Dependency Management
In-depth guides and analysis on dependency management from the Safeguard engineering team.
7 articles
The Security Implications of Semantic Versioning
Semver promises predictability in dependency management. In practice, it creates a trust model with serious security implications that most developers do not consider.
Setting Up Continuous Dependency Monitoring From Scratch
Point-in-time dependency scans miss vulnerabilities disclosed between scans. Here is how to set up continuous monitoring that catches new threats as they emerge.
Fork Maintenance and Your Security Responsibilities
Forking an open source project means inheriting its security obligations. Here is what organizations need to know before and after forking a dependency.
Security Impact Analysis for Dependency Updates
Updating a dependency is not just a version bump. Here is how to assess the security impact of dependency changes before they reach production.
Migrating Dependencies for Security: A Step-by-Step Guide
When a dependency becomes a security liability, migration is the only real fix. Here is a structured approach to dependency migration that minimizes risk and disruption.
Managing End-of-Life Software Dependencies
Every dependency eventually reaches end of life. Here is a practical framework for identifying, tracking, and migrating away from EOL software before it becomes a security liability.
Evaluating Open Source Alternatives Through a Security Lens
When choosing between open source packages that provide the same functionality, security factors should weigh as heavily as features. Here is a practical evaluation framework.