#containersecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #containersecurity, aggregated by home.social.
-
Security Tip: Harden your containers by using minimal base images. 🛡️
Standard images often include shells and package managers that attackers use once they gain a foothold. By switching to Alpine or Distroless images, you significantly reduce the attack surface and the number of CVEs you need to monitor.
Action: Audit your Dockerfiles and swap heavy images for minimal alternatives.
Track vulnerabilities: https://cvedatabase.com
-
Security Tip: Strengthen your container security by adopting the principle of least privilege. 🛡️ Avoid running processes as root inside containers; a breakout could grant attackers host-level privileges. Use the USER instruction in your Dockerfile to switch to a non-privileged user. Additionally, use minimal base images to reduce the attack surface. Track vulnerabilities affecting your stack at https://cvedatabase.com #ContainerSecurity #Docker #InfoSec #CVE
-
Security Tip: Strengthen your container security by adopting the principle of least privilege. 🛡️ Avoid running processes as root inside containers; a breakout could grant attackers host-level privileges. Use the USER instruction in your Dockerfile to switch to a non-privileged user. Additionally, use minimal base images to reduce the attack surface. Track vulnerabilities affecting your stack at https://cvedatabase.com #ContainerSecurity #Docker #InfoSec #CVE
-
☁️ Cloud Security Toolkit – What Modern Teams Actually Need 🛡️
The cloud changed everything — speed, scale, AND attack surface. Security now happens at runtime, at identity level, and inside every pipeline. If your tools can’t see everything, they’re already failing.Core Categories to Lock In:
• CSPM → Posture & misconfig checks (Prisma Cloud, Wiz, Dome9)
• CWPP → Runtime protection for VMs & containers (CrowdStrike, Aqua, Trend Micro)
• CASB → SaaS visibility & data control (Netskope, MS Defender for Cloud Apps)
• IAM → Hardening identity (AWS IAM, Azure AD, Okta, BeyondTrust)
• SIEM / Threat Detection → Splunk, Sumo Logic, Datadog + cloud logs
• Vuln & Config Scanning → Tenable, Trivy, Qualys for IaC & images
• Secrets Management → HashiCorp Vault, AWS Secrets Manager
• CI/CD Supply Chain Defense → Snyk, Checkov, GitHub Advanced Security🧠 Cloud Rule:
Attackers don’t break in — they log in. Identity is the new perimeter.Always what do you guys think ?
⚠️ Use responsibly. Test in staging before production. Map every tool to your threat model, compliance framework, and provider stack.
#CloudSecurity #DevSecOps #CSPM #IAM #CWPP #SIEM #ContainerSecurity #InfoSec #CyberDefense #HacktivateLabs #SecurityTools
-
☁️ Cloud Security Tools — Essential Toolkit for Modern Teams 🛡️🚀
Cloud environments introduce new risks and require specialized tooling to secure workloads, configurations, and data. Use a mix of CSP-native and third-party tools to cover posture management, runtime protection, identity, and visibility. Key categories and examples: Cloud Security Posture Management (CSPM) — Prisma Cloud, Dome9, Wiz for misconfig & compliance checks 🔍; Cloud Workload Protection (CWPP) — CrowdStrike, Trend Micro, Aqua for container and VM runtime defense 🐳🛡️; Cloud Access Security Broker (CASB) — Netskope, Microsoft Defender for Cloud Apps for SaaS visibility & data control ☁️🔐; Identity & Access Management — AWS IAM/Azure AD hardening, BeyondTrust, Okta for strong auth & least privilege 🔑; Threat Detection & SIEM — Splunk, Sumo Logic, Datadog + cloud-native logging for alerting and forensics 📊; Vulnerability & Configuration Scanning — Qualys, Tenable, Trivy for images and infra-as-code scanning ⚙️; Secrets Management — HashiCorp Vault, AWS Secrets Manager for safe key handling 🔐; and Supply-chain & CI/CD security — Snyk, Checkov, GitHub Advanced Security to catch insecure deps and pipelines 🧩.
