kubernetes
Safeguard articles tagged "kubernetes" — guides, analysis, and best practices for software supply chain and application security.
125 articles
Trivy Operator v0.30: Kubernetes Field Review
Trivy Operator hit v0.30 in early 2026 and the underlying Trivy v0.70 engine landed in April. We benchmarked the combo on a 60-node multi-tenant cluster.
Flux CD vs Argo CD: Security Comparison for 2026
A security-focused comparison of Flux 2.5 and Argo CD 3.1: trust models, multi-tenancy, secret handling, signature verification, and the operational differences.
GCP Binary Authorization Enforcement Runbook 2026
A practical 2026 runbook for enforcing GCP Binary Authorization in production, including attestation pipelines, break-glass procedures, and rollout sequencing.
Zarf Air-Gap Deployment: A 2026 Walkthrough
How Zarf 0.45 packages and deploys Kubernetes workloads into disconnected environments, where the design works well, and the operational realities to plan for.
Open Source Container Security: A Practical Guide
You can build a solid container security stack entirely from open source tools — here's which ones cover which layer, and where the gaps show up at scale.
Rolling Out Zero-CVE Base Images Org-Wide
A pragmatic playbook for migrating an entire engineering organisation onto zero-CVE base images, covering pilot selection, registry mirroring, drift control, and the hard people-side of the rollout.
Sigstore Policy Controller v0.15: TUF Delegation and Admission Posture
Policy Controller v0.15 ships sigstore-go's delegation-aware TUF client, a monthly cadence, and tighter integration with cosign 3.x. We benchmarked admission on a 400-node cluster.
Container Supply Chain Defence: Build To Run
An end-to-end view of container supply chain controls from source through registry to runtime, covering signing, attestation, admission policy, and runtime drift, with concrete checkpoints at each stage.
Kubernetes Admission Policy Real-World Deployment
What it actually takes to put Kubernetes admission policy into enforcement mode without breaking deployments: phased rollout, exception workflows, audit-mode hygiene, and policy authoring conventions that survive contact with engineers.
Container Image Supply Chain: From Dockerfile to Production
Every container pulled in production is a trust decision. Here's how to secure the chain from base image selection through Dockerfile to admission control.
Pod Supply Chain Attestation Validation
How to validate supply chain attestations at pod admission time without grinding deployments to a halt: which attestation types actually matter, how to chain verifications, and how to fail useful.
Aqua Security Platform Buyer Review 2026
An in-depth 2026 buyer review of the Aqua Security platform: runtime protection, image scanning, Kubernetes posture, pricing, and where Aqua fits and where it does not.