Cloud Security
Container Runtime Security in 2026: What's Changed and What Hasn't
Container security has matured significantly, but runtime protection remains a weak spot. Here's a practical guide to what works.
Mar 1, 20266 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Container security has matured significantly, but runtime protection remains a weak spot. Here's a practical guide to what works.
Cloudflare Workers collapse the build, deploy, and runtime into one surface. That changes the supply chain threat model in ways most teams underestimate.
Pod Identity and IRSA both give EKS workloads AWS identities. The supply chain implications diverge once you look past the docs.
Running supply chain controls across AWS, Azure, and GCP means picking the right abstractions. Here is which ones hold up and which ones you will regret.
Each major cloud provider approaches supply chain security differently. Here's a practical comparison and what it means for multi-cloud organizations.
GCP's Artifact Analysis API is the most direct way to get scan results into your triage tooling. Here is how to use it without drowning your team.
Azure Container Registry plus Notation gives you signing, trust policy, and AKS enforcement without bolting on Sigstore. Here is how the pieces actually fit together.
GitLab CI OIDC tokens are becoming the keys to cloud kingdoms. Recent research shows how workflow misconfigurations leak them in surprising ways.
ECR now supports Notation-based image signing and trust policy enforcement. Here is how to design signing policies that survive scale and auditors.
Weekly insights on software supply chain security, delivered to your inbox.