⚠️ Disclaimer:
For educational & defensive use only. Evaluate tools against your cloud provider, compliance needs, and threat model before deploying. Always test changes in staging before production. 🚫🔒#CloudSecurity #CSPM #CWPP #IAM #DevSecOps #InfoSec #Cloud #CyberSecurity #SecurityTools #Compliance #ContainerSecurity ☁️🛡️
-
“Distroless” does not immediately mean 100% secure.
Exploiting Distroless Images »
https://www.form3.tech/engineering/content/exploiting-distroless-images -
“Distroless” does not immediately mean 100% secure.
Exploiting Distroless Images »
https://www.form3.tech/engineering/content/exploiting-distroless-images -
Need Nmap in a locked-down container? Build it yourself... safely.
Ever tried running Nmap in a hardened environment only to hit missing libraries? Downloading random static binaries from the internet is a risky endeavour.
Our Gabriel Garcia Teran walks through building your own Nmap, and has made a Go interactive tool that lets you select flags and versions, then generates and runs the full build command.
No black-box downloads!
📌 Read here: https://www.pentestpartners.com/security-blog/compiling-static-nmap-binary-for-jobs-in-restricted-environments/
#cybersecurity #nmap #redteam #containersecurity #infosec #devsecops
-
Imagine getting enterprise-grade container security without the enterprise price tag. Docker’s new catalog offers rapid 7-day patches, vetted by experts and even FedRAMP-ready—perfect for startups looking to level up their defense. Curious how?
#dockersecurity
#containersecurity
#smallbusiness
#hardenedimages
#cybersecurity
#fedramp
#devsecops
#vulnerabilitymanagement
#cloudsecurity -
While #Docker makes it easy to start and manage containers, a host system is still required to run them. These systems form the infrastructure on which containers run and are covered by objective 702.3 of the DevOps Tools Engineer 2.0 exam.
Dive into episode 8 of the DevOps 2.0 introduction series to learn more from Fabian Thorns and Uirá Ribeiro: https://lpi.org/5nix
#DevOps #Containers #Docker #ContainerImages #ContainerSecurity
-
JFrog prevents massive Python supply chain attack with timely discovery
https://stackdiary.com/jfrog-prevents-massive-python-supply-chain-attack-with-timely-discovery/
#Python #JFrog #Security #TokenLeak #GitHub #Docker #SupplyChain #CodeSafety #Cybersecurity #DevOps #BinaryAnalysis #PyPI #SoftwareSecurity #TechAlert #DataProtection #CodingMishap #InfoSec #DeveloperTools #CloudSecurity #EthicalHacking #APISecrets #ContainerSecurity #BugBounty #WhiteHat #SecretScanning #PythonDev #IncidentResponse #ThreatPrevention #SecurityResearch #CyberVigilance
-
For all those at #RSAC2023, stop by booth 5227 to say hi to Team #Runecast – there to answer any questions about transforming to proactive, #AI-powered #Vulnerability Management, #ContainerSecurity, #Compliance, #Remediation and Reporting. Glad to see they’re having a great time! 👏🏽
-
If you want to see some truly ‘cutting-edge’ AI-powered magic for proactive risk-based #Vulnerability Management, #ContainerSecurity, #RiskManagement, #Compliance, #Upgrade Simulations and other ways of going home on time and not having to work weekends, stop by #Runecast booth 5227 at #RSAC2023.
-
Alert: Three critical runC vulnerabilities (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) enable mount/symlink-based escapes that may redirect writes to /proc or other host targets. A successful exploit requires container start privileges via crafted mounts or malicious images/Dockerfiles. Patches: runC 1.2.8 / 1.3.3 / 1.4.0-rc.3+.
Detection & mitigation guidance:
• Patch runC immediately.
• Deploy rootless containers and enable user namespaces without host root mapping.
• Monitor for rapid symlink creation, unexpected bind mounts of /dev/null or /dev/console, and anomalous writes to procfs entries (e.g., /proc/sysrq-trigger).
