Safeguard
Tag

multi-stage-builds

Safeguard articles tagged "multi-stage-builds" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Container Security

Minimal, Non-Root Docker Images for Python: A Best-Practices Guide

CVE-2019-5736 let a malicious container overwrite the host runc binary via root access. Here's how multi-stage, non-root builds close that door for Python apps.

Jul 16, 20266 min read
Container Security

Containerizing Node.js apps: an updated Docker best-practices guide

The official node image ships a built-in non-root user, but COPY still writes files as root by default — most Node.js Dockerfiles never actually drop privileges.

Jul 13, 20267 min read
Container Security

Building a minimal, multi-stage, non-root Dockerfile for PHP

The official php:fpm image still runs its master process as root — a documented, still-open issue. Here's how to build a PHP Dockerfile that doesn't.

Jul 8, 20267 min read
Containers

Golang Docker Images: Building Them Right

How to build Golang Docker images that stay small, patch cleanly, and don't ship a compiler toolchain into production, using multi-stage builds done properly.

Nov 4, 20256 min read
Container Security

How Snyk Container handles multi-stage Docker builds duri...

How Snyk Container identifies base images, attributes vulnerabilities to Dockerfile instructions, and scopes scans across multi-stage Docker builds.

Sep 6, 20257 min read
DevSecOps

Multi-Stage Docker Builds: The Security Implications Nobody Talks About

Multi-stage builds reduce image size, but they also introduce security considerations around build secrets, layer caching, and dependency leakage.

Feb 12, 20246 min read
multi-stage-builds — Safeguard Blog