With the right amount of hardening, containers can provide a relatively secure sandbox. It's certainly not built for that which leads to natural weaknesses, but in my experience auditors seem pretty happy with the controls present in OpenShift (page 79): https://www.redhat.com/en/resources/openshift-security-guide...