The unboring NIST SP 800-190
Practical, non-boring takeaways from NIST SP 800-190 for container security: image scanning and vulnerability management, controlled image provenance, least-privilege runtime restrictions, network segmentation, runtime threat detection, and host-OS hardening.