Product
In-depth guides and analysis on product from the Safeguard engineering team.
68 articles
Safeguard Q4 2025 Release Recap
A full recap of Q4 2025 at Safeguard: Griffin for Java and .NET, Eagle attestations, Lion serverless, Gold policy-aware remediation, and more.
Safeguard Griffin 3.0 GA: What's New
Griffin 3.0 is now generally available. Here is what changed in the reasoning and remediation model, how it behaves in practice, and the defaults you should know.
Safeguard Q3 2025 Release Recap
A quarterly recap of everything Safeguard shipped in Q3 2025 across Griffin, Eagle, Lion, and Gold — with the improvements, deprecations, and next steps.
Safeguard v5: One Year In — What We Built, What We Learned
A retrospective on Safeguard v5's first year in production, the features that resonated, and where we're headed next.
How the Snyk Language Server powers IDE plugins across VS...
A technical look at how Snyk's Go-based Language Server uses LSP and a delegating scanner pattern to power VS Code, JetBrains, and Eclipse plugins from one binary.
How Snyk's JetBrains plugin family supports IntelliJ, PyC...
A mechanical look at how Snyk ships one JetBrains plugin across IntelliJ, PyCharm, WebStorm, GoLand, and Rider using a shared platform and backend scan engine.
How Snyk's Visual Studio extension scans .NET solutions f...
How Snyk's Visual Studio extension resolves .NET dependency trees, matches NuGet packages against its vulnerability database, and surfaces results in-editor.
How the Snyk CLI's authentication flow issues and stores ...
A technical walkthrough of how Snyk's CLI authenticates via `snyk auth`, where it stores API tokens locally, and why that plaintext credential file is worth protecting.
How the Snyk CLI generates SARIF output for GitHub code s...
A technical walkthrough of how the Snyk CLI serializes scan results into SARIF 2.1.0 and how GitHub code scanning ingests them into Security tab alerts.
How Snyk's GitHub Actions integration scans pull requests...
A mechanical breakdown of how Snyk's GitHub Actions integration scans pull requests: triggers, SARIF uploads, severity thresholds, and what the checks can't see.
How Snyk integrates with Jenkins to fail builds on new vu...
A mechanical look at how the Snyk Jenkins plugin scans manifests, applies severity thresholds, and turns newly disclosed vulnerabilities into failed builds.
How the Snyk CLI's --all-projects flag discovers manifest...
A technical look at how Snyk CLI's --all-projects flag walks a repository, matches manifest files, and where directory-depth limits can leave dependencies unscanned.