Safeguard
Tag

kubernetes-security

Safeguard articles tagged "kubernetes-security" — guides, analysis, and best practices for software supply chain and application security.

125 articles

Vulnerability Analysis

CRI-O 'cr8escape' Sysctl Injection Container Escape (CVE-...

CVE-2022-0811 (cr8escape) is a CRI-O flaw where an unvalidated sysctl injection let attackers escape containers and gain root on Kubernetes hosts.

Nov 21, 20257 min read
Open Source Security

Kubernetes and Go supply chain risk report

Kubernetes leans on thousands of Go modules. New analysis shows how typosquats and vendored code turn that dependency into real supply chain risk.

Nov 19, 20258 min read
Open Source Security

Cloud-native Go services vulnerability landscape

A runc escape trilogy, a gRPC-Go bypass, and a lingering SSH auth flaw reveal how concentrated risk in Go now shapes the cloud native vulnerability landscape.

Nov 19, 20258 min read
Buyer's Guides

Best Kubernetes security scanning tools

A practical, no-fluff comparison of Kubernetes security scanning tools — CIS benchmark coverage, runtime detection, and where each real vendor falls short.

Nov 17, 20258 min read
Container Security

Outdated container images still running in production

New industry data shows most production containers still run on stale, vulnerable base images months after fixes ship -- here's why, and how to close the gap.

Nov 17, 20258 min read
Container Security

Kubernetes Helm chart vulnerability trends

New Safeguard research finds most public Helm charts ship risky defaults and stale image pins—here's what the data shows and how to fix it.

Nov 16, 20257 min read
Buyer's Guides

Best Kubernetes admission control tools

A practical comparison of Kubernetes admission control tools — OPA/Gatekeeper, Kyverno, Kubewarden, Styra, jsPolicy, and Polaris — with real strengths, limits, and evaluation criteria.

Nov 12, 20258 min read
Buyer's Guides

Best runtime container security tools

A practical comparison of runtime container security tools, from eBPF-based monitoring to commercial threat detection platforms, and what to weigh before buying.

Nov 11, 20259 min read
Containers

Writing a Container Security Policy That Actually Holds

Most container security policies get written once, ignored during the next sprint, and rediscovered during an audit — here's how to write one that engineers actually follow.

Nov 3, 20255 min read
Cloud Security

Kubernetes secrets management vulnerability guide

Kubernetes Secrets are base64, not encrypted. Real CVEs and the Tesla breach show how attackers exploit that gap — and how to close it.

Nov 3, 20257 min read
Cloud Security

Container runtime security (containerd/CRI-O) vulnerability roundup

Container runtime CVEs like the runc Leaky Vessels flaw and CRI-O's cr8escape show how containerd and CRI-O bugs turn into full host takeovers.

Nov 2, 20257 min read
Container Security

Containers Not Dropping Default Linux Capabilities

Docker grants every container 14 Linux capabilities by default. Here's why NET_RAW, SYS_CHROOT, and friends turn contained compromises into breakouts—and how to drop them safely.

Oct 28, 20257 min read
kubernetes-security (Page 9) — Safeguard Blog