BestHub
Sign in
Tag

Container Security

1 views collected around this technical thread.

Cloud Native Technology Community
Cloud Native Technology Community
Jun 13, 2025 · Cloud Native

CNAPP: The Key to Securing Cloud‑Native Applications from Containers to Lifecycle

This article examines the evolution of container security into comprehensive cloud‑native protection, explaining CNAPP concepts, technical roadmaps, industry challenges, and best‑practice recommendations for integrating security across the entire application lifecycle, while highlighting market trends and future directions.

CNAPPContainer SecurityDevSecOps
0 likes · 26 min read
CNAPP: The Key to Securing Cloud‑Native Applications from Containers to Lifecycle
Raymond Ops
Raymond Ops
Apr 15, 2025 · Information Security

How to Exploit Docker for Linux Privilege Escalation – A Step‑by‑Step Guide

This article walks through Docker privilege escalation techniques on Linux, covering Docker basics, permission discovery, manual and automated enumeration with LinPEAS, and three practical breakout scenarios—including abusing Docker group rights, escaping privileged containers, and breaking out of non‑privileged containers using SUID binaries and release_agent attacks.

Container SecurityDockerLinPEAS
0 likes · 25 min read
How to Exploit Docker for Linux Privilege Escalation – A Step‑by‑Step Guide
Alibaba Cloud Infrastructure
Alibaba Cloud Infrastructure
Dec 17, 2024 · Cloud Native

Recap of Kubernetes Community Day 2024 Jakarta: Generative AI, eRDMA, Container Security, and Observability

The Kubernetes Community Day held in Jakarta on November 30, 2024 featured Alibaba Cloud experts presenting best‑practice sessions on scaling generative AI workloads, eRDMA network acceleration, container image security, and OpenTelemetry‑based observability within the ACK Kubernetes platform.

Container SecurityKubernetesObservability
0 likes · 6 min read
Recap of Kubernetes Community Day 2024 Jakarta: Generative AI, eRDMA, Container Security, and Observability
Linux Ops Smart Journey
Linux Ops Smart Journey
Sep 1, 2024 · Information Security

Secure Container Images: Integrate Cosign with Harbor

This guide explains how to enhance container image security by installing Cosign, generating key pairs, signing images, and configuring Harbor to trust the signatures, including step‑by‑step commands and parameter details for seamless integration of Cosign into Harbor's registry.

Container SecurityHarborcloud-native
0 likes · 7 min read
Secure Container Images: Integrate Cosign with Harbor
Linux Ops Smart Journey
Linux Ops Smart Journey
Aug 27, 2024 · Information Security

Secure Your Container Images: Integrate Trivy Scanning into Harbor

This guide explains how to secure container images by integrating the Trivy vulnerability scanner into the Harbor registry, covering Helm configuration, offline database setup, automated updates via cron, verification steps, and useful references for a robust cloud‑native security workflow.

Container SecurityHarborHelm
0 likes · 7 min read
Secure Your Container Images: Integrate Trivy Scanning into Harbor
Linux Ops Smart Journey
Linux Ops Smart Journey
Aug 26, 2024 · Information Security

How to Secure Container Images: Integrating Trivy with Harbor for Seamless Vulnerability Scanning

This guide explains why container image security matters, details the Trivy toolchain, shows step‑by‑step how to install Trivy, scan images, obtain offline vulnerability and Java index databases, and verify scans, preparing you to integrate Trivy with Harbor for a safer CI/CD pipeline.

Container SecurityHarborTrivy
0 likes · 11 min read
How to Secure Container Images: Integrating Trivy with Harbor for Seamless Vulnerability Scanning
Linux Ops Smart Journey
Linux Ops Smart Journey
Aug 23, 2024 · Cloud Native

How to Seamlessly Sync Images Between Harbor and Docker Registry

This guide walks you through configuring Harbor and Docker Registry replication, covering background considerations, creating replication repositories and rules, manual sync triggers, and reference resources, so you can keep container images up‑to‑date and secure.

Container SecurityDocker RegistryHarbor
0 likes · 5 min read
How to Seamlessly Sync Images Between Harbor and Docker Registry
DevOps Operations Practice
DevOps Operations Practice
Jun 6, 2024 · Cloud Native

Step‑by‑Step Guide to Deploying an Enterprise‑Grade Harbor Private Registry

This article explains why enterprises need a private Docker registry, introduces the open‑source Harbor project, outlines its architecture and hardware/software requirements, and provides detailed installation, configuration, and usage instructions—including Docker, Docker‑Compose, and Harbor setup commands—to get a secure, CNCF‑certified container image repository up and running.

CNCFContainer SecurityDevOps
0 likes · 7 min read
Step‑by‑Step Guide to Deploying an Enterprise‑Grade Harbor Private Registry
37 Interactive Technology Team
37 Interactive Technology Team
Sep 25, 2023 · Cloud Native

Investigation of Kubernetes Container Isolation Mechanism and Its Impact

The article investigates a cloud‑vendor Kubernetes isolation feature that inserts iptables DROP rules into a pod’s network namespace, demonstrating how it fully blocks traffic, triggers liveness‑probe restarts, and impacts services depending on replica count and probe configuration, while preserving state only without probes.

Container SecurityKubernetesiptables
0 likes · 7 min read
Investigation of Kubernetes Container Isolation Mechanism and Its Impact
Cloud Native Technology Community
Cloud Native Technology Community
Sep 15, 2023 · Cloud Native

Understanding Kubernetes User Namespaces and Their Evolution in v1.28

This article explains the fundamentals of Kubernetes user namespaces, their support evolution from v1.25 to v1.28, security benefits, runtime requirements, a high‑severity CVE demonstration, and upcoming integration with Pod Security Standards, providing practical guidance for cloud‑native deployments.

