Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Falco's 0.40 release line makes modern eBPF (CO-RE) the default driver, deprecates the legacy probe and gVisor engine, and changes how operators ship Falco. Here's what changed and what to test.
Container security has matured significantly, but runtime protection remains a weak spot. Here's a practical guide to what works.
Both Tetragon and Falco run on eBPF and both ship as CNCF projects. We benched them side by side on a 400-node cluster — coverage, overhead, and enforcement behavior.
When to deploy IAST, when to deploy RASP, and when to skip both. A pragmatic decision tree based on application architecture, threat model, and operational maturity.
A practical look at Cilium Tetragon for Kubernetes runtime security, what eBPF gives you that audit logs do not, and where Tetragon fits in a real stack.
Static analysis catches known vulnerabilities. Runtime detection catches exploitation. Here is how to implement runtime threat detection for containerized workloads.
Field notes on running Tetragon, Falco, and Cilium eBPF controls in production Kubernetes clusters, with observed overhead, policy traps, and kernel constraints.
containerd runs most of Kubernetes today. Its defaults are reasonable, but reasonable is not hardened. Here is how to close the gaps.
gVisor intercepts syscalls in userspace and implements a minimal kernel in Go. It is a genuinely different approach, with genuinely different trade-offs.
Weekly insights on software supply chain security, delivered to your inbox.