Cloud Security
Container Security
Also known as: Docker security, OCI container security
Definition
The practice of securing container images, registries, orchestrators, and the runtime in which containers execute.
Examples
- Trivy or Grype scanning images in CI; Kyverno or OPA Gatekeeper rejecting privileged pods.
- Falco detecting a shell spawned inside a production container.
Related terms
Kubernetes Security
The protection of a Kubernetes cluster — its API server, control plane, nodes, workloads, and network — from misconfiguration, compromise, and lateral movement.
CWPP (Cloud Workload Protection Platform)
A platform that protects cloud workloads — virtual machines, containers, and serverless functions — across their entire lifecycle, from build to runtime.
CNAPP (Cloud-Native Application Protection)
An integrated security platform that combines CSPM, CWPP, CIEM, IaC scanning, and runtime detection to protect cloud-native applications from build to runtime.
Cloud Security
The set of policies, controls, and technologies that protect data, applications, and infrastructure hosted in public, private, or hybrid cloud environments.
Vulnerability Scanning
Automated process that probes systems, applications, or containers against known vulnerability signatures to produce a list of potential weaknesses.
System Hardening
Reducing the attack surface of a system by removing unnecessary features, tightening configurations, and enforcing secure defaults.