Safeguard
Tag

kubernetes-security

Safeguard articles tagged "kubernetes-security" — guides, analysis, and best practices for software supply chain and application security.

125 articles

Container Security

Kubernetes securityContext settings guide

A field-by-field guide to Kubernetes securityContext: which settings stop container breakouts, how to enforce them cluster-wide, and how to audit gaps.

Jun 26, 20266 min read
Container Security

Kubernetes RBAC best practices

RBAC drift and over-broad bindings are the top cause of Kubernetes lateral movement. Six concrete, question-first practices to lock down access before it's exploited.

Jun 26, 20267 min read
Container Security

Kubernetes network policies for zero trust

Kubernetes network policies default to allow-all. Here is how default-deny rules, CNI enforcement, and policy testing build real zero-trust segmentation.

Jun 26, 20267 min read
Container Security

Securing Kubernetes Secrets management

Base64 isn't encryption. Here's how Kubernetes Secrets actually get exposed, and the encryption, RBAC, and rotation controls that fix it.

Jun 25, 20266 min read
Container Security

Kubernetes admission controllers for security

How Kubernetes admission controllers work, why defaults leave clusters exposed, and how Pod Security Admission, OPA Gatekeeper, and Kyverno close the gap.

Jun 25, 20266 min read
Container Security

Helm chart security scanning

Helm charts can render insecure RBAC, network policies, and default passwords even when the container image itself passes every vulnerability scan cleanly.

Jun 24, 20267 min read
Container Security

Container configuration drift detection at runtime

Container images pass CI clean, but running containers drift within hours via exec sessions, sidecars, and webhooks. Here's how to detect it at runtime.

Jun 24, 20267 min read
Container Security

Minimizing container attack surface

Container images ship 400+ CVEs on average but under 15% are reachable. Learn concrete, numbers-backed steps to cut container attack surface.

Jun 23, 20266 min read
Container Security

EKS vs GKE vs AKS: managed Kubernetes security compared

A technical breakdown of EKS, GKE, and AKS security: default hardening gaps, IAM models, real CVEs, and audit logging differences teams must know.

Jun 22, 20268 min read
Cloud Security

Container security for Kubernetes and Docker

A practical glossary breakdown of container security for Kubernetes and Docker: the real risks, key benchmarks, and where code-scanning tools like Checkmarx fall short.

Jun 22, 20267 min read
Container Security

Container escape vulnerabilities explained

Container escape vulnerabilities let attackers break out of isolation and reach the host kernel. Here's how CVE-2024-21626 and CVE-2019-5736 actually work.

Jun 22, 20267 min read
Infrastructure Security

Introduction to Open Policy Agent and Rego

A concrete walkthrough of Open Policy Agent and Rego — how OPA evaluates decisions, a runnable policy example, and where it fits in supply chain security.

Jun 18, 20268 min read
kubernetes-security (Page 3) — Safeguard Blog