pod-security
Safeguard articles tagged "pod-security" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Pod Security Standards: The Complete Guide
PodSecurityPolicy is gone. Pod Security Admission and the three Pod Security Standards are how you enforce baseline and restricted profiles in modern Kubernetes — here is how to adopt them without breaking workloads.
Kubernetes Security Best Practices for 2026
A default Kubernetes cluster trusts too much: root pods, flat networking, and readable secrets. Here are the hardening practices that actually move the needle in 2026.
What is Kubernetes Pod Security
Pod Security Standards replaced PodSecurityPolicy in Kubernetes 1.25. Here's what Kubernetes pod security means and how to enforce it in production.
Kubernetes SecurityContext: The Settings That Matter
A pod's securityContext decides whether a compromised container is contained or a launchpad. Here are the fields that actually reduce blast radius — and the copy-paste block that sets a hardened baseline.
Kubernetes SecurityContext, Field by Field
SecurityContext in Kubernetes is where pod and container hardening actually lives — here's what each field controls and which defaults you should never leave in place.
Kubernetes SecurityContext Capabilities: Drop vs Add
Kubernetes securityContext capabilities let you strip Linux kernel privileges from a container instead of accepting the runtime default set — here's when to drop, when to add back, and why dropping ALL first is the right starting point.
Kubernetes Pod Security Standards: From PodSecurityPolicy to the New Admission Controller
PodSecurityPolicy is dead. Pod Security Standards replaced it. Here is what changed, what the three levels mean, and how to migrate without breaking your clusters.