dependency-review
Safeguard articles tagged "dependency-review" — guides, analysis, and best practices for software supply chain and application security.
4 articles
GitHub dependency graph and dependency review explained
How GitHub Dependency Graph and Dependency Review actually work, what GitHub Advanced Security adds on top, and where the coverage gaps are for teams relying on manifest-only scanning.
How to Set Up Dependency Review on GitHub Pull Requests
GitHub's dependency-review-action can block PRs that introduce vulnerable or badly-licensed packages. Here is the exact configuration, plus the cases it silently misses.
Rust Tokio Dependency Security Review
Tokio is the async runtime underneath most production Rust. A supply chain review of Tokio and the crates that orbit it — dependencies, CVE history, and what changes across versions.
How to Enable Dependency Review on GitHub PRs
A step-by-step tutorial for turning on GitHub Dependency Review, enforcing license and severity policies, and getting fast feedback on every pull request.