Safeguard
Tag

kubernetes

Safeguard articles tagged "kubernetes" — guides, analysis, and best practices for software supply chain and application security.

125 articles

Container Security

External Secrets Operator: A Kubernetes Guide

A senior engineer's walkthrough of External Secrets Operator, covering architecture, SecretStore design, rotation, and the patterns that hold up in production.

Jul 18, 20247 min read
DevSecOps

ArgoCD GitOps Security Depth

A deep look at ArgoCD security in production: RBAC models, repo credentials, ApplicationSet risks, and the CVEs that have shaped the current hardening defaults.

Jun 25, 20246 min read
Container Security

containerd Security Configuration Guide

containerd runs most of Kubernetes today. Its defaults are reasonable, but reasonable is not hardened. Here is how to close the gaps.

May 12, 20246 min read
Open Source Security

CNCF Project Security Audits: What They Find and Why They Matter

The Cloud Native Computing Foundation funds independent security audits for its projects. The findings reveal patterns that every cloud native adopter should understand.

May 12, 20246 min read
Container Security

Kubernetes Network Policies: The Supply Chain Angle

Network policies are usually framed as a zero-trust tool. They are also one of the best defenses against a compromised dependency.

Apr 8, 20247 min read
Kubernetes Security

Kubernetes Secrets Management: Vault, Sealed Secrets, SOPS, and External Secrets Compared

Kubernetes Secrets are base64-encoded, not encrypted. That is the start of the problem. Here is a no-nonsense comparison of the tools that actually solve secrets management in Kubernetes.

Apr 8, 20247 min read
Vulnerability Analysis

Kubernetes CVE-2024-3177: Bypassing Mountable Secrets Policy

A medium-severity Kubernetes vulnerability allowed pods to access secrets they should not have been able to mount, undermining RBAC-based secret isolation in multi-tenant clusters.

Mar 10, 20245 min read
DevSecOps

Tekton Pipelines Hardening Guide

A practical hardening guide for Tekton Pipelines covering TaskRun isolation, step image provenance, workspace secrets, and the CVE history that shaped the current defaults.

Mar 8, 20247 min read
Container Security

VM to Container: Supply Chain Implications of the Migration

What changes in your software supply chain when you move from virtual machines to containers, and how to adapt governance, scanning, and provenance accordingly.

Mar 8, 20247 min read
Container Security

Kubernetes Secrets Encryption Providers Reviewed

etcd encryption at rest finally works out of the box. The question is which provider you use, and the trade-offs have sharpened in 2024.

Mar 5, 20248 min read
SBOM

SBOMs for Microservices Architecture: Managing Complexity at Scale

When your application is 50 services with 50 dependency trees, SBOM management stops being simple. Here's how to handle it.

Feb 20, 20246 min read
Container Security

gVisor Runtime Security Deep Dive

gVisor intercepts syscalls in userspace and implements a minimal kernel in Go. It is a genuinely different approach, with genuinely different trade-offs.

Feb 18, 20247 min read
kubernetes (Page 9) — Safeguard Blog