8 Container Security Best Practices for 2026

Container security programs often lose effectiveness when controls are implemented without connecting them to specific attack outcomes. For example, running a container as root can increase the impact of a container escape or privilege escalation path, while non-root execution reduces what an attacker can do with that foothold. This article connects each control to the risk it is meant to reduce.

What follows is eight practices organized in a typical platform-security sequence, from image hardening before deployment through orchestration security in production. Each practice covers what it protects against, how to implement it, and where its coverage ends. No practice protects against everything, and being clear about coverage gaps is more useful than pretending comprehensive coverage is achievable from a single control.

Key Takeaways

• Container security protects container images, running containers, the engine, and orchestration through build-time scanning, deploy-time policies, and runtime monitoring.
• Secure container images use minimal base images such as Distroless, CVE scanning with Trivy or Grype, and Cosign signature verification before deployment.
• Containers should run as non-root users with read-only root filesystems and dropped Linux capabilities to reduce privilege escalation paths and make persistence harder.
• Kubernetes admission controllers enforce the Restricted pod security profile to prevent privileged containers and host filesystem mounts at deployment.
• RBAC assigns least-privilege service accounts to workloads while workload identity federation replaces static tokens for secure cloud resource access.
• Regular base image rebuilds triggered by updates and CISA Known Exploited Vulnerabilities prioritization help teams remediate actively exploited vulnerabilities faster.
• Container incident response plans should define how to preserve snapshots and Kubernetes audit logs before terminating ephemeral pods so investigations retain key evidence.

Container Security: A Refresher

Container security is the set of controls that protect container images, running containers, the container engine, and the orchestration layer from exploitation and unauthorized access.

The definition that matters operationally has three phases.

Build-time security catches problems in the container image before it is deployed: CVEs in base images and dependencies, misconfigurations in Dockerfiles, and secrets accidentally committed to image layers.

Deploy-time security enforces policies at the Kubernetes admission layer: which images are allowed to run, what privileges they can claim, and what network traffic is permitted between pods.

Runtime security monitors running containers for behavior that indicates active exploitation: unexpected processes, outbound connections to unusual destinations, and writes to filesystems that should be read-only.

Many container security programs start with build-time scanning, but runtime monitoring is still needed because exploitation, lateral movement, and persistence attempts happen after a workload is deployed.

Why Container Security Is Crucial Across The Software Development Lifecycle

The thing about container vulnerabilities is that they have a delay built in. A CVE introduced in a base image at the build stage becomes a production incident when a public exploit drops weeks or months after the image is already running across a hundred pods. The build and the breach are separated by time, which makes the connection non-obvious and the remediation reactive.

The concrete outcomes container security controls prevent are ordered by severity: code execution inside the container, lateral movement to adjacent services, container escape to the host, and distribution of a compromised image that multiplies the initial compromise across every environment that pulls it. Each outcome requires a different control to prevent it, and each is a step in the same attack chain.

The 2026 Verizon DBIR illustrates why rapid vulnerability management remains a critical part of container security. The report found that exploitation of vulnerabilities became the most common initial access vector for breaches, rising to 31% of the reporting dataset. While the DBIR is not container-specific, the trend reinforces the need to scan container images, fix vulnerable dependencies, rebuild patched base images quickly, and prevent risky workloads from reaching production.

Key Components Of Container Architecture To Secure

Container Images

Container images are the build artifact everything else runs from. A vulnerable image deployed across a thousand pods is a thousand attack surfaces. Image security requires three controls working together: scanning every image for CVEs before it enters the registry, using minimal base images that exclude tools the application does not need, and signing images so the runtime can verify they have not been tampered with between build and deployment.

The specific risk of an oversized base image is practical: every extra shell, package manager, network utility, or unused library gives an attacker more options after code execution. Minimal images reduce those options, while general-purpose images often include tools that production applications do not need.

Container Registries

A registry that allows unauthenticated pulls, or that does not enforce image signature verification, is a supply chain attack vector. An attacker who can push a compromised image to a registry used by production clusters achieves code execution across every environment that pulls that image on the next deployment cycle without needing to compromise any running system directly.

Registry security requires authentication and authorization on every registry operation, vulnerability scanning integrated at push time so images are assessed before they can be pulled, and signature verification enforced at pull time so only images from trusted signers can be deployed.

