https://www.bvbej.com/tags/%E5%AE%89%E5%85%A8/Recent content in 安全 on BvBeJ的小站Hugozh-CNWed, 27 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-rootless-mode-practice/Wed, 27 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-rootless-mode-practice/最小权限运行可以提升安全性，但要评估网络和存储差异https://www.bvbej.com/posts/kubernetes-secret-rotation/Fri, 22 May 2026 00:00:00 +0000https://www.bvbej.com/posts/kubernetes-secret-rotation/密钥轮换要设计双版本兼容窗口，避免瞬时全量失败https://www.bvbej.com/posts/container-runtime-isolation-tradeoff/Thu, 14 May 2026 00:00:00 +0000https://www.bvbej.com/posts/container-runtime-isolation-tradeoff/隔离强度越高越安全吗？答案取决于威胁模型和性能预算。https://www.bvbej.com/posts/kubernetes-networkpolicy-baseline/Wed, 13 May 2026 00:00:00 +0000https://www.bvbej.com/posts/kubernetes-networkpolicy-baseline/网络隔离要先划清信任边界，再逐步收敛规则https://www.bvbej.com/posts/docker-runtime-security-profiles/Tue, 12 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-runtime-security-profiles/镜像安全只是第一层，运行时策略才是最后防线https://www.bvbej.com/posts/rust-unsafe-audit-checklist/Thu, 07 May 2026 00:00:00 +0000https://www.bvbej.com/posts/rust-unsafe-audit-checklist/unsafe 不可避免，但必须可审计、可证明、可回归https://www.bvbej.com/posts/docker-sbom-signing-pipeline/Sat, 02 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-sbom-signing-pipeline/镜像安全要从构建阶段开始，把可追溯和可验证做进流水线https://www.bvbej.com/posts/docker-image-security-hardening/Thu, 16 Apr 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-image-security-hardening/镜像优化不只是减小体积，真正上线时还要关心攻击面、权限模型和供应链风险