Safeguard
Topic

Concepts

In-depth guides and analysis on concepts from the Safeguard engineering team.

116 articles

Concepts

What is a Reachability Analysis in SCA

Reachability analysis checks whether your code actually calls the vulnerable function inside a dependency — the difference between 400 alerts and 12 that matter.

Nov 12, 20246 min read
Concepts

What Is RBAC (Role-Based Access Control)

RBAC grants permissions to roles, then assigns people to roles. Learn how this model simplifies access management, its core parts, and where it fits best.

Nov 5, 20246 min read
Concepts

What Is a JWT (JSON Web Token)

A JWT is a compact, signed token that carries claims like who a user is between parties. Learn its three parts, how signing works, and the common security pitfalls.

Oct 15, 20246 min read
Concepts

What is an SBOM Drift

SBOM drift is the gap between what your software bill of materials claims and what the artifact actually contains. Here's how it happens and how to detect it with a diff.

Oct 8, 20247 min read
Concepts

What is Dependency Pinning

Dependency pinning locks every package in your build to an exact, verified version so the code you tested is the code you ship. Here's how to do it per ecosystem.

Oct 8, 20246 min read
Concepts

What Is SAML

SAML lets an identity provider vouch for you to other applications using signed XML assertions. Learn how it powers enterprise single sign-on and how it works.

Sep 24, 20246 min read
Concepts

What Is OpenID Connect (OIDC)

OpenID Connect adds a real identity layer on top of OAuth 2.0. Learn how it proves who a user is, what an ID token contains, and how it differs from plain OAuth.

Sep 10, 20246 min read
Concepts

What Is OAuth

OAuth lets one app access your data in another without ever seeing your password. Learn how delegated access works, what tokens and scopes do, and why it matters.

Aug 20, 20246 min read
Concepts

What Is MFA (Multi-Factor Authentication)

MFA requires two or more independent proofs of identity before letting you in. Learn how it works, why it blocks stolen-password attacks, and the factor types involved.

Aug 6, 20246 min read
Concepts

What Is Authorization

Authorization decides what an already-verified identity is allowed to do. Learn how it differs from authentication, how permission checks work, and the models that power them.

Jul 23, 20246 min read
Concepts

What Is Authentication

Authentication is how a system proves you are who you claim to be. Here is what it means, how it works, the factors involved, and why it is the foundation of every access decision.

Jul 9, 20246 min read
Concepts

What is Red Teaming

Red teaming emulates a real adversary to test not just your defenses but your ability to detect and respond. Here's how it works and how it differs from a pentest.

Jun 20, 20245 min read
Concepts (Page 9) — Supply Chain Security Blog | Safeguard