securityContext
runAsNonRoot
runAsUser
privileged
procMount
allowPrivilegeEscalation
readOnlyRootFilesystem
PodSecurityPolicy
RBAC
seccomp
Linux Capabilities
AppArmor
SELinux
Falco
Open Policy Agent
NetworkPolicy
gVisor
Kata Containers
Nabla Containers
Service Mesh
mTLS
KubeSec
KubeBench
kubetest
Clair
Vault
Grafeas
notary
Bastion Host
Certificate Rotation
Threat detection
SecOps