network-policy
Safeguard articles tagged "network-policy" — guides, analysis, and best practices for software supply chain and application security.
8 articles
Container security: five best practices for provenance, runtime, and network
A single runc bug (CVE-2024-21626) enabled full container escapes in early 2024 — proof that provenance and network defaults matter as much as image scanning.
Kubernetes Network Policies: A Practical Guide
By default every pod in a Kubernetes cluster can talk to every other pod. NetworkPolicies are how you replace that flat network with least-privilege segmentation — here is how to design and roll them out without breaking traffic.
Kubernetes Security Best Practices for 2026
A default Kubernetes cluster trusts too much: root pods, flat networking, and readable secrets. Here are the hardening practices that actually move the needle in 2026.
Kubernetes network policies for zero trust
Kubernetes network policies default to allow-all. Here is how default-deny rules, CNI enforcement, and policy testing build real zero-trust segmentation.
Lessons from the CNCF Kubernetes security audit
The 2019 CNCF Kubernetes security audit found 37 issues rooted in insecure defaults. Here's what it uncovered and what still applies today.
Network egress controls for autonomous agent runtimes
Autonomous agents need network access to do useful work, and that access is exactly what attackers exploit when they trick an agent into exfiltrating data. Here is how to design egress controls that hold up under adversarial pressure.
Kubernetes Network Policies: The Supply Chain Angle
Network policies are usually framed as a zero-trust tool. They are also one of the best defenses against a compromised dependency.
Calico Network Policy Best Practices for Production Kubernetes
Calico is the most widely deployed Kubernetes network plugin. Its policy model is powerful but has gotchas that trip up even experienced teams.