dependency-scanning
Safeguard articles tagged "dependency-scanning" — guides, analysis, and best practices for software supply chain and application security.
28 articles
Finding vulnerable code hidden inside shaded and uber JARs
JFrog found 65% of Log4Shell-affected artifacts embedded raw .class files instead of a jar — invisible to scanners that only read pom.xml metadata.
Python Dependency Scanning: A Practical Guide
Your code is a small fraction of what ships. This is how to inventory, scan, and continuously monitor the Python dependency tree that makes up the rest.
The libwebp heap overflow that patched half the internet: CVE-2023-4863
One heap buffer overflow in a 15-year-old image codec forced Chrome, Firefox, Edge, Electron apps, and entire Linux distros to ship emergency patches within days.
The Best Dependency Scanning Tools in 2026
Dependency scanning is crowded and the tools differ more than the marketing suggests. This balanced guide compares Dependabot, Snyk, Mend, Trivy, Socket, and Safeguard on accuracy, prioritization, and remediation.
How to Secure a Monorepo Without Slowing Every Team Down
Monorepo security fails when every check runs on every commit. Path-filtered CI, CODEOWNERS, per-workspace scanning, and merge queues fix that.
SCA language and package manager coverage comparison
See how Safeguard and Black Duck differ on SCA language and package manager coverage, detection methodology, and transitive dependency depth.
Software Supply Chain Security Solutions: A Comparison Framework
A framework for comparing software supply chain security solutions across the four capabilities that matter, SBOM generation, dependency scanning, provenance verification, and CI/CD gating.
Snyk Open Source vs Safeguard SCA
Two developer-first SCA tools, one honest comparison: vulnerability data, fix automation, noise levels, pricing models, and where each one actually fits.
Pull-request-level dependency scanning on GitHub
Socket.dev popularized flagging risky dependencies inside GitHub pull requests. Here's how that scanning works, where it falls short, and what closes the gaps.
Best Open Source SCA Tools in 2026 (Tested on a Real Monorepo)
OSV-Scanner, Trivy, Grype, Dependency-Check, and dep-scan, all run against the same 4,300-dependency monorepo. Recall, false positives, and scan times measured.
How to set up software composition analysis (SCA)
A practical, step-by-step guide to setting up software composition analysis: choosing a tool, setting policy, and integrating scans into CI/CD.
Using cargo-audit and the RustSec Advisory Database to ca...
A hands-on cargo-audit tutorial: scan Rust dependencies against the RustSec advisory database, interpret results, and block vulnerable crates before they ship.