Allison Jackson

12 de enero de 2026

Container base image patching is the process of updating the OS and runtime libraries in the base layer of a container image to remediate vulnerabilities and keep images secure.

A Kubernetes engineer is a specialized tech role responsible for the design, deployment, and maintenance of container orchestration platforms.

.

Azure Container Security Scanning finds vulnerabilities and misconfigurations in container images and workloads in Azure Container Registry and AKS.

AWS container scanning is the practice of identifying security issues in your software containers before they run in production.

Docker vulnerability scanning is the automated process of analyzing container images to find known security weaknesses.

Shashank Golla

24 de diciembre de 2025

We cover the top container security tools across 7 common use cases, including image scanning, compliance, secrets management, and runtime security.

Container image scanning is the automated process of analyzing container images for security vulnerabilities, misconfigurations, and compliance violations.

.

Nicolas Ehrman

12 de diciembre de 2025

Container monitoring is the process of collecting, analyzing, and reporting metrics and data related to the performance and health of containerized applications and their hosting environments.

Runtime scanning answers a critical question: 'What is runtime security for containers?' It focuses on detecting live behaviors, active threats, and anomalies that only appear when containers execute under real production traffic.

Kubernetes YAML is the declarative file format Kubernetes uses to define, configure, and manage cluster resources.

eBPF provides deep visibility into network traffic and application performance while maintaining safety and efficiency by executing custom code in response to the kernel at runtime.

Shashank Golla

14 de noviembre de 2025

Container security scanning detects vulnerabilities early for an efficient DevSecOps process. Discover how it safeguards containers throughout the lifecycle.

Nicolas Ehrman

6 de noviembre de 2025

Looking to make the most of containerization while minimizing risk? Container scanning solutions are a critical line of defense that help ensure the safe and secure deployment of applications.

Container escape is when an attacker breaks out of a container’s isolation to gain unauthorized access to the host system.

Nicolas Ehrman

2 de noviembre de 2025

It’s a good idea to consider a range of Kubernetes security tools. Open source solutions can greatly improve the security of your Kubernetes clusters, so this section explores the top 11 open-source Kubernetes security tools that can help to safeguard your Kubernetes environment.

Understand the total cost of running Kubernetes: control plane, nodes, add‑ons, and time spent by engineers/operators.

Kubernetes security incidents differ fundamentally from traditional IT breaches. Containers and pods are ephemeral—some containers live for only seconds or minutes. They're created, destroyed, and moved within seconds, making it far harder to track attacks compared to static servers.

Nodes are the physical or virtual machines that provide computing resources in a Kubernetes cluster, while pods are the smallest deployable units that contain one or more containers

The Kubernetes control plane is the cluster’s management layer that exposes the API, stores cluster state, and continuously reconciles desired configuration—scheduling, scaling, and replacing pods as needed—to keep applications healthy and consistent across nodes.

Containerization vs virtualization compares containers sharing the host kernel with virtual machines, covering resource use, security, and scalability.

Nicolas Ehrman

30 de septiembre de 2025

The open-source nature of Kubernetes means that it is continually being updated and improved, which introduces new features and functionalities—as well as new vulnerabilities. Understand the most pressing K8 security challenges.

A container platform is a comprehensive solution that allows organizations to efficiently create, deploy, and manage containers.

Nicolas Ehrman

25 de septiembre de 2025

Learn how to configure Kubernetes security contexts, avoid common misconfigurations, and apply best practices for running secure clusters in production.

.

Nicolas Ehrman

4 de septiembre de 2025

Kubernetes namespaces divide a given cluster into virtual clusters, helping to separate and manage resources while still keeping them within the same physical cluster. By segregating workloads and applying policies per namespace, you can create boundaries that keep your multi-tenant environments safe and organized.

Explore the top Docker alternatives with in-depth comparisons, practical insights, and expert tips for selecting the right container tool for your needs.

Nicolas Ehrman

22 de agosto de 2025

Learn about a container registry’s role in the software supply chain, compare top providers, and discover best practices for secure container image management.

Nicolas Ehrman

15 de agosto de 2025

In this post, we’ll unpack the technical realities of securing Kubernetes in multi-cloud environments. We’ll cover common architectural patterns, dive into key security challenges, and walk through best practices for building a more secure, scalable, and consistent posture across clouds

Nicolas Ehrman

14 de agosto de 2025

In this article we will walk through Kubernetes security best practices, explore key Kubernetes security tools, and show how safeguarding every aspect of container security is vital.

Nicolas Ehrman

15 de julio de 2025

Learn essential AKS security concepts and best practices to protect your Kubernetes environments, safeguard applications, and stay ahead of evolving threats.

A base image is the foundational layer of every container—it acts like the container’s operating system (OS), providing core files, dependencies, and configurations needed to run your application.

Container vulnerability management is the process of finding and fixing flaws throughout the container stack.

A KBOM inventories every orchestration-layer component—from control-plane services and node binaries to CNI plugins and custom resources.

