Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A survey-style summary of container security in 2026: what production teams actually ship, where image security stands, and which runtime controls moved the needle.
Deploy the Safeguard admission controller to block images with unresolved critical vulnerabilities before they run in your cluster.
A production-focused look at FluxCD's security model, covering multi-tenancy isolation, source verification, image automation risks, and the CVE history behind the current defaults.
A deep look at ArgoCD security in production: RBAC models, repo credentials, ApplicationSet risks, and the CVEs that have shaped the current hardening defaults.
A medium-severity Kubernetes vulnerability allowed pods to access secrets they should not have been able to mount, undermining RBAC-based secret isolation in multi-tenant clusters.
A practical hardening guide for Tekton Pipelines covering TaskRun isolation, step image provenance, workspace secrets, and the CVE history that shaped the current defaults.
What changes in your software supply chain when you move from virtual machines to containers, and how to adapt governance, scanning, and provenance accordingly.
Ingress controllers are the front door to your Kubernetes cluster. Misconfigurations here expose everything behind them.
Calico is the most widely deployed Kubernetes network plugin. Its policy model is powerful but has gotchas that trip up even experienced teams.
Weekly insights on software supply chain security, delivered to your inbox.