open-source
Safeguard articles tagged "open-source" — guides, analysis, and best practices for software supply chain and application security.
138 articles
Dependency Management for Beginners: Keeping Your Borrowed Code Healthy
Most of your application is packages other people wrote. Dependency management is the everyday craft of choosing them well, updating them safely, and keeping them from becoming a liability. Here is a friendly guide with a first step to try today.
How to Choose an Open Source License
Choosing a license for your project comes down to how much control you want over downstream use. This guide walks through the decision — permissive, weak copyleft, or strong copyleft.
The Best Open Source Security Tools in 2026
You can build a capable security program from free tools. This balanced guide compares Trivy, Grype and Syft, OSV-Scanner, OWASP Dependency-Check, and Dependency-Track — and is honest about when a commercial platform earns its cost.
Open Source License Comparison: MIT, Apache, BSD, GPL, and More
A side-by-side comparison of the major open-source licenses — MIT, BSD, Apache 2.0, MPL, LGPL, GPL, and AGPL — across permissions, conditions, copyleft strength, and patent handling.
How to Secure Your Open Source Dependencies
Most of your code is code you didn't write. This beginner guide covers the practical habits that keep your open-source dependencies safe, from lockfiles to scanning.
Understanding Open Source Security Risk
Open source powers nearly every modern application, but the code you inherit brings risks you did not write. This guide explains where open source risk comes from, how it reaches your product, and how to manage it without abandoning the ecosystem.
What Is