Safeguard
Tag

kubernetes

Safeguard articles tagged "kubernetes" — guides, analysis, and best practices for software supply chain and application security.

125 articles

Containers

Best Container Security Tools in 2026

Image scanners, runtime sensors, and Kubernetes posture tools each catch different failures. Here is how the leading options compare in 2026 — and how to pick a stack without buying three overlapping scanners.

Feb 12, 20266 min read
Container Security

Kubernetes Admission Controller Policy Patterns in 2026

A field guide to the admission control patterns that survived contact with production clusters: validating webhooks, image policy, mutating defaults, and what to skip.

Feb 11, 20266 min read
Tools

Best Kubernetes Admission Controllers for Supply Chain Security

Kyverno, OPA Gatekeeper, Sigstore policy-controller, Ratify, or plain CEL? A field guide to admission controllers that actually block unsigned and vulnerable images.

Feb 7, 20266 min read
Emerging Technology

Leaky Vessels: The runc Container Escape Class (2024)

Leaky Vessels bundled four CVEs that let container processes escape into the host. Two years later the class is still mispatched and misunderstood.

Feb 4, 20267 min read
Container Security

Sigstore Policy Controller for K8s in Production

How the Sigstore Policy Controller actually runs in production, what it does better than Kyverno, and the operational pitfalls nobody mentions in the quickstart.

Jan 30, 20267 min read
Containers

Container Security Solutions vs Platforms: What You're Actually Buying

Container security solutions and container security platforms get marketed almost interchangeably — here's the actual difference in scope and what each one leaves you to build yourself.

Jan 27, 20265 min read
Container Security

Cilium Tetragon Runtime Security with eBPF

A practical look at Cilium Tetragon for Kubernetes runtime security, what eBPF gives you that audit logs do not, and where Tetragon fits in a real stack.

Jan 26, 20267 min read
Container Security

Deploying Falco for Runtime Security in 2026

A pragmatic deployment guide for Falco 0.41 in production Kubernetes: driver selection, rule tuning, alert routing, and the operational debt teams underestimate.

Jan 22, 20265 min read
Container Security

Container Security Best Practices Checklist 2026

A practical container security checklist for 2026 covering base images, runtime controls, registry hygiene, and signing, with specific thresholds defenders can adopt.

Jan 22, 20265 min read
Container Security

Cosign for Container Signing: A Production Setup

A working production setup for Cosign image signing across CI, registries, and Kubernetes admission, including the parts that break at scale and how to recover.

Jan 22, 20267 min read
Container Security

K8s Admission Controllers for Supply Chain Policy

How to design Kubernetes admission controllers that enforce supply chain policy without turning every deploy into a 30-minute argument with the cluster.

Jan 13, 20266 min read
Container Security

How Container Threat Detection identifies runtime attacks...

How Container Threat Detection GCP watches GKE kernels for reverse shells, added binaries, and privilege escalation—and why runtime signals catch what image scanning can't.

Jan 10, 20266 min read
kubernetes (Page 6) — Safeguard Blog