Safeguard
Tag

dependencies

Safeguard articles tagged "dependencies" — guides, analysis, and best practices for software supply chain and application security.

52 articles

Security Guides

Jackson-databind Security Guide (2026)

Jackson-databind is the default JSON engine for the Java ecosystem — and the source of one of the longest deserialization CVE sagas in open source. Here is how to run it safely.

Jul 4, 20266 min read
Security Guides

Scanning NuGet Packages for Vulnerabilities in .NET

The .NET SDK ships a built-in vulnerability scanner: dotnet list package --vulnerable. Here is how to audit NuGet dependencies with it — and where to go beyond it.

Jul 4, 20265 min read
Security Guides

Auditing Rust Dependencies with cargo-audit

cargo-audit checks your Cargo.lock against the RustSec Advisory Database, flagging vulnerable, yanked, and unmaintained crates. Here is how to use it and extend it.

Jul 3, 20265 min read
Security Guides

Auditing Go Modules with govulncheck

govulncheck is unusual: it uses static analysis to tell you not just which Go dependencies are vulnerable, but whether your code actually reaches the vulnerable function.

Jul 3, 20265 min read
Security Guides

pandas Security Guide (2026)

pandas is the backbone of Python data analysis — and while its own CVE record is thin, the read_pickle deserialization risk is real, the query/eval expression engine invites injection, and most 'pandas findings' actually live in its dependency tree.

Jul 3, 20266 min read
Security Guides

Requests (Python) Security Guide (2026)

The Requests library is how most Python code talks HTTP — and a recurring class of credential-leak-on-redirect CVEs makes its version and config genuinely security-relevant.

Jul 3, 20266 min read
Concepts

What Is a Software Dependency

A software dependency is outside code your program relies on to run. Here is what dependencies are, why modern apps have so many, and why they matter for security.

Jul 3, 20266 min read
Security Guides

Express.js Security Guide (2026)

Express is the default web framework for Node.js — and a small, deep dependency tree that has produced open-redirect, XSS, and ReDoS CVEs. Here is how to run Express safely in 2026.

Jul 2, 20266 min read
Security Guides

Auditing Maven Dependencies with OWASP Dependency-Check

OWASP Dependency-Check is the classic way to scan Java and Maven projects against the NVD. Learn to run it, tame its false positives, and move beyond CPE matching.

Jul 2, 20266 min read
Security Guides

NumPy Security Guide (2026)

NumPy is the numerical foundation of the Python data ecosystem — and while many of its CVEs are disputed, the pickle-based numpy.load deserialization risk is real and worth understanding.

Jul 2, 20266 min read
Guides

SBOM for Beginners: What a Software Bill of Materials Really Is

Modern software is assembled from hundreds of parts you did not write. An SBOM is the ingredient label that lists them all. Here is a warm, beginner-friendly tour with a first SBOM you can generate today.

Jul 2, 20266 min read
Guides

SCA for Beginners: Understanding Software Composition Analysis

Most of your application is code you did not write. Software Composition Analysis helps you keep that borrowed code safe. Here is a beginner-friendly tour with a first scan you can run today.

Jul 2, 20266 min read
dependencies (Page 2) — Safeguard Blog