Nicolas Ehrman

2 de mayo de 2025

Get Kubernetes RBAC best practices all in one place. Plus, learn actionable tips for beginners and advanced cloud security teams (and tools to use to improve).

Choosing the right Kubernetes alternative for container orchestration helps you simplify deployments, improve scalability, and meet your infrastructure’s needs.

Nicolas Ehrman

17 de abril de 2025

Discover essential Kubernetes monitoring tools and best practices to optimize performance, enhance security, and ensure seamless cluster management.

Nicolas Ehrman

17 de abril de 2025

Learn how containers as a service can streamline your deployments, boost scalability, and strengthen security while tackling key challenges and risks.

Nicolas Ehrman

15 de abril de 2025

Learn how container orchestration can automate deployment and management for containerized workloads. Find out best practices for an efficient and secure cloud.

Compare containers and virtual machines (VMs) to learn their security, performance, and scalability differences. Find the right approach for your cloud.

Nicolas Ehrman

1 de abril de 2025

Learn how container images work, their role in deployment, security risks, and best practices to streamline and protect your cloud-native applications.

Nicolas Ehrman

31 de marzo de 2025

Secure your Kubernetes workloads with best practices to prevent threats, protect your containers, and strengthen access controls for a safer cloud environment.

Nicolas Ehrman

25 de marzo de 2025

The primary function of admission controllers is the enforcement of custom policies on incoming requests, ensuring that only valid and compliant API requests are executed.

Nicolas Ehrman

18 de marzo de 2025

Docker containers leverage the Docker Engine (a platform built on top of Linux containers) to simplify the software development process.

Nicolas Ehrman

15 de marzo de 2025

A Kubernetes secret is an object in the Kubernetes ecosystem that contains sensitive information (think keys, passwords, and tokens)

Nicolas Ehrman

13 de marzo de 2025

Understanding the nuances of Linux containers is crucial for building robust, secure applications. This blog post provides insights into the practical implementation of containers, focusing on both their strengths and potential pitfalls.

Nicolas Ehrman

12 de marzo de 2025

At their core, containers encapsulate the application code and runtime, system tools, dependencies, and settings that enable it to operate in the same way across multiple environments.

In this blog post, we’ll discuss the need for DevSecOps in Kubernetes environments. We'll walk through the reasons behind this approach, the unique challenges of orchestrated platforms, and the Kubernetes security layers that matter most.

Nicolas Ehrman

6 de febrero de 2025

Containerization encapsulates an application and its dependencies into a container image, facilitating consistent execution across any host operating system supporting a container engine.

Nicolas Ehrman

16 de agosto de 2024

A Kubernetes cluster consists of a group of node machines designed to run applications within containers.

Nicolas Ehrman

1 de agosto de 2024

Helm Charts streamline the deployment of applications by providing a packaging format that includes all necessary Kubernetes resources.

Nicolas Ehrman

20 de julio de 2024

A container engine is a software tool that automates the process of running applications in isolated, lightweight environments called containers.

Nicolas Ehrman

12 de junio de 2024

7 essential best practices that every organization should start with

Nicolas Ehrman

29 de mayo de 2024

Kubernetes runtime security refers to the measures and practices implemented to protect Kubernetes clusters and the applications running within them during their operational phase.

Nicolas Ehrman

29 de abril de 2024

Container runtime security is the combination of measures and technology implemented to protect containerized applications at the runtime stage.

Nicolas Ehrman

8 de abril de 2024

Kubernetes as a service (KaaS) is a model in which hyperscalers like AWS, GCP, and Azure allow you to quickly and easily start a Kubernetes cluster and begin deploying workloads on it instantly.

Nicolas Ehrman

14 de marzo de 2024

Kubernetes vulnerability scanning is the systematic process of inspecting a Kubernetes cluster (including its container images and configurations) to detect security misconfigurations or vulnerabilities that could compromise the security posture of the cluster.

Nicolas Ehrman

8 de marzo de 2024

Container architecture is a way to package and deploy applications as standardized units called containers.

Nicolas Ehrman

1 de marzo de 2024

8 no-brainer container security best practices + the key components of container architecture to secure

Nicolas Ehrman

26 de febrero de 2024

Container security is the process of securing the container pipeline, the content running inside the containers, and the infrastructure on which the containers run.

Nicolas Ehrman

12 de febrero de 2024

A container runtime is the foundational software that allows containers to operate within a host system.

Nicolas Ehrman

30 de enero de 2024

EKS security refers to the practices, strategies, and technologies that organizations use to protect Amazon Elastic Kubernetes Service (EKS) environments from threats.

Nicolas Ehrman

2 de enero de 2024

Kubernetes Security Posture Management (KSPM) is the practice of monitoring, assessing, and ensuring the security and compliance of Kubernetes environments.

Nicolas Ehrman

14 de diciembre de 2023

Container image signing is a critical security process for establishing trust. Just as you'd expect a signature to verify the authenticity of a document, image signing does the same for container images—those neat packages that carry your code along with all the necessary parts to run it anywhere.