Tutorials
In-depth guides and analysis on tutorials from the Safeguard engineering team.
24 articles
How to Find Vulnerabilities in Your Code
A beginner-friendly guide to finding security vulnerabilities in both your own code and the open-source libraries you depend on, using free and open tools.
How to Scan a Container Image for Vulnerabilities
Scan any Docker or OCI image for OS-package and application-layer vulnerabilities, understand the results, and gate risky images before they reach your registry — with copy-paste commands.
How to Check if an npm Package Is Safe
Before you run npm install, learn a quick, repeatable routine to judge whether an npm package is trustworthy — using metadata, known vulnerabilities, and a scan.
How to Generate an SBOM: A Step-by-Step Guide
Produce a spec-compliant CycloneDX or SPDX software bill of materials from any repository in minutes, validate it, and attach it to a release — with real commands you can run today.
How to Read a CVE: A Beginner's Guide
A plain-language walkthrough of what a CVE record contains and how to read one — the ID, description, CVSS score, CWE, affected versions, and whether a fix exists.
How to Run Your First Security Scan
New to security? This beginner walkthrough shows you how to run your first vulnerability scan on a real project, read the results, and know exactly what to do next.
Getting Started: Safeguard Kubernetes Admission
Deploy the Safeguard admission controller to block images with unresolved critical vulnerabilities before they run in your cluster.
Getting Started: Safeguard GitHub Actions Gate
Set up the Safeguard GitHub Action to block risky pull requests on dependency vulnerabilities, license violations, and policy breaches before merge.
Getting Started with Safeguard MCP + ChatGPT
Expose the Safeguard MCP server to ChatGPT so the assistant can run live dependency scans and pull advisory data instead of guessing.
Getting Started with Safeguard MCP + Claude Desktop
Connect the Safeguard MCP server to Claude Desktop so your AI assistant can scan dependencies, read SBOMs, and suggest fixes grounded in real advisory data.
Getting Started with Safeguard CLI: Your First Scan
Install the Safeguard CLI, authenticate, and run your first dependency and SBOM scan in under ten minutes. Covers config, output formats, and CI wiring.
Getting Started with Safeguard IDE Extension (VS Code)
A step-by-step walkthrough for installing, configuring, and using the Safeguard VS Code extension to catch supply chain issues before you commit.