• Harden CI/CD image provenance checks and disallow unverified custom mount configurations.
Share any YARA/OSQuery/Suricata rules you’ve validated — let’s collate detection patterns. Follow TechNadu for vetted technical advisories.#containersecurity #runC #CVE #Kubernetes #Docker #threathunting #DFIR #DevSecOps
-
Discover how eBPF, Cilium, and Tetragon enhance container security with real-time kernel-level insights. Learn to combine these tools with SBOMs for robust security monitoring. Boost your skills with OS-SCi education programs! #ContainerSecurity #eBPF #Cilium #Tetragon #SBOMs https://dub.sh/cZVQvk6
-
CVE-2026-31431: Copy Fail vs. rootless containers
https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/
#HackerNews #CVE202631431 #CopyFail #rootlessContainers #cybersecurity #containersecurity
-
My JavaPro article on "10 essential Docker commands to hunt the predator" is live!
We cover:
📜 SBOMs & Attestations
🛡️ Hardened Images (DHI)
🚫 VEX Exemptions
🕵️♂️ Zero-Day DefensesRead the full Asgard mission here 👇
https://javapro.io/2026/03/19/10-docker-commandos-docker-commands-to-hunt-the-predator/ -
Docker Scout adds context to container scanning by showing what matters, what to fix first, and how to reduce risk safely beyond raw CVE lists. https://hackernoon.com/docker-scout-vs-traditional-container-scanners-why-context-beats-cve-noise #containersecurity
-
🛡️ Use Podman. Model your application. Segment. Contain. Secure. #Podman #ContainerSecurity #RootlessContainers #LinuxHardening #SecureByDesign #DevSecOps #CyberSecurity #ZeroTrust #DeadSwitch #TheCyberGhost #InfrastructureSecurity #SilentOps #SegmentAndSecure
-
Concerned about the attack surface in your Docker containers? Discover how JLink can create minimal Java runtimes, reducing Docker image sizes while boosting security. Read more: https://t.co/byKoJHdKlk #ContainerSecurity #JLink #Java https://t.co/bbsmNRubVj
-
Docker Container Security: Scanning for Vulnerabilities with Trivy
https://www.youtube.com/watch?v=xqrBpVgsNiI
#DockerSecurity #LearnTech #ContainerSecurity #VulnerabilityScanning
-
Docker Container Security: Scanning for Vulnerabilities with Trivy
https://www.youtube.com/watch?v=xqrBpVgsNiI
#DockerSecurity #LearnTech #ContainerSecurity #VulnerabilityScanning
-
#Quibble: Container Security tool
- Rust based open-source container analysis tool that reads and assesses various security, quality and noteworthy things about your configuration and setup
https://geekmasher.dev/sec/quibble/22-12-08--quibble-intro/
#DevOps #DevSecOps #Docker #DockerSecurity #k8s #kubernetes #containers #containersecurity
@geekmasher -
If you ever wonder how #Trivy and #Grype compare, #GitLab did a pretty nice point-in-time comparison: https://gitlab.com/gitlab-org/gitlab/-/issues/327174
-
Attackers Leverage Sidecar Container Injection Technique To Stay Stealthy https://gbhackers.com/sidecar-container-injection-technique/ #KubernetesSecurity #CyberSecurityNews #ContainerSecurity #CyberThreats #CyberAttack #Cloud
-
More Wiz Academy content, bringing 2022's work to a close. Wishing you and yours a peaceful holiday 🎄🎄🎄
https://www.wiz.io/academy/container-security-best-practices-for-vulnerability-management
#cybersecurity #cloudsecurity #containersecurity #containerization #kubernetessecurity
-
Analysis on Docker Hub malicious images: Attacks through public container images
https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images/
#KubernetesSecurity #ContainerSecurity
#docker #dockerhub #devops -
🛡️ Building a Segmented, Secure Multi-Container Application with Podman #Podman #RootlessContainers #ContainerSecurity #DevSecOps #ZeroTrust #LinuxSecurity #NGINX #MariaDB #Passbolt #CyberSecurity #SegmentAndSecure #DeadSwitch #TheCyberGhost #SilentOps #InfrastructureHardening
-
