dependency-updates
Safeguard articles tagged "dependency-updates" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Renovate 2026: Security-Only Mode and OSV Alerts Tested
Renovate's 2026 security presets, OSV-based vulnerability alerts, and 14-day minimum release age combine into a defensible auto-update posture. We tested it on a 240-repo org.
Dependabot vs Renovate vs Autonomous Remediation
Dependabot opens PRs, Renovate manages them, autonomous remediation merges them. A spec-level comparison of three generations of dependency update automation.
Security Debt: Measuring and Paying It Down
Security debt is the gap between the risk you're carrying and the risk you've decided to carry. Here's how to measure it in vuln-days and pay it down without a heroic quarter.
Security Impact Analysis for Dependency Updates
Updating a dependency is not just a version bump. Here is how to assess the security impact of dependency changes before they reach production.