF, and recent CVEs — and what to check before you buy one.
eBPF in Kubernetes
eBPF gives Kubernetes deep runtime visibility, but it only sees what a container does after it starts. Here's what Aqua's Tracee gets right, and where supply chain gaps remain.
What is Container Runtime Security
Container runtime security monitors running containers for malicious behavior that image scanning can't catch — here's how it works and why it matters.
Falco 0.40: Modern eBPF Is Now Default
Falco's 0.40 release line makes modern eBPF (CO-RE) the default driver, deprecates the legacy probe and gVisor engine, and changes how operators ship Falco. Here's what changed and what to test.
Deploying Cilium Tetragon for eBPF Runtime Security in 2026
A practical guide to rolling out Tetragon for kernel-level runtime visibility, covering policy authoring, performance overhead, and integration with existing detection pipelines.
Tetragon vs Falco: 2026 Runtime Security Field Test
Both Tetragon and Falco run on eBPF and both ship as CNCF projects. We benched them side by side on a 400-node cluster — coverage, overhead, and enforcement behavior.
What is Runtime Protection
Runtime protection catches what pre-deployment scanning can't — live attacks like the XZ Utils backdoor and Log4Shell exploitation, detected only in production.
Cilium Tetragon Runtime Security with eBPF
A practical look at Cilium Tetragon for Kubernetes runtime security, what eBPF gives you that audit logs do not, and where Tetragon fits in a real stack.