How to patch container base images: Methods and best practices
Container base image patching is the process of updating the OS and runtime libraries in the base layer of a container image to remediate vulnerabilities and keep images secure.
Containers/K8s
Explore how teams secure containerized applications and Kubernetes environments. These articles explain architectural risks, runtime threats, and the controls teams apply from build to prod.
Guarda Wiz in azione
Scopri come Wiz trasforma i fondamenti della sicurezza cloud in risultati reali.
Kubernetes engineer job description
Team di esperti Wiz
A Kubernetes engineer is a specialized tech role responsible for the design, deployment, and maintenance of container orchestration platforms.
What is Azure container security scanning?
Team di esperti Wiz
Azure Container Security Scanning finds vulnerabilities and misconfigurations in container images and workloads in Azure Container Registry and AKS.
What is AWS container scanning?
Team di esperti Wiz
AWS container scanning is the practice of identifying security issues in your software containers before they run in production.
What is Docker vulnerability scanning?
Team di esperti Wiz
Docker vulnerability scanning is the automated process of analyzing container images to find known security weaknesses.
Open-source Container Security Tools [By Use Case]
We cover the top container security tools across 7 common use cases, including image scanning, compliance, secrets management, and runtime security.
What is container image scanning?
Team di esperti Wiz
Container image scanning is the automated process of analyzing container images for security vulnerabilities, misconfigurations, and compliance violations.
Container Monitoring: Top Tools, Best Practices, Challenges
Container monitoring is the process of collecting, analyzing, and reporting metrics and data related to the performance and health of containerized applications and their hosting environments.
Container runtime scanning best practices
Team di esperti Wiz
Runtime scanning answers a critical question: 'What is runtime security for containers?' It focuses on detecting live behaviors, active threats, and anomalies that only appear when containers execute under real production traffic.
What is a YAML File in Kubernetes?
Team di esperti Wiz
Kubernetes YAML is the declarative file format Kubernetes uses to define, configure, and manage cluster resources.
Using eBPF in Kubernetes: A security overview
Team di esperti Wiz
eBPF provides deep visibility into network traffic and application performance while maintaining safety and efficiency by executing custom code in response to the kernel at runtime.
Container Security Scanning: From Detection to Deployment
Container security scanning detects vulnerabilities early for an efficient DevSecOps process. Discover how it safeguards containers throughout the lifecycle.
Container Scanning Tools
Looking to make the most of containerization while minimizing risk? Container scanning solutions are a critical line of defense that help ensure the safe and secure deployment of applications.
What is Container Escape: Detection & Prevention
Team di esperti Wiz
Container escape is when an attacker breaks out of a container’s isolation to gain unauthorized access to the host system.
The top 11 open-source Kubernetes security tools
It’s a good idea to consider a range of Kubernetes security tools. Open source solutions can greatly improve the security of your Kubernetes clusters, so this section explores the top 11 open-source Kubernetes security tools that can help to safeguard your Kubernetes environment.
Kubernetes cost management strategies
Team di esperti Wiz
Understand the total cost of running Kubernetes: control plane, nodes, add‑ons, and time spent by engineers/operators.
Kubernetes incident response: A security playbook
Team di esperti Wiz
Kubernetes security incidents differ fundamentally from traditional IT breaches. Containers and pods are ephemeral—some containers live for only seconds or minutes. They're created, destroyed, and moved within seconds, making it far harder to track attacks compared to static servers.
Kubernetes Nodes vs Pods: Key Differences Explained
Team di esperti Wiz
Nodes are the physical or virtual machines that provide computing resources in a Kubernetes cluster, while pods are the smallest deployable units that contain one or more containers
Kubernetes control plane: What it is and how to secure it
Team di esperti Wiz
The Kubernetes control plane is the cluster’s management layer that exposes the API, stores cluster state, and continuously reconciles desired configuration—scheduling, scaling, and replacing pods as needed—to keep applications healthy and consistent across nodes.
Containerization vs. Virtualization: Key differences Explained
Team di esperti Wiz
Containerization vs virtualization compares containers sharing the host kernel with virtual machines, covering resource use, security, and scalability.
The most common Kubernetes security issues and challenges
The open-source nature of Kubernetes means that it is continually being updated and improved, which introduces new features and functionalities—as well as new vulnerabilities. Understand the most pressing K8 security challenges.
A Practical Guide to Container Platforms: Features, Types, and Security Considerations
Team di esperti Wiz
A container platform is a comprehensive solution that allows organizations to efficiently create, deploy, and manage containers.
Kubernetes Security Context: Configuration and Best Practices
Learn how to configure Kubernetes security contexts, avoid common misconfigurations, and apply best practices for running secure clusters in production.
Kubernetes Namespaces: Security Best Practices
Kubernetes namespaces divide a given cluster into virtual clusters, helping to separate and manage resources while still keeping them within the same physical cluster. By segregating workloads and applying policies per namespace, you can create boundaries that keep your multi-tenant environments safe and organized.
Top Docker Alternatives in 2026: Use Cases and Best Practices
Team di esperti Wiz
Explore the top Docker alternatives with in-depth comparisons, practical insights, and expert tips for selecting the right container tool for your needs.
Container Registry 101: What You Need to Know
Learn about a container registry’s role in the software supply chain, compare top providers, and discover best practices for secure container image management.
Multi-cloud Kubernetes Security: Architecture, Hardening, and Tooling
In this post, we’ll unpack the technical realities of securing Kubernetes in multi-cloud environments. We’ll cover common architectural patterns, dive into key security challenges, and walk through best practices for building a more secure, scalable, and consistent posture across clouds
Multi-cloud Kubernetes Security: Strategic Risks and Best Practices
In this article we will walk through Kubernetes security best practices, explore key Kubernetes security tools, and show how safeguarding every aspect of container security is vital.