A new wave of #softwaresupplychainsecurity tools is emerging to tackle #vulnerabilitymanagement for customers using hosted services that deliver fortified container and application images or artifacts. #OSS #cybersecurity #vulnerabilityremediation #chainguard #docker #cloudsmith #containersecurity #SaaS https://www.techtarget.com/searchitoperations/news/366625212/Software-supply-chain-security-tools-take-on-toil-for-users
-
CVE-2026-31431: Copy Fail vs. rootless containers
https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/
#HackerNews #CVE202631431 #CopyFail #rootlessContainers #cybersecurity #containersecurity
-
CVE-2026-31431: Copy Fail vs. rootless containers
https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/
#HackerNews #CVE202631431 #CopyFail #rootlessContainers #cybersecurity #containersecurity
-
CVE-2026-31431: Copy Fail vs. rootless containers
https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/
#HackerNews #CVE202631431 #CopyFail #rootlessContainers #cybersecurity #containersecurity
-
CVE-2026-31431: Copy Fail vs. rootless containers
https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/
#HackerNews #CVE202631431 #CopyFail #rootlessContainers #cybersecurity #containersecurity
-
🎙️ Think your containers are isolated? Think again. In this On Location Brand Story from RSAC 2025, we explore why container isolation might just be an illusion—and what you can actually do about it.
🚀 New Brand Story from RSAC 2025: Not So Contained — When Container Isolation Is Just an Illusion
At RSAC Conference 2025, Sean Martin and Marco Ciappelli sat down with Emily Long, Head of Product at EDERA, to talk about the security myths surrounding containerization — and the real risks that enterprises need to address today.
🔐 Why is traditional container isolation failing, and what smarter approaches should security leaders be taking?
Find out how EDERA is helping companies rethink their container security strategies for a more resilient digital infrastructure.🎙️ Watch, listen, or read the full story here:
👉 https://www.itspmagazine.com/their-stories/not-so-contained-when-container-isolation-is-just-an-illusion-a-brand-story-with-emily-long-from-edera-an-on-location-rsac-conference-2025-brand-story📌 Learn more about EDERA’s work:
👉 https://www.itspmagazine.com/directory/edera🛰️ See all our RSAC 2025 coverage:
👉 https://www.itspmagazine.com/rsac25🌟 Discover more Brand Stories and Briefings from innovative companies:
👉 https://www.itspmagazine.com/brand-story⸻
🎥🎙️ This is just one of the many incredible conversations we recorded On Location in San Francisco, as Sean Martin and Marco Ciappelli covered the event as official media partners for the 11th year in a row.
Stay tuned for more Brand Stories, Briefings, and candid conversations from RSAC 2025!⸻
🎤 Looking ahead:
If your company would like to share your story with our audiences On Location, we’re gearing up for Infosecurity Europe in June and Black Hat USA in August!
⚡ RSAC 2025 sold out fast — we expect the same for these next events.
🎯 Reserve your full sponsorship or briefing now: https://www.itspmagazine.com/purchase-programs⸻
📲 Hashtags:
#cybersecurity #infosec #infosecurity #technology #tech #society #business #containersecurity #cloudsecurity #resilientinfrastructure #edera -
Are you trying to deploy AI in a regulated environment? Chainguard just opened early access program to Cuda Optimized Container Images. I would love to learn about your use cases!
#containersecurity #aisecurity #MLSecurity
https://www.chainguard.dev/unchained/announcing-early-access-to-chainguards-cuda-optimized-images
-
🚨 Darktrace uncovers ShadowV2 — a DDoS-for-hire platform blending malware & DevOps.
🔹 Python + Go malware, Dockerized
🔹 Exploits AWS EC2 exposed Docker daemons
🔹 Advanced TTPs: HTTP/2 rapid reset, Cloudflare UAM bypass
🔹 Operator UI + APIs → “DDoS-as-a-service”
⚠️ Threat actors are now building cybercrime with cloud-native design principles.👉 Are defenders ready to detect API-driven, containerized attack platforms?
