Safeguard
Tag

OCI

Safeguard articles tagged "OCI" — guides, analysis, and best practices for software supply chain and application security.

9 articles

Tutorials

How to Scan a Container Image for Vulnerabilities

Scan any Docker or OCI image for OS-package and application-layer vulnerabilities, understand the results, and gate risky images before they reach your registry — with copy-paste commands.

Jul 2, 20266 min read
Supply Chain

GitHub Actions Immutable Actions GA: Why OCI-Backed Action Distribution Closes the tj-actions Class of Attack

GitHub's 2026 roadmap puts Immutable Actions GA at the center of Actions supply-chain hardening, publishing actions as OCI artifacts with hash-mismatch fail-fast and full composite-action visibility.

Mar 25, 20266 min read
Cloud Security

Oracle Cloud Tenancy Disclosure Practices: A Defender's Read

Oracle Cloud's disclosure cadence and tenancy isolation story have been pressure-tested across multiple incidents. We unpack what defenders should ask of their provider regardless of vendor.

Mar 25, 20267 min read
Container Security

OCI + CNCF Image Supply Chain: 2026 Snapshot

Where the OCI and CNCF image supply chain ecosystem actually sits in 2026, what has stabilized, what is still contested, and what to deploy now versus later.

Feb 3, 20267 min read
DevSecOps

Using OCI dynamic groups to authenticate CI/CD pipelines

A practical guide to eliminating static credentials in CI/CD using OCI dynamic groups, matching rules, and OCI DevOps service authentication instead of API keys.

Jan 7, 20268 min read
Container Security

Kubernetes 1.30 and 1.31 Security Rundown

ValidatingAdmissionPolicy GA, VolumeSource for OCI artifacts, and anonymous API cleanup: what 1.30 and 1.31 change for cluster security posture.

Sep 20, 20245 min read
SBOM

SBOM Storage and Distribution Infrastructure

Generating SBOMs is solved. Storing, versioning, and distributing them at scale is the next engineering challenge.

Sep 25, 20236 min read
Container Security

Container Image Signing with Cosign: A Practical Deep Dive

Cosign makes signing and verifying container images straightforward. Here's everything you need to know to implement it in your pipeline.

Nov 8, 20226 min read
Supply Chain Security

OCI Artifact Signing Standards: Making Sense of the Landscape

Container image signing has gone through multiple iterations. Here is where the OCI standards stand now and what you need to implement.

May 12, 20225 min read
OCI — Safeguard Blog