container security Archives

Why Developers Struggle with Container Security, and How to Help Them Do Better

More than a decade has passed since Docker (the platform that brought software containers mainstream) swept onto the scene, transforming the way many organizations build and deploy applications. Yet, when it comes ...

Dmitry Chuyko | May 27, 2026 | container security, Dockerfiles, Hardened Images, SBOMs, software supply chain

state, stateless, kubernetes, scanning, cloudsmith, stateless ephemeral stateful security Kubernetes unikernel Sumo Logic

Java Code Isn’t the Problem – The Container Is

Learn how integrating Docker Scout into Java CI pipelines shifts container security left, replacing manual reviews with automated gates to secure base images and dependencies ...

Swapneswar Sundar Ray | May 11, 2026 | base image vulnerabilities, CI/CD pipeline, container security, DevSecOps, Docker Scout, GitHub Actions, Java security, jenkins, Maven dependencies, shift left security

OWASP Has Adopted DockSec and the Cloud Security Community Is Taking Notice

With more than 13,000 downloads across more than 40 countries, DockSec has earned its place as an OWASP Incubator Project by doing something most container security tools have not managed: closing the ...

Puspita Pradhan | April 30, 2026 | CI/CD, container security, DevSecOps, kubernetes, open source

Kubernetes v1.36 Promotes Stability, Compatibility & Reproducibility

Kubernetes v1.36 (Spring 2026) introduces 70 enhancements, including major security hardening for the Kubelet API and the debut of Workload-Aware Scheduling (WAS) for AI/ML. This release focuses on fine-grained resource health, stable ...

Dockerfile Practices are a DevOps Tax Before They are a Security Concern

Learn how poor Dockerfile discipline creates silent technical debt and how tools like DockSec use AI and static analysis to optimize build times, reduce image sizes, and standardize DevOps workflows ...

Saqib Jan | April 22, 2026 | build reproducibility, CI/CD efficiency, container security, devops best practices, Docker optimization, DockSec, Hadolint, layer caching, multi-stage builds, technical debt

CleanStart Takes Aim at BusyBox to Harden Container Security

Container security faces a significant "inheritance risk" through BusyBox, a legacy utility package embedded in popular base images. CleanStart addresses this with a new BusyBox-free container architecture, replacing inherited userspace utilities with ...

Tom Smith | April 8, 2026 | Alpine Linux Alternative, Build-time Validation, BusyBox-free, CleanStart, container security, Deterministic Runtime, DevSecOps, minimal container images, SBOM, software supply chain

Slim.AI Docker OpsRamp Extends AIOps Reach to Kubernetes

The New Multi-Tenant Challenge: Securing AI Agents in Cloud-Native Infrastructure

AI agents run untrusted code. Here’s how to secure them using isolation, least privilege and proven cloud-native patterns ...

Ben Wheatley | March 20, 2026 | AI agents, cloud native security, container security, DevSecOps, least privilege, Multi-tenancy

The Cyber Resilience Act and Cloud Native: Understanding the Impact

How the EU Cyber Resilience Act will impact Kubernetes, containers and cloud native supply chains ahead of the 2027 enforcement deadline ...

Jacob Mammoliti | March 13, 2026 | container security, Cyber Resilience Act, kubernetes, SBOM, software supply chain, Vulnerability Management

TLS, certificates, Docker, vulnerabilities, supply chain, KubeCon, SigStore, Kubernetes TrapX container security

Software Supply Chain Security: Why 99% of Your Container is Mystery Code

In a recent talk, the disparity between developers and platform engineers in container security was highlighted, revealing how a single line of code can pull in thousands of vulnerabilities. This article discusses ...

Jeroen van Erp | March 10, 2026 | Attestation, container security, Continuous Integration/Continuous Deployment (CI/CD), Dependency Management, Developer Relations, GitOps, Kubewarden, platform engineering, Provenance, Secure Base Images, SLSA compliance, Software Bill of Materials (SBOM), software supply chain security, Trust in Software Development., vulnerabilities

Survey Surfaces Raft of Container Security Challenges

A BellSoft survey reveals gaps in container security practices, showing that human error, limited vulnerability scanning, and infrequent patching continue to expose cloud-native environments to risk ...