Safeguard
Tag

kubernetes

Safeguard articles tagged "kubernetes" — guides, analysis, and best practices for software supply chain and application security.

125 articles

Container Security

Deploying Cilium Tetragon for eBPF Runtime Security in 2026

A practical guide to rolling out Tetragon for kernel-level runtime visibility, covering policy authoring, performance overhead, and integration with existing detection pipelines.

Mar 4, 20266 min read
Cloud Security

Container Runtime Security in 2026: What's Changed and What Hasn't

Container security has matured significantly, but runtime protection remains a weak spot. Here's a practical guide to what works.

Mar 1, 20266 min read
Container Security

Helm Chart Supply Chain Defence Blueprint

Helm charts are the most common Kubernetes deployment artifact and the least scrutinised. This blueprint covers chart provenance, signing, value validation, and the runtime correspondence checks that close the loop.

Feb 27, 20267 min read
Cloud Security

EKS Pod Identity vs IRSA: A 2026 Migration Playbook

How to migrate from IRSA to EKS Pod Identity in 2026, including the trade-offs, the operational gotchas, and the cases where IRSA still makes sense.

Feb 26, 20266 min read
Tool Comparison

Tetragon vs Falco: 2026 Runtime Security Field Test

Both Tetragon and Falco run on eBPF and both ship as CNCF projects. We benched them side by side on a 400-node cluster — coverage, overhead, and enforcement behavior.

Feb 26, 20266 min read
Cloud Security

AWS EKS Pod Identity vs. IRSA for Supply Chain

Pod Identity and IRSA both give EKS workloads AWS identities. The supply chain implications diverge once you look past the docs.

Feb 24, 20268 min read
Cloud Security

Aqua vs Sysdig Buyer Comparison 2026

Two specialist platforms that converged into CNAPP from different starting points. Container provenance, runtime forensics, eBPF coverage, and the cases where each tool earns its keep.

Feb 19, 20265 min read
Tutorials

Getting Started: Safeguard Kubernetes Admission

Deploy the Safeguard admission controller to block images with unresolved critical vulnerabilities before they run in your cluster.

Feb 19, 20267 min read
Container Security

How to set up Kubernetes RBAC

A step-by-step kubernetes RBAC setup guide covering Roles, RoleBindings, service accounts, least-privilege patterns, and how to verify and troubleshoot access.

Feb 17, 20267 min read
Container Security

K8s RBAC Blast Radius in Supply Chain Attacks

How Kubernetes RBAC determines what a supply chain attack can actually do once a compromised workload runs, and the RBAC patterns that meaningfully reduce blast radius.

Feb 16, 20268 min read
Container Security

How to configure Falco for runtime security monitoring

A practical walkthrough to configure Falco runtime security in Kubernetes: install, customize rules, route alerts, tune noise, and verify detection end-to-end.

Feb 14, 20268 min read
Tools

Kyverno ImageValidatingPolicy 2026: A Production Walkthrough

Kyverno 1.18 ships ImageValidatingPolicy as the new policy type for cosign signature, attestation, and SBOM verification. We migrated a 60-cluster fleet and graded the new model.

Feb 12, 20267 min read
kubernetes (Page 5) — Safeguard Blog