dependency-security
Safeguard articles tagged "dependency-security" — guides, analysis, and best practices for software supply chain and application security.
51 articles
Package Firewall: Blocking Malicious Dependencies at Inst...
Malicious npm and PyPI packages are published daily. See why a package firewall that blocks at install time stops attacks that post-hoc scanners catch too late.
npm audit isn't enough: what it misses
npm audit catches known CVEs and stops there. It misses malicious packages, install scripts, and typosquats -- the threats actually landing in npm today.
CI/CD pipeline dependency security integration coverage
How does Safeguard's pipeline-native dependency security compare to Socket.dev's PR-comment model? A concrete look at coverage, enforcement, and deployment options.
Securing mobile app dependencies: CocoaPods and Gradle
CocoaPods and Gradle power millions of mobile apps. See how orphaned pods, build-script RCE, and dependency confusion put them at real risk today.
Electron app security best practices
nodeIntegration, contextIsolation, Chromium patch lag, and npm supply chain risk: the Electron security best practices that actually stop RCE.
Building a secure GraphQL API with Node.js
A practical guide to securing Node.js GraphQL APIs: query complexity limits, field-level authorization, injection-safe resolvers, and CSRF hardening.
10 serverless security best practices
10 concrete, numbers-backed serverless security practices covering IAM least privilege, dependency SBOMs, event injection, and secrets management.
NPM package vulnerabilities: risks and detection
NPM's open, high-velocity ecosystem makes it a top target for supply chain attacks. Here's how vulnerabilities slip past scanners like Trivy undetected.
Repojacking
Aqua Security found nearly 37,000 GitHub repos vulnerable to repojacking, including Google and Lyft. Here's how the attack works and how Safeguard catches it.
What is a Software Supply Chain Attack
A software supply chain attack compromises trusted dependencies or build systems to spread malicious code downstream — here's how it works, and how to stop it.
Known Vulnerabilities in Dependencies
Known vulnerabilities in dependencies cause most supply-chain breaches, not because they're undetected but because teams can't tell which ones are reachable.
Best SCA Tools for Enterprise: 2026 Comparison
A fact-based 2026 review of the best Software Composition Analysis tools for enterprise teams, covering depth, reachability, remediation, and compliance.