Safeguard
Topic

Tutorials

In-depth guides and analysis on tutorials from the Safeguard engineering team.

24 articles

Tutorials

How to Create an AIBOM for Your AI Models

Build an AI Bill of Materials that inventories the models, datasets, adapters, and MCP tools your application depends on — using CycloneDX ML-BOM and commands you can run today.

Jul 8, 20265 min read
Tutorials

How to Report a Security Vulnerability

You found a security bug — now what? This beginner guide walks through reporting a vulnerability responsibly, from finding the right contact to writing a clear report.

Jul 8, 20266 min read
Tutorials

How to Choose a Security Scanner

There are dozens of security scanners and the marketing all sounds the same. This beginner guide gives you a simple, hands-on way to pick the right one.

Jul 7, 20267 min read
Tutorials

How to Remediate Transitive Dependency Vulnerabilities

Fix vulnerabilities in the nested packages you never installed directly — trace the import chain, choose between upgrading the parent or overriding the child, and verify the fix without breaking builds.

Jul 7, 20265 min read
Tutorials

How to Secure Your Open Source Dependencies

Most of your code is code you didn't write. This beginner guide covers the practical habits that keep your open-source dependencies safe, from lockfiles to scanning.

Jul 6, 20266 min read
Tutorials

How to Set Up a Vulnerability Policy Gate

Define a written, version-controlled policy for which vulnerabilities block a release, enforce it consistently across CLI and CI, and manage time-boxed exceptions without an allowlist that lives forever.

Jul 6, 20265 min read
Tutorials

How to Audit npm Dependencies for Vulnerabilities

Go beyond npm audit's noisy output — resolve your dependency tree, prioritize by reachability, and fix both direct and transitive vulnerabilities in a Node.js project the right way.

Jul 5, 20265 min read
Tutorials

How to Prioritize Vulnerabilities

A scan gave you a hundred findings and you can't fix them all today. This beginner guide teaches a simple, sensible order for deciding what to fix first.

Jul 5, 20266 min read
Tutorials

How to Scan for Secrets in a Git Repository

Find hardcoded API keys, tokens, and credentials in your working tree and full Git history, stop new leaks at commit time, and remediate a secret that has already been pushed.

Jul 4, 20266 min read
Tutorials

How to Update Dependencies Safely

Updating a library can fix a vulnerability or break your app. This beginner guide shows you how to update dependencies safely, one careful step at a time.

Jul 4, 20266 min read
Tutorials

How to Add Security Scanning to Your CI/CD Pipeline

Wire dependency, container, and secret scanning into GitHub Actions or GitLab CI as a required check that blocks risky merges — with working workflow files and sensible thresholds.

Jul 3, 20266 min read
Tutorials

How to Read an SBOM

An SBOM is a list of everything inside your software. This beginner guide shows you how to open one, understand each field, and turn it into something useful.

Jul 3, 20266 min read
Tutorials — Supply Chain Security Blog | Safeguard