AKS Security: Core Concepts and Best Practices
Learn essential AKS security concepts and best practices to protect your Kubernetes environments, safeguard applications, and stay ahead of evolving threats.
Base Image Vulnerabilities: Risks, Real Examples, & How to Secure Them
Team di esperti Wiz
A base image is the foundational layer of every container—it acts like the container’s operating system (OS), providing core files, dependencies, and configurations needed to run your application.
Container Vulnerability Management
Team di esperti Wiz
Container vulnerability management is the process of finding and fixing flaws throughout the container stack.
What is a Kubernetes Bill of Materials (KBOM)?
Team di esperti Wiz
A KBOM inventories every orchestration-layer component—from control-plane services and node binaries to CNI plugins and custom resources.
Kubernetes RBAC Best Practices—From Basic to Advanced
Get Kubernetes RBAC best practices all in one place. Plus, learn actionable tips for beginners and advanced cloud security teams (and tools to use to improve).
Top Kubernetes Alternatives for Modern Container Management
Team di esperti Wiz
Choosing the right Kubernetes alternative for container orchestration helps you simplify deployments, improve scalability, and meet your infrastructure’s needs.
Kubernetes Monitoring Tools and Best Practices to Know
Discover essential Kubernetes monitoring tools and best practices to optimize performance, enhance security, and ensure seamless cluster management.
Containers as a Service: Use Cases and Security Considerations
Learn how containers as a service can streamline your deployments, boost scalability, and strengthen security while tackling key challenges and risks.
Container Orchestration Defined (Plus Pro Tips and Tools)
Learn how container orchestration can automate deployment and management for containerized workloads. Find out best practices for an efficient and secure cloud.
Containers vs. Virtual Machines (VMs): The Differences and Which to Choose
Team di esperti Wiz
Compare containers and virtual machines (VMs) to learn their security, performance, and scalability differences. Find the right approach for your cloud.
Container Images Demystified: Structure, Security, and Best Practices
Learn how container images work, their role in deployment, security risks, and best practices to streamline and protect your cloud-native applications.
A Quick Refresher on Kubernetes Security Best Practices
Secure your Kubernetes workloads with best practices to prevent threats, protect your containers, and strengthen access controls for a safer cloud environment.
Kubernetes Admission Controllers: A Fast-Track Guide
The primary function of admission controllers is the enforcement of custom policies on incoming requests, ensuring that only valid and compliant API requests are executed.
Docker Container Security Best Practices for Modern Applications
Docker containers leverage the Docker Engine (a platform built on top of Linux containers) to simplify the software development process.
What Are Kubernetes Secrets? Uses, Types, and How to Create
A Kubernetes secret is an object in the Kubernetes ecosystem that contains sensitive information (think keys, passwords, and tokens)
Linux Container Security: Benefits, Risks, & Best Practices
Understanding the nuances of Linux containers is crucial for building robust, secure applications. This blog post provides insights into the practical implementation of containers, focusing on both their strengths and potential pitfalls.
AWS containers: Fundamentals and best practices
At their core, containers encapsulate the application code and runtime, system tools, dependencies, and settings that enable it to operate in the same way across multiple environments.
Kubernetes DevSecOps
Team di esperti Wiz
In this blog post, we’ll discuss the need for DevSecOps in Kubernetes environments. We'll walk through the reasons behind this approach, the unique challenges of orchestrated platforms, and the Kubernetes security layers that matter most.
Containerization 101: Transforming Application Development and Deployment
Containerization encapsulates an application and its dependencies into a container image, facilitating consistent execution across any host operating system supporting a container engine.
Kubernetes Clusters: A Security Review
A Kubernetes cluster consists of a group of node machines designed to run applications within containers.
Helm Charts in Kubernetes: A security review
Helm Charts streamline the deployment of applications by providing a packaging format that includes all necessary Kubernetes resources.
What is a Container Engine?
A container engine is a software tool that automates the process of running applications in isolated, lightweight environments called containers.
7 GKE Security Best Practices
7 essential best practices that every organization should start with
Kubernetes Runtime Security: Foundation and Best Practices
Kubernetes runtime security refers to the measures and practices implemented to protect Kubernetes clusters and the applications running within them during their operational phase.
Container Runtime Security
Container runtime security is the combination of measures and technology implemented to protect containerized applications at the runtime stage.
Kubernetes as a service
Kubernetes as a service (KaaS) is a model in which hyperscalers like AWS, GCP, and Azure allow you to quickly and easily start a Kubernetes cluster and begin deploying workloads on it instantly.
Kubernetes Vulnerability Scanning
Kubernetes vulnerability scanning is the systematic process of inspecting a Kubernetes cluster (including its container images and configurations) to detect security misconfigurations or vulnerabilities that could compromise the security posture of the cluster.
Container Architecture: A Security Review
Container architecture is a way to package and deploy applications as standardized units called containers.
Container Security Best Practices
8 no-brainer container security best practices + the key components of container architecture to secure
What is Container Security? [Securing Containers 101]
Container security is the process of securing the container pipeline, the content running inside the containers, and the infrastructure on which the containers run.
Container Runtimes Explained
A container runtime is the foundational software that allows containers to operate within a host system.
Essential EKS Security Best Practices
EKS security refers to the practices, strategies, and technologies that organizations use to protect Amazon Elastic Kubernetes Service (EKS) environments from threats.
What is KSPM?
Kubernetes Security Posture Management (KSPM) is the practice of monitoring, assessing, and ensuring the security and compliance of Kubernetes environments.
Container Image Signing
Container image signing is a critical security process for establishing trust. Just as you'd expect a signature to verify the authenticity of a document, image signing does the same for container images—those neat packages that carry your code along with all the necessary parts to run it anywhere.