Patent attributes
An example computer-implemented method of providing security for a software container includes discovering credentials that a software container is expected to use at runtime. The discovering is performed prior to instantiation of the software container from a container image, and is based on one or more of credentials stored in the container image, credentials stored in runtime configuration data for the software container, and credentials from a secrets management service. An unsafe credential set is determined that includes one or more of the discovered credentials that do not meet predefined credential safety criteria. A runtime request is intercepted from the software container. A credential violation is detected based on the intercepted runtime request attempting to use a credential from the unsafe discovered credential set. A corrective action is performed for the software container based on the detected credential violation.