Safeguard
Tag

dependency-graph

Safeguard articles tagged "dependency-graph" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Vulnerability Management

SBOM-based blast radius analysis for vulnerable dependencies

An SBOM tells you what's inside one artifact. It takes a dependency graph across every service to know what breaks first when a library gets a CVE.

Jul 9, 20266 min read
Open Source Security

Transitive dependency vulnerabilities explained

A vulnerability three layers deep in your dependency graph is still your problem. Here's how transitive flaws like Log4Shell hide, spread, and get fixed.

Apr 30, 20267 min read
Open Source Security

How Snyk calculates direct versus transitive dependency v...

Snyk splits vulnerability exposure into direct and transitive dependencies using lockfile graphs, CVE version-range matching, and path-level reachability analysis.

Aug 27, 20257 min read
Concepts

What Is a Transitive Dependency?

A transitive dependency is code you never chose but still ship, pulled in by the libraries you did choose. Here is why indirect dependencies dominate your attack surface.

Aug 26, 20255 min read
Open Source Security

How Snyk resolves CocoaPods and Swift Package Manager dep...

How Snyk parses Podfile.lock for CocoaPods and invokes the Swift toolchain to resolve Swift Package Manager dependencies when scanning iOS codebases.

Aug 21, 20257 min read
Open Source Security

Go Dependency Visualization for Security

The Go module graph is comparatively small, which makes it one of the few ecosystems where visualizing dependencies is actually useful for security review rather than just pretty.

Apr 12, 20247 min read
Software Supply Chain

Dependency Graph Analysis: Finding Hidden Transitive Risks

Your project has 50 direct dependencies. It actually depends on 1,200 packages. Transitive dependency analysis is how you find the risks hiding three layers deep.

Dec 1, 20228 min read
dependency-graph — Safeguard Blog