Container Orchestrators

Kubernetes default configurations are not secure. A default cluster allows pods to run as root, does not enforce network policies between pods, and does not restrict which host paths pods can mount. Each default represents a concrete privilege escalation or lateral movement path that requires explicit configuration to close.

Kubernetes API server access controls require TLS on all connections, authentication for every request, and authorization policies that restrict which principals can perform which operations on which resource types. RBAC is the mechanism that implements authorization. A cluster without RBAC configured, or with wildcard rules such as verbs: ["*"], effectively grants broad access to authenticated users.

Container Engine

The container engine, including Docker, containerd, and CRI-O, executes containers and manages their lifecycle. A container with access to the Docker socket can use it to launch new privileged containers, mount the host filesystem, and compromise the host. The Docker socket should not be mounted into a container.

Shared Responsibility Model In Container Security

In managed Kubernetes services such as EKS, AKS, and GKE, the cloud provider generally secures the control plane, while customers remain responsible for workloads, container images, RBAC/IAM policy, pod configuration, and many network and security controls. Exact responsibilities vary by provider and cluster mode.

The AWS ECS security best practices guide documents this type of boundary explicitly for Amazon’s managed container service, and the same shared-responsibility principle applies across major cloud providers.

A dangerous misconception in container security is that a managed Kubernetes service means the cloud provider handles pod security. It does not. A misconfigured pod security standard, an overpermissive RBAC role, or a vulnerable container image in a managed Kubernetes cluster remains a customer-side risk unless the managed service explicitly covers that control.

Platform teams typically own cluster-level controls such as Pod Security Admission, network policies, RBAC configurations, and node hardening. Application teams typically own image-level controls such as base image selection, dependency management, and Dockerfile hygiene. Runtime monitoring is often shared, because platform teams configure the monitoring infrastructure and application teams help define what normal behavior looks like in their workloads.

Common Challenges In Securing Containers

Complexity. Containers are ephemeral and dynamic. A pod that existed for 30 minutes and was then destroyed may never appear in a manual inventory review. Automated continuous discovery is required. Manual inventory processes miss the most transient workloads, which tend to be the most loosely configured ones because they were spun up quickly.

Vulnerability management. Container images have layered filesystems. A CVE can exist in the base image layer, in a package installed by the Dockerfile, or in an application dependency pulled at build time. Scanning only application dependencies misses OS-level CVEs in the base image. Scanning only the base image misses CVEs in application libraries. Complete coverage requires scanning the full image filesystem.

Configuration errors. Misconfigurations in Kubernetes happen fast and at scale. A permissive admission controller policy allows any developer with namespace-level deployment permissions to run a privileged container on any node. The misconfiguration applies to every workload in the cluster, not just the one that introduced it.

Visibility and monitoring. Traditional monitoring tools do not understand pod identity, namespace boundaries, service account permissions, or the relationship between a container image and the workload running it. Security monitoring for containers requires tools that understand the Kubernetes object model and can correlate a runtime finding with the image, deployment, and service account that produced it.

Eight Best Practices To Fortify Your Container Security

1. Ensuring Secure Container Images

Use minimal, purpose-built base images. Google Distroless and many hardened images reduce attack surface by omitting shells, package managers, and debugging tools that production applications do not need. Alpine is also small, but it includes a package repository and uses the apk package manager, so it should not be described the same way as distroless images. Removing unnecessary tools limits an attacker’s options after code execution.

Scan every image for CVEs before it enters the registry and again when images are pushed or promoted. Tools such as Trivy and Grype scan container images and filesystems for OS package and application dependency vulnerabilities. Where the registry or admission controller supports enforcement, block deployment of images with unresolved critical vulnerabilities above a defined policy threshold.

Sign images using Cosign and enforce signature verification in the Kubernetes admission controller using OPA Gatekeeper or Kyverno. An unsigned image or one whose signature does not match a trusted signer identity is rejected before the container starts. This is the supply chain control that prevents a compromised registry image from reaching production.

2. Reducing The Attack Surface

Run containers as non-root users. Set the USER instruction in the Dockerfile or configure runAsNonRoot and runAsUser in Kubernetes. If a workload is compromised, non-root execution reduces the privileges available to the attacker and can reduce the impact of a container escape, depending on the runtime and host configuration.

Use read-only root filesystems (readOnlyRootFilesystem: true in the container security context). This mounts the container’s root filesystem as read-only, limiting changes to application files and many persistence techniques. Workloads that need writable paths should use explicitly mounted volumes or temporary filesystems with narrow scope.

