Safeguard
Tag

kubernetes-security

Safeguard articles tagged "kubernetes-security" — guides, analysis, and best practices for software supply chain and application security.

125 articles

Container Security

Containers Running in Privileged Mode: Risks and Fixes

Docker's --privileged flag strips seccomp, AppArmor, and capability limits in one line. Here's how attackers exploit it, real CVEs, and how to lock it down.

Oct 28, 20257 min read
Vulnerability Analysis

CVE-2024-21626: runc process.cwd Container Breakout Deep ...

A technical breakdown of CVE-2024-21626, the runc process.cwd() flaw enabling container breakout to host access, with detection and remediation guidance.

Oct 28, 20257 min read
Container Security

How Snyk Container integrates with Kubernetes workloads f...

How Snyk Container's Kubernetes integration uses a read-only controller to continuously re-check running workload images as new CVEs are disclosed.

Sep 6, 20257 min read
Container Security

How image digest pinning strengthens container supply cha...

How SHA-256 image digests, unlike mutable tags, anchor Snyk container scans to the exact artifact that ships—and why that distinction matters for supply chain integrity.

Sep 4, 20257 min read
Container Security

How Snyk IaC scans Kubernetes manifests and Helm charts f...

A technical walkthrough of how Snyk IaC parses Kubernetes manifests, renders Helm charts, and checks them against CIS benchmarks before deployment.

Sep 3, 20257 min read
Container Security

How Snyk IaC's admission-time Kubernetes scanning differs...

How Snyk IaC's static manifest scanning, the Snyk Controller's in-cluster monitoring, and true Kubernetes admission control mechanically differ — and why the gap between them matters.

Aug 30, 20257 min read
Containers

Container Security Testing Methods, Compared

Image scanning, runtime monitoring, and configuration auditing all count as container security testing, but they catch different things at different stages — here's how to combine them.

Aug 14, 20255 min read
Container Security

Why Cloud Security Ownership Keeps Falling Into the Gap B...

Misconfigurations sit unpatched for months because three teams each assume someone else owns them. Here's why the cloud security ownership gap keeps widening.

Aug 5, 20257 min read
Container Security

The Real Trade-Off Between Deployment Speed and Cloud Sec...

Deployment speed and cloud security maturity aren't opposites. Real breaches trace to blind spots, not velocity — here's what the data actually shows engineering leaders.

Aug 5, 20258 min read
Container Security

Kubernetes RBAC Sprawl and Why It's Rarely Audited

Kubernetes RBAC grows faster than anyone tracks it, and there's no built-in tool to audit it. Here's why sprawl happens and what a real audit checks.

Aug 4, 20257 min read
Container Security

Why Ephemeral Infrastructure Makes Traditional Vulnerabil...

Containers now live for minutes, not months. Here's why periodic vulnerability scanning can't see ephemeral infrastructure — and what actually closes the gap.

Aug 4, 20257 min read
Container Security

Sidecar Proxies and the Expanding Attack Surface of Servi...

Sidecar proxies like Envoy quietly double your cluster's attack surface. Real CVEs from 2023–2024 show how mesh sidecars get exploited — and how to actually secure them.

Aug 3, 20257 min read
kubernetes-security (Page 10) — Safeguard Blog