Safeguard
Tag

kubernetes-security

Safeguard articles tagged "kubernetes-security" — guides, analysis, and best practices for software supply chain and application security.

125 articles

Best Practices

Defense-in-depth for a modern cloud-native application stack

Log4Shell and the XZ backdoor were caught two different ways — one by patching, one by a developer noticing 500ms of extra SSH latency. Neither alone is a strategy.

Jul 8, 20266 min read
DevSecOps

The GitOps security model: risks and controls

GitOps turns a Git repo into a deploy button — Argo CD's own CVE-2022-24348 path traversal proved what happens when that button isn't locked down.

Jul 8, 20266 min read
Kubernetes Security

Implementing mTLS in Kubernetes clusters: a hands-on guide

Kubernetes ships zero built-in encryption for pod-to-pod traffic — here's how cert-manager and service meshes fix that, and the five misconfigurations that quietly undo it.

Jul 8, 20266 min read
DevSecOps

Rego for security engineers: a beginner's guide to OPA policy

Rego graduated from Styra research project to a CNCF-graduated standard in under five years. Here's how to write your first real OPA/Conftest policy.

Jul 8, 20267 min read
Kubernetes Security

Hardening Amazon EKS With Native AWS Controls

AWS secures the EKS control plane and etcd — everything else, from IAM to security groups to node OS patching, is on you under the shared responsibility model.

Jul 8, 20267 min read
Cloud Security

Securing Managed Kubernetes: EKS, AKS, and GKE Compared

A cross-cloud guide to hardening managed Kubernetes — the shared responsibility line, cloud IAM-to-pod integration, network policy, Pod Security Standards, and node hardening across EKS, AKS, and GKE.

Jul 6, 20265 min read
Container Security

Kubernetes RBAC Security: Least Privilege That Actually Holds

Wildcard verbs, cluster-admin bindings, and forgotten service account tokens turn RBAC into a rubber stamp. Here is how to design roles that contain a breach instead of amplifying it.

Jul 3, 20266 min read
Buyer's Guides

Best Kubernetes Security Tools in 2026: A Buyer's Guide

A balanced buyer's guide to the best Kubernetes security tools in 2026 — Aqua, Sysdig, Falco, Kubescape, Trivy, and Wiz — covering image scanning, admission control, runtime detection, and KSPM, plus where Safeguard fits.

Jul 2, 20266 min read
Container Security

Docker Security Pro Tips: Hardening Beyond the Basics

You already use a non-root user and a slim base. These are the pro-level Docker hardening tips — read-only filesystems, dropped capabilities, and the docker.sock trap — that actually stop breakouts.

Jul 2, 20265 min read
Container Security

Kubernetes Security Best Practices for 2026

A default Kubernetes cluster trusts too much: root pods, flat networking, and readable secrets. Here are the hardening practices that actually move the needle in 2026.

Jul 1, 20265 min read
Container Security

Container isolation with namespaces, cgroups, and seccomp

Namespaces, cgroups, and seccomp each isolate a different layer of a container — and a single misconfigured one, like CVE-2024-21626 showed, breaks all three.

Jun 27, 20266 min read
Container Security

Kubernetes Pod Security Standards explained

A breakdown of Kubernetes' Privileged, Baseline, and Restricted Pod Security Standards, how they replaced PodSecurityPolicy, and where enforcement typically fails.

Jun 26, 20267 min read
kubernetes-security (Page 2) — Safeguard Blog