Container SecurityKubernetescloud-native
0 likes · 7 min read
Understanding Kubernetes User Namespaces and Their Evolution in v1.28
Didi Tech
Didi Tech
Jul 4, 2023 · Cloud Native

eBPF Technology and Its Application in Didi's Cloud-Native Observability: HuaTuo Platform Practice

eBPF, a safe, high‑performance Linux kernel extension evolving from the 1993 Berkeley Packet Filter to modern dynamic tracing, underpins Didi’s HuaTuo platform, which consolidates bytecode management, fast data processing, stability self‑healing, and container insight to solve traffic replay, topology, security, and root‑cause analysis challenges across cloud‑native services, with plans to broaden business use and community collaboration.

Container SecurityHuaTuoKernel Tracing
0 likes · 12 min read
eBPF Technology and Its Application in Didi's Cloud-Native Observability: HuaTuo Platform Practice
Bilibili Tech
Bilibili Tech
Apr 18, 2023 · Cloud Native

Kubernetes Audit Log Analysis for Container Security

The article explains how to enable Kubernetes audit logging and use its detailed fields—such as userAgent, responseStatus, requestURI, and object references—to detect CDK‑generated attacks and other threats like CVE‑2022‑3172, privilege escalation, and backdoor deployment, offering practical detection examples and security recommendations.

API ServerCDKContainer Security
0 likes · 15 min read
Kubernetes Audit Log Analysis for Container Security
DeWu Technology
DeWu Technology
Dec 9, 2022 · Information Security

Container Security: Risks and Mitigation Strategies

Container security demands vigilant mitigation of risks such as image poisoning, unsafe images, compliance violations, high‑risk vulnerabilities, and container escape by preferring official images, scanning for malware and secrets, enforcing CIS benchmarks, applying cgroup and namespace isolation, and deploying runtime detection agents on each Kubernetes node for rapid response.

Container SecurityDockerImage Scanning
0 likes · 13 min read
Container Security: Risks and Mitigation Strategies
ByteDance SYS Tech
ByteDance SYS Tech
Nov 23, 2022 · Operations

How Virtio-fs Achieves Crash Recovery for High‑Availability Secure Containers

This article explains the design of Virtio-fs, its architecture and high‑availability features, and details the crash‑recovery mechanism—including crash models, state preservation, supervisor coordination, request idempotence, downtime optimization, and hot upgrade/migration—implemented by ByteDance's STE team for secure container workloads.

Container SecurityFUSEHigh Availability
0 likes · 16 min read
How Virtio-fs Achieves Crash Recovery for High‑Availability Secure Containers
Cloud Native Technology Community
Cloud Native Technology Community
Oct 26, 2022 · Cloud Native

Kubernetes Security: Common Vulnerabilities, Exposures, and Best Practices

This article explains why Kubernetes, the leading container orchestration platform, faces numerous security challenges—from misconfigurations and RBAC pitfalls to malicious Docker images and insecure cluster communication—and offers practical mitigation strategies and best‑practice recommendations.

ComplianceContainer SecurityDocker
0 likes · 8 min read
Kubernetes Security: Common Vulnerabilities, Exposures, and Best Practices
DevOps Cloud Academy
DevOps Cloud Academy
Jun 30, 2022 · Information Security

Integrating Trivy Image Security Scanning into GitLab CI/CD Pipelines

This tutorial demonstrates how to set up automated Docker image vulnerability scanning with Trivy, embed the scan into GitLab CI/CD pipelines, handle severity thresholds, schedule recurring scans, and remediate findings by adjusting the Dockerfile, providing a practical DevOps security workflow.

CI/CDCVE scanningContainer Security
0 likes · 10 min read
Integrating Trivy Image Security Scanning into GitLab CI/CD Pipelines
Bilibili Tech
Bilibili Tech
Jun 17, 2022 · Information Security

Container Escape Techniques, Exploits, and Mitigation Strategies

The article explains how attackers can break out of Docker containers by exploiting misconfigurations, vulnerable Docker components, kernel bugs, or Kubernetes RBAC errors, illustrates real‑world exploits such as host‑proc mounts and CVE‑2019‑5736, and provides mitigation steps like limiting privileges, updating software, and securing configurations.

Container SecurityDockerKubernetes
0 likes · 15 min read
Container Escape Techniques, Exploits, and Mitigation Strategies
DevOps Cloud Academy
DevOps Cloud Academy
Mar 14, 2022 · Information Security

Integrating Trivy Vulnerability Scanner with GitLab CI/CD Pipelines

This article explains what Trivy is, how to install and use it for container vulnerability scanning, demonstrates saving results in JSON, and provides a step‑by‑step guide to integrating Trivy into a GitLab CI/CD pipeline with example configuration and troubleshooting tips.

Container SecurityDockerGitLab CI
0 likes · 7 min read
Integrating Trivy Vulnerability Scanner with GitLab CI/CD Pipelines
DevOps
DevOps
Feb 25, 2022 · Information Security

Docker and Kubernetes Security: Challenges, 26 Docker Best Practices, and 7 Kubernetes Hardening Guidelines

This article explains why Docker, the dominant container runtime, introduces significant security risks, outlines eight key container‑security challenges, provides 26 practical Docker hardening recommendations, adds seven Kubernetes protection best practices, and lists eleven essential questions for assessing a secure cloud‑native environment.

Container SecurityDevSecOpsDocker
0 likes · 14 min read
Docker and Kubernetes Security: Challenges, 26 Docker Best Practices, and 7 Kubernetes Hardening Guidelines