Safeguard
Tag

open-source

Safeguard articles tagged "open-source" — guides, analysis, and best practices for software supply chain and application security.

138 articles

Guides

Dependency Management for Beginners: Keeping Your Borrowed Code Healthy

Most of your application is packages other people wrote. Dependency management is the everyday craft of choosing them well, updating them safely, and keeping them from becoming a liability. Here is a friendly guide with a first step to try today.

Jul 8, 20266 min read
Concepts

How to Choose an Open Source License

Choosing a license for your project comes down to how much control you want over downstream use. This guide walks through the decision — permissive, weak copyleft, or strong copyleft.

Jul 8, 20267 min read
Buyer's Guides

The Best Open Source Security Tools in 2026

You can build a capable security program from free tools. This balanced guide compares Trivy, Grype and Syft, OSV-Scanner, OWASP Dependency-Check, and Dependency-Track — and is honest about when a commercial platform earns its cost.

Jul 7, 20266 min read
Concepts

Open Source License Comparison: MIT, Apache, BSD, GPL, and More

A side-by-side comparison of the major open-source licenses — MIT, BSD, Apache 2.0, MPL, LGPL, GPL, and AGPL — across permissions, conditions, copyleft strength, and patent handling.

Jul 7, 20266 min read
Tutorials

How to Secure Your Open Source Dependencies

Most of your code is code you didn't write. This beginner guide covers the practical habits that keep your open-source dependencies safe, from lockfiles to scanning.

Jul 6, 20266 min read
Concepts

Understanding Open Source Security Risk

Open source powers nearly every modern application, but the code you inherit brings risks you did not write. This guide explains where open source risk comes from, how it reaches your product, and how to manage it without abandoning the ecosystem.

Jul 6, 20266 min read
Concepts

What Is the LGPL License? Linking and Weak Copyleft

The GNU Lesser GPL is a weak-copyleft license designed for libraries. It lets proprietary software link to LGPL code without becoming GPL. Here is how the linking rules actually work.

Jul 5, 20266 min read
Buyer's Guides

The Best Dependency Scanning Tools in 2026

Dependency scanning is crowded and the tools differ more than the marketing suggests. This balanced guide compares Dependabot, Snyk, Mend, Trivy, Socket, and Safeguard on accuracy, prioritization, and remediation.

Jul 4, 20266 min read
Concepts

What Is the AGPL License? The Network Copyleft, Explained

The GNU Affero GPL closes the SaaS loophole: it extends copyleft to software used over a network. Here is what AGPLv3 requires, why companies treat it cautiously, and what it means for you.

Jul 4, 20266 min read
Threat Research

Lessons from the XZ Utils Backdoor: A Three-Year Social Engineering Heist

CVE-2024-3094 was a backdoor patiently planted in XZ Utils over years of social engineering, caught by an engineer chasing half a second of SSH latency. Here is the full story.

Jul 3, 20266 min read
Concepts

What Is a Software Dependency

A software dependency is outside code your program relies on to run. Here is what dependencies are, why modern apps have so many, and why they matter for security.

Jul 3, 20266 min read
Concepts

What Is Open Source License Compliance?

Open source license compliance is the practice of tracking every open source component you use and honoring the legal obligations of its license. Get it wrong and you risk lawsuits, forced code disclosure, or a blocked acquisition.

Jul 3, 20266 min read
open-source — Safeguard Blog