Container Security
Kubernetes Secrets Encryption Providers Reviewed
etcd encryption at rest finally works out of the box. The question is which provider you use, and the trade-offs have sharpened in 2024.
Mar 5, 20248 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
etcd encryption at rest finally works out of the box. The question is which provider you use, and the trade-offs have sharpened in 2024.
When your application is 50 services with 50 dependency trees, SBOM management stops being simple. Here's how to handle it.
gVisor intercepts syscalls in userspace and implements a minimal kernel in Go. It is a genuinely different approach, with genuinely different trade-offs.
A hands-on tutorial for blocking unsigned container images at the Kubernetes admission layer using Cosign, Sigstore policy-controller, and keyless verification.
SCCs predate Pod Security Admission by a decade and are more powerful. That power is also why OpenShift newcomers find them confusing.
Container escapes remain a real threat in multi-tenant environments. A look at the latest techniques, CVEs, and defenses as container security matures in 2023.
By default, every pod can talk to every other pod. Network policies change that, but most implementations are incomplete. Here is how to build real microsegmentation in Kubernetes.
Kubernetes 1.27 graduated seccomp default, introduced in-place pod resize, and cleaned up admission. Here is what actually matters for cluster security.
An in-depth review of the Aqua Security platform covering container security, runtime protection, Kubernetes scanning, and how it fits into a modern DevSecOps workflow.
Weekly insights on software supply chain security, delivered to your inbox.