Research
In-depth guides and analysis on research from the Safeguard engineering team.
6 articles
SBOM Quality Across Ecosystems: 2026 Report
The Safeguard Research team measured SBOM quality across ecosystems and generators. The gaps between formats, tools, and languages are larger than most teams assume.
Top 10 Riskiest Transitive Dependencies 2026
The Safeguard Research team built a risk index for transitive dependencies and ranked the ten categories that concentrate the most risk in modern stacks.
AI Code Assistant Package Hallucination Study
The Safeguard Research team measured how often AI coding assistants hallucinate non-existent packages, how sticky those hallucinations are, and what defenders should do.
Abandoned Dependency Risk Study
The Safeguard Research team measured how much abandonment exists in real dependency graphs, how it correlates with risk, and what to do about it.
Reachability Noise Reduction: Findings
The Safeguard Research team ran reachability analysis across a large corpus of real codebases. This is what we learned about which CVEs actually matter.
OSS Malware Trends Q1 2026 (Safeguard Research)
The Safeguard Research team analyzed first-quarter 2026 malicious package telemetry across npm, PyPI, RubyGems, and crates.io. Here is what the data shows.