Follow @technadu for #CyberSecurity + #ThreatIntel updates.
#ShadowV2 #Darktrace #Botnet #DDoS #CloudSecurity #ContainerSecurity #Malware #CyberCrime
-
A new wave of #softwaresupplychainsecurity tools is emerging to tackle #vulnerabilitymanagement for customers using hosted services that deliver fortified container and application images or artifacts. #OSS #cybersecurity #vulnerabilityremediation #chainguard #docker #cloudsmith #containersecurity #SaaS https://www.techtarget.com/searchitoperations/news/366625212/Software-supply-chain-security-tools-take-on-toil-for-users
-
A new wave of #softwaresupplychainsecurity tools is emerging to tackle #vulnerabilitymanagement for customers using hosted services that deliver fortified container and application images or artifacts. #OSS #cybersecurity #vulnerabilityremediation #chainguard #docker #cloudsmith #containersecurity #SaaS https://www.techtarget.com/searchitoperations/news/366625212/Software-supply-chain-security-tools-take-on-toil-for-users
-
A new wave of #softwaresupplychainsecurity tools is emerging to tackle #vulnerabilitymanagement for customers using hosted services that deliver fortified container and application images or artifacts. #OSS #cybersecurity #vulnerabilityremediation #chainguard #docker #cloudsmith #containersecurity #SaaS https://www.techtarget.com/searchitoperations/news/366625212/Software-supply-chain-security-tools-take-on-toil-for-users
-
A new wave of #softwaresupplychainsecurity tools is emerging to tackle #vulnerabilitymanagement for customers using hosted services that deliver fortified container and application images or artifacts. #OSS #cybersecurity #vulnerabilityremediation #chainguard #docker #cloudsmith #containersecurity #SaaS https://www.techtarget.com/searchitoperations/news/366625212/Software-supply-chain-security-tools-take-on-toil-for-users
-
Building #Java containers that just “work” isn’t enough. @MohammadAliEN shows how to bake in traceability, reproducibility, and runtime security—without the guesswork.
Get the blueprint: https://javapro.io/2025/07/03/how-to-containerize-a-java-application-securely/
#DevSecOps #SpringBoot #DockerScout #ContainerSecurity @springboot
-
Ever wondered if your #Java containers hide a ticking time bomb? @MohammadAliEN combines #SpringBoot #DockerScout & #SBOM attestations to lock down the supply chain. Ready to secure your build?
Read: https://javapro.io/2025/07/03/how-to-containerize-a-java-application-securely/
-
Just published: Some quick competitive analysis about @hashicorp 's acquisition of #blubracket.
Upshot: potentially sets the stage for increased competition between #HashiCorp #Vault and #Microsoft Defender, #GitHub and existing #SAST / #containersecurity tools.
#DevSecOps #secretsscanning #secretsmanagement #cybersecurity #appsec #applicationsecurity #cloud
https://www.techtarget.com/searchitoperations/news/366542881/HashiCorp-Vault-to-expand-in-DevSecOps-with-BluBracket-buy -
🔒 Docker Tip #3: Don't run containers as root! Always specify a non-root user in your Dockerfile to enhance security and follow the principle of least privilege. #ContainerSecurity #DockerBestPractices
-
🔒 Docker Tip #3: Don't run containers as root! Always specify a non-root user in your Dockerfile to enhance security and follow the principle of least privilege. #ContainerSecurity #DockerBestPractices
-
https://www.europesays.com/ie/382411/ CrackArmour flaws in AppArmour risk Linux root access #AccessControl #AssetManagement #Cloud #CloudSecurity #ContainerSecurity #containers #Cybersecurity #Éire #EnterpriseSecurity #IE #Ireland #Linux #mac #Patching #Qualys #RiskManagement #SUSE #Technology #ThreatDetection #Ubuntu
