Posts tagged "docker"

4 posts tagged with docker

Hardening Docker Containers in Your Homelab: A Defense-in-Depth Approach

December 17, 2025 • 9 min read

Eight security layers that stopped real attacks in homelab testing: minimal base images, user namespaces, seccomp profiles, network segmentation, and more. Defense-in-depth without Kubernetes overhead.

NodeShield: Runtime SBOM Enforcement Stops 98% of Supply Chain Attacks

November 23, 2025 • 10 min read

NodeShield enforces SBOMs at runtime using CBOM policies to prevent supply chain attacks. Homelab Docker deployment guide with attack simulations, 98.3% prevention rate, and <1ms overhead.

Docker Runtime Security Hardening with Linux Security Modules

August 18, 2025 • 9 min read

Harden Docker containers using AppArmor and SELinux for isolation without orchestration overhead. LSM profiles, seccomp filters, and capability dropping at homelab scale.

Sandboxing Untrusted Containers with gVisor: Lessons from G-Fuzz Vulnerability Research

September 25, 2024 • 9 min read

Secure containers with gVisor sandboxing—prevent kernel exploits in Kubernetes clusters while managing 59% startup overhead for untrusted workloads.

Browse other tags

ai (26) alerting (1) apparmor (1) architecture (4) authentication (1) automation (9) backup (1) blockchain (2) breakthrough (1) cloud (3) cognitive-science (1) compliance (2) computational-science (5) container-orchestration (1) container-security (3) containers (1) cryptography (9) cve (1) dashboard (1) defense-in-depth (1) devops (6) ebpf (1) edge-computing (3) eleventy (1) ethics (4) future-technology (3) grafana (2) graylog (1) hardening (1) hardware (1) homelab (29) incident-response (1) infrastructure (3) iot (1) kernel (1) learning (3) linux (2) llm (12) lsm (1) machine-learning (10) mcp (2) monitoring (5) network-security (1) networking (9) nodejs (1) nvd (1) observability (3) ollama (1) open-source (6) optimization (1) optional-tag (1) passwords (1) performance (1) posts (70) primary-tag (1) privacy (8) professional-development (4) programming (10) prometheus (2) proxmox (1) python (6) quantum-computing (1) raspberry-pi (3) research (1) robotics (3) sbom (1) secondary-tag (1) security (39) selinux (1) siem (1) society (1) supply-chain (2) sustainability (4) tertiary-tag (1) threat-detection (3) tutorial (2) virtualization (2) vulnerability-management (5) wazuh (1) web-development (1) zero-knowledge (1) zero-trust (2) zk-snark (1)