Safeguard
Tag

dependency-scanning

Safeguard articles tagged "dependency-scanning" — guides, analysis, and best practices for software supply chain and application security.

28 articles

Open Source Security

Auditing Ruby dependencies for known CVEs with bundler-audit

A step-by-step bundler-audit tutorial for scanning Ruby gems against known CVEs, patching vulnerable dependencies, and enforcing the check in CI.

Feb 2, 20267 min read
Open Source Security

Finding vulnerable .NET dependencies with dotnet list pac...

A step-by-step guide to scanning C# projects for vulnerable NuGet packages using dotnet list package --vulnerable, plus how to fix and monitor them continuously.

Jan 31, 20267 min read
Open Source Security

Auditing Rails applications' Gemfile for vulnerable depen...

A practical guide to auditing your Rails Gemfile and Gemfile.lock for vulnerable dependencies using bundler-audit, from triage through CI automation.

Jan 26, 20268 min read
Open Source Security

package-lock.json integrity checks and the npm audit work...

A step-by-step guide to verifying package-lock.json integrity, running npm audit correctly, and scanning Node.js dependencies for tampering and vulnerabilities.

Jan 24, 20268 min read
Buyer's Guides

Best software composition analysis tools for mobile appli...

A no-hype comparison of mobile SCA tools for scanning iOS and Android dependencies, generating SBOMs, and catching open-source vulnerabilities before release.

Nov 9, 20257 min read
Vulnerability Analysis

CVE-2017-18640: Denial of service via SnakeYAML alias ent...

CVE-2017-18640 lets attackers crash Java services by abusing SnakeYAML's YAML alias/anchor expansion. Here's what's affected and how to fix it.

Sep 22, 20257 min read
Open Source Security

How Snyk Open Source analyzes Cargo.lock for Rust depende...

How Snyk Open Source parses Cargo.lock, matches resolved crate versions against RustSec advisories, and handles Rust workspaces -- a mechanical breakdown of its documented approach.

Aug 29, 20257 min read
Open Source Security

How Snyk scans NuGet and .NET project files for vulnerabl...

How Snyk resolves NuGet and .NET dependency graphs from csproj, packages.config, and project.assets.json files to find vulnerable packages.

Aug 24, 20257 min read
Open Source Security

How Snyk scans Composer/PHP and RubyGems dependency manif...

A technical look at how Snyk parses composer.json/composer.lock and Gemfile/Gemfile.lock to build dependency trees and match PHP and Ruby packages against known vulnerabilities.

Aug 23, 20256 min read
Open Source Security

How Snyk's CLI test command differs technically from the ...

A technical breakdown of how Snyk's snyk test and snyk monitor commands differ mechanically — exit codes, dependency snapshots, and continuous vulnerability tracking.

Aug 22, 20257 min read
Product

How the Snyk CLI's --all-projects flag discovers manifest...

A technical look at how Snyk CLI's --all-projects flag walks a repository, matches manifest files, and where directory-depth limits can leave dependencies unscanned.

Aug 15, 20257 min read
Guides

How to Audit Python Dependencies with pip-audit (and What It Misses)

pip-audit checks your Python dependencies against the PyPA advisory database in one command. Here is how to run it well in CI, and the four gaps it leaves open.

Apr 26, 20246 min read
dependency-scanning (Page 2) — Safeguard Blog