dependency-scanning
Safeguard articles tagged "dependency-scanning" — guides, analysis, and best practices for software supply chain and application security.
28 articles
Auditing Ruby dependencies for known CVEs with bundler-audit
A step-by-step bundler-audit tutorial for scanning Ruby gems against known CVEs, patching vulnerable dependencies, and enforcing the check in CI.
Finding vulnerable .NET dependencies with dotnet list pac...
A step-by-step guide to scanning C# projects for vulnerable NuGet packages using dotnet list package --vulnerable, plus how to fix and monitor them continuously.
Auditing Rails applications' Gemfile for vulnerable depen...
A practical guide to auditing your Rails Gemfile and Gemfile.lock for vulnerable dependencies using bundler-audit, from triage through CI automation.
package-lock.json integrity checks and the npm audit work...
A step-by-step guide to verifying package-lock.json integrity, running npm audit correctly, and scanning Node.js dependencies for tampering and vulnerabilities.
Best software composition analysis tools for mobile appli...
A no-hype comparison of mobile SCA tools for scanning iOS and Android dependencies, generating SBOMs, and catching open-source vulnerabilities before release.
CVE-2017-18640: Denial of service via SnakeYAML alias ent...
CVE-2017-18640 lets attackers crash Java services by abusing SnakeYAML's YAML alias/anchor expansion. Here's what's affected and how to fix it.
How Snyk Open Source analyzes Cargo.lock for Rust depende...
How Snyk Open Source parses Cargo.lock, matches resolved crate versions against RustSec advisories, and handles Rust workspaces -- a mechanical breakdown of its documented approach.
How Snyk scans NuGet and .NET project files for vulnerabl...
How Snyk resolves NuGet and .NET dependency graphs from csproj, packages.config, and project.assets.json files to find vulnerable packages.
How Snyk scans Composer/PHP and RubyGems dependency manif...
A technical look at how Snyk parses composer.json/composer.lock and Gemfile/Gemfile.lock to build dependency trees and match PHP and Ruby packages against known vulnerabilities.
How Snyk's CLI test command differs technically from the ...
A technical breakdown of how Snyk's snyk test and snyk monitor commands differ mechanically — exit codes, dependency snapshots, and continuous vulnerability tracking.
How the Snyk CLI's --all-projects flag discovers manifest...
A technical look at how Snyk CLI's --all-projects flag walks a repository, matches manifest files, and where directory-depth limits can leave dependencies unscanned.
How to Audit Python Dependencies with pip-audit (and What It Misses)
pip-audit checks your Python dependencies against the PyPA advisory database in one command. Here is how to run it well in CI, and the four gaps it leaves open.