Safeguard
Tag

kubernetes

Safeguard articles tagged "kubernetes" — guides, analysis, and best practices for software supply chain and application security.

125 articles

Tools

Trivy Operator v0.30: Kubernetes Field Review

Trivy Operator hit v0.30 in early 2026 and the underlying Trivy v0.70 engine landed in April. We benchmarked the combo on a 60-node multi-tenant cluster.

May 13, 20267 min read
DevSecOps

Flux CD vs Argo CD: Security Comparison for 2026

A security-focused comparison of Flux 2.5 and Argo CD 3.1: trust models, multi-tenancy, secret handling, signature verification, and the operational differences.

May 13, 20266 min read
Cloud Security

GCP Binary Authorization Enforcement Runbook 2026

A practical 2026 runbook for enforcing GCP Binary Authorization in production, including attestation pipelines, break-glass procedures, and rollout sequencing.

Apr 30, 20265 min read
DevSecOps

Zarf Air-Gap Deployment: A 2026 Walkthrough

How Zarf 0.45 packages and deploys Kubernetes workloads into disconnected environments, where the design works well, and the operational realities to plan for.

Apr 22, 20266 min read
Containers

Open Source Container Security: A Practical Guide

You can build a solid container security stack entirely from open source tools — here's which ones cover which layer, and where the gaps show up at scale.

Apr 22, 20265 min read
Container Security

Rolling Out Zero-CVE Base Images Org-Wide

A pragmatic playbook for migrating an entire engineering organisation onto zero-CVE base images, covering pilot selection, registry mirroring, drift control, and the hard people-side of the rollout.

Apr 11, 20267 min read
Tools

Sigstore Policy Controller v0.15: TUF Delegation and Admission Posture

Policy Controller v0.15 ships sigstore-go's delegation-aware TUF client, a monthly cadence, and tighter integration with cosign 3.x. We benchmarked admission on a 400-node cluster.

Apr 8, 20267 min read
Container Security

Container Supply Chain Defence: Build To Run

An end-to-end view of container supply chain controls from source through registry to runtime, covering signing, attestation, admission policy, and runtime drift, with concrete checkpoints at each stage.

Apr 7, 20267 min read
Container Security

Kubernetes Admission Policy Real-World Deployment

What it actually takes to put Kubernetes admission policy into enforcement mode without breaking deployments: phased rollout, exception workflows, audit-mode hygiene, and policy authoring conventions that survive contact with engineers.

Apr 3, 20267 min read
Container Security

Container Image Supply Chain: From Dockerfile to Production

Every container pulled in production is a trust decision. Here's how to secure the chain from base image selection through Dockerfile to admission control.

Mar 30, 20268 min read
Container Security

Pod Supply Chain Attestation Validation

How to validate supply chain attestations at pod admission time without grinding deployments to a halt: which attestation types actually matter, how to chain verifications, and how to fail useful.

Mar 29, 20267 min read
Container Security

Aqua Security Platform Buyer Review 2026

An in-depth 2026 buyer review of the Aqua Security platform: runtime protection, image scanning, Kubernetes posture, pricing, and where Aqua fits and where it does not.

Mar 26, 20265 min read
kubernetes (Page 3) — Safeguard Blog