https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Mon, 25 May 2026 00:00:00 GMT https://www.youngju.dev/blog/culture/2026-05-25-container-security-trivy-grype-snyk-sysdig-tetragon-falco-cosign-sigstore-2026-deep-dive.en https://www.youngju.dev/blog/culture/2026-05-25-container-security-trivy-grype-snyk-sysdig-tetragon-falco-cosign-sigstore-2026-deep-dive.en After the 2024 xz backdoor and the 2025 entry into force of the EU Cyber Resilience Act, container supply-chain security is no longer "scan and forget". This is a May 2026 map of the full stack — Trivy/Grype/Snyk/Sysdig image scanners, Tetragon/Falco eBPF runtime security, Cosign/Sigstore keyless signing, in-toto/SLSA levels 1-4, CycloneDX/SPDX SBOMs, distroless images, gVisor/Kata sandboxes, and OPA Gatekeeper vs Kyverno admission controllers. Mon, 25 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) container-securitytrivygrypesnyksysdigtetragonfalcocosignsigstoresbomslsadistrolessgvisorkata-containersopakyverno https://www.youngju.dev/blog/culture/2026-05-25-container-security-trivy-grype-snyk-sysdig-tetragon-falco-cosign-sigstore-2026-deep-dive.ja https://www.youngju.dev/blog/culture/2026-05-25-container-security-trivy-grype-snyk-sysdig-tetragon-falco-cosign-sigstore-2026-deep-dive.ja 2024年のxzバックドア事件と2025年のEU CRA(サイバーレジリエンス法)施行を経て、コンテナのサプライチェーンセキュリティはもはや「スキャンして終わり」ではない。Trivy/Grype/Snyk/Sysdigイメージスキャナー、Tetragon/Falco eBPFランタイムセキュリティ、Cosign/Sigstoreキーレス署名、in-toto/SLSAレベル1〜4、CycloneDX/SPDX SBOM、distrolessイメージ、gVisor/Kataサンドボックス、OPA Gatekeeper対Kyvernoアドミッションコントローラまで——2026年5月時点のサプライチェーンセキュリティ・フルスタック地図。 Mon, 25 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) container-securitytrivygrypesnyksysdigtetragonfalcocosignsigstoresbomslsadistrolessgvisorkata-containersopakyverno https://www.youngju.dev/blog/culture/2026-05-25-container-security-trivy-grype-snyk-sysdig-tetragon-falco-cosign-sigstore-2026-deep-dive https://www.youngju.dev/blog/culture/2026-05-25-container-security-trivy-grype-snyk-sysdig-tetragon-falco-cosign-sigstore-2026-deep-dive 2024년 xz 백도어 사건과 2025년 EU CRA(Cyber Resilience Act) 발효 이후 컨테이너 공급망 보안은 더 이상 "scan하고 끝"이 아니다. Trivy/Grype/Snyk/Sysdig 이미지 스캐너, Tetragon/Falco eBPF 런타임 보안, Cosign/Sigstore 키리스 서명, in-toto/SLSA 1-4 단계, CycloneDX/SPDX SBOM, distroless 이미지, gVisor/Kata 샌드박스, OPA Gatekeeper vs Kyverno 어드미션 컨트롤러까지 — 2026년 5월 현재의 공급망 보안 풀스택 지도. Mon, 25 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) container-securitytrivygrypesnyksysdigtetragonfalcocosignsigstoresbomslsadistrolessgvisorkata-containersopakyverno