Safeguard
Tag

image-signing

Safeguard articles tagged "image-signing" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Container Security

Container-handling security fundamentals: immutability, signing, and privilege drops

Two runc CVEs, five years apart, both turned root-in-container into root-on-host — proof that container isolation needs backup, not blind trust.

Jul 11, 20267 min read
Container Security

Securing Container Registries: From Push to Pull

Your registry is the single point every image passes through — and a favorite target for attackers who want to poison many deployments at once. Here is how to lock it down end to end.

Jul 4, 20265 min read
Tools

Best Kubernetes Admission Controllers for Supply Chain Security

Kyverno, OPA Gatekeeper, Sigstore policy-controller, Ratify, or plain CEL? A field guide to admission controllers that actually block unsigned and vulnerable images.

Feb 7, 20266 min read
Cloud Security

AWS Signer with Notation: Designing a Trust Policy That Survives Contact

AWS Signer integrates with Notation for OCI image signing. The hard part is not signing — it is the trust policy that decides what gets to run. We walk through one that holds up.

Jan 28, 20267 min read
Container Security

Scanning Oracle Cloud Infrastructure Registry images for ...

A step-by-step guide to OCIR vulnerability scanning: enabling OCI's Vulnerability Scanning Service, triggering push-time scans, triaging CVEs, and signing verified images.

Jan 9, 20268 min read
Container Security

Kubernetes Admission Controllers for Supply Chain Policy

Admission controllers are the only Kubernetes enforcement point that sees every workload before it runs. That makes them the right place to enforce image provenance, signing, and SBOM policies.

Sep 18, 20226 min read
image-signing — Safeguard Blog