helm
Safeguard articles tagged "helm" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Helm Chart Security Best Practices
Helm charts template every RBAC binding, image reference, and secret your cluster runs. Here is how to harden charts, verify provenance, and stop a templating tool from quietly shipping cluster-admin.
When Configuration Is the Vulnerability: Microsoft's May 2026 Look at Exposed AI Apps on Kubernetes
Microsoft's May 14, 2026 research found AI frameworks shipping Helm charts that expose web UIs on internet-facing LoadBalancers with no authentication and cluster-admin service accounts. Mage AI on port 6789 was the headline, but it was far from alone.
Helm 2 Tiller's Default Unauthenticated gRPC Endpoint (CV...
CVE-2019-18658 shows how Helm 2's Tiller ran an unauthenticated gRPC endpoint by default, letting network-adjacent attackers seize cluster-admin control.
Helm Chart Repository Index Cache Confusion Vulnerability...
CVE-2021-32690 is a Helm chart repository index cache confusion flaw fixed in 3.6.1 that could push users toward an unintended chart. Here's what matters.