Drop all Linux capabilities by default (capabilities.drop: ["ALL"]) and add back only the specific capabilities the application requires. Many applications need no added Linux capabilities. Treat SYS_ADMIN as especially sensitive because it enables a broad set of administrative operations and is frequently called out in container-hardening guidance.

3. Utilizing Robust Container Security Tools

Tool selection matters because the tool category determines the attack phase it covers and no single tool covers all three.

Build-phase tools such as Trivy, Grype, and Clair scan images for CVEs and misconfigurations before deployment. They do not detect runtime threats. Deploy-phase tools such as OPA Gatekeeper and Kyverno enforce admission policies that block non-compliant pods from starting. They do not detect vulnerabilities in images or runtime anomalies. Runtime tools such as Falco and Tetragon detect anomalous behavior in running containers. They do not scan for CVEs or enforce admission policies.

A team that deploys only a build-phase scanner has limited visibility into what happens after deployment. A team that deploys only a runtime detection tool has limited control over which images are allowed to run. A practical tool stack should cover build, deployment, and runtime controls.

4. Preparing An Incident Response Plan

A container-specific incident response plan must address the ephemeral nature of containers. When a pod terminates, its filesystem and process state are gone. Evidence preservation requires capturing runtime state before terminating a compromised container, not after.

The steps that differ from a VM incident response: preserve the container filesystem snapshot and process list before terminating the pod, capture Kubernetes audit log events for the affected namespace covering the period before the incident was detected, and identify the image digest of the running container to trace it back to the specific build and CI/CD pipeline run that produced it.

NIST SP 800-61 Rev. 3 provides current incident response recommendations and supersedes SP 800-61 Rev. 2. Container-specific additions include the evidence preservation procedure for ephemeral workloads, the Kubernetes audit log retention configuration required for post-incident investigation, and the image provenance tracing process that connects a compromised runtime container to its source build.

Without those additions in place before an incident, investigators may lose key evidence. If the pod has terminated, audit logs were not retained, or the image digest was not recorded, the team may be unable to reconstruct the full path from build artifact to runtime compromise.

5. Implementing Regular Audits

Container security configuration drifts. An admission controller policy that was enforcing pod security standards last month may have had exceptions added that were never removed. An RBAC role scoped to read-only access may have had write permissions added for a specific incident and never reverted. Both are common. Neither shows up in a quarterly manual audit if the audit checks policy existence rather than current configuration state.

Continuous automated assessment can catch configuration drift soon after it is introduced. The CIS Kubernetes Benchmark provides consensus-based secure configuration guidance for Kubernetes, with the current CIS page listing Kubernetes Benchmark version 2.0.1. Running benchmark checks on a schedule against live cluster configuration produces a drift signal rather than relying only on point-in-time reviews.

Kubernetes network policies that restrict pod-to-pod communication should be audited to verify the CNI plugin actually enforces them. Network policies are Kubernetes objects, but enforcement requires a CNI plugin that supports them, such as Calico or Cilium. A cluster using a CNI plugin that does not enforce network policies has the policies defined but not applied. That gap is easy to miss in a review that checks whether policy objects exist rather than whether they are enforced.

6. Enforcing Strict Access Controls

Kubernetes RBAC governs which principals can perform which operations on which resource types in which namespaces. Wildcard rules such as verbs: ["*"] or resources: ["*"] are risky because Kubernetes warns they can grant overly permissive access to current and future resources. Review service accounts that can create or update workload resources carefully, because broad deployment permissions can undermine pod-security controls.

Each workload should have its own service account with only the permissions it actually uses. Pods that do not need Kubernetes API access should set automountServiceAccountToken: false. In Kubernetes v1.22 and later, Kubernetes provides short-lived, automatically rotating service account credentials by default for the assigned service account; a compromised container can still use those credentials within their scope.

Use cloud-native workload identity instead of static cloud keys where possible: EKS Pod Identity or IAM Roles for Service Accounts (IRSA) on AWS, Workload Identity Federation for GKE on Google Cloud, and Microsoft Entra Workload ID on AKS. These approaches reduce reliance on long-lived credentials in containers and limit the blast radius if a workload is compromised.

7. Updating And Patching Regularly

Container base images receive CVE patches on the provider’s update schedule. An image built six months ago from an unpatched base contains every CVE published against that base image’s packages since the build date. The CVEs accumulate quietly while the image continues running in production because nothing has visibly broken.

Automate base image rebuild notifications using registry webhook integrations. When a base image is updated in the registry, the dependent application image build pipelines should trigger automatically to produce a new image from the updated base. Manual tracking of base image updates does not scale past a handful of images, and in practice it stops happening after the first few months.

CISA’s Known Exploited Vulnerabilities catalog is a high-priority patching signal because it lists vulnerabilities known to have been exploited in the wild. Container images with KEV-listed CVEs in their base image or application dependencies should be prioritized regardless of CVSS score, because KEV indicates observed exploitation rather than only theoretical severity.

8. Protecting Container Orchestration

The Kubernetes attack surface is large. The API server, etcd, the kubelet, and the dashboard each represent an access point that, if compromised, provides control over the entire cluster.

Enable Pod Security Admission with the Restricted profile enforced at the namespace level where workloads can meet it. The Restricted profile builds on Baseline and requires controls such as non-root execution, no privilege escalation, seccomp profile enforcement, and dropping all Linux capabilities except NET_BIND_SERVICE when explicitly added. Use readOnlyRootFilesystem as an additional hardening control because it is a SecurityContext setting, not a Restricted-profile requirement.

Encrypt Kubernetes API data at rest. By default, the API server stores plaintext resource data in etcd unless encryption at rest is configured; the default identity provider provides no confidentiality protection. Configure the Kubernetes EncryptionConfiguration API for Secrets and other sensitive resources, and verify existing resources are rewritten so they are encrypted in storage.

Enable Kubernetes audit logging with a retention policy that matches the organization’s regulatory and forensic requirements. Kubernetes supports audit log retention settings through the audit log backend. HIPAA requires audit controls for systems that contain or use ePHI, while its six-year retention language applies to required Security Rule documentation. PCI DSS v4.0.1 requirement 10.5.1 requires retaining audit log history for at least 12 months, with recent logs available for analysis. Without audit logging, teams may lack evidence of Kubernetes API operations before or during an incident.

Open Source Container Security Tools By Use Case

The container security tool landscape maps to pipeline stage. Selecting tools without mapping them to the specific vulnerability class and stage they address produces coverage gaps that are invisible until an incident reveals them.

For image vulnerability scanning: Trivy supports OS packages, language-specific packages, IaC files, and Kubernetes coverage; Grype scans container images, filesystems, and SBOMs for known vulnerabilities across major OS and language ecosystems; Clair is commonly used in registry-integrated scanning workflows.

For runtime threat detection: Falco detects and alerts on abnormal behavior across hosts, containers, Kubernetes, and cloud environments using kernel events, plugins, and rules. Tetragon provides eBPF-based security observability and runtime enforcement, including the ability to filter, block, or react to selected events in the kernel.

For admission control: OPA Gatekeeper uses Rego for policy authoring, while Kyverno uses Kubernetes-native policy resources. Both can enforce admission policies at the Kubernetes API layer before containers start.

For supply chain integrity: Cosign supports image signing and verification, while Syft generates SBOMs for container images and filesystems in formats such as SPDX and CycloneDX. Those formats support federal SBOM expectations associated with Executive Order 14028 guidance, but organizations still need to meet the applicable procurement, attestation, and documentation requirements.

How Orca Security Approaches Container Security

Most container security programs lack the context needed to prioritize findings effectively. A critical CVE carries different risk depending on how and where the container is deployed. A critical CVE in a container image is not the same risk whether the container is running on an internal development workload with no data access or on an internet-facing API service with read access to a customer PII database. The CVSS score is identical. The production risk is not. Closing that gap requires cloud deployment context that pipeline-only tools cannot provide.

Orca Security uses agentless SideScanning™ to analyze cloud workloads through the runtime block storage layer and combine workload data with cloud provider metadata. Orca’s technical brief describes SideScanning as reading security-related data from VMs, containers, Kubernetes, databases, data stores, managed services, and serverless without deploying agents on each workload.

For container security specifically, Orca correlates image-level findings with cloud deployment context such as exposure, identity permissions, workload configuration, and sensitive-data risk. That context helps teams prioritize a critical CVE on an exposed, privileged workload differently from the same CVE on an isolated internal workload.

Each finding maps to the specific CIS Kubernetes Benchmark control, NIST SP 800-190 control, and compliance framework requirement it violates, producing the evidence audit teams need alongside the remediation step the platform team needs to implement.

Frequently Asked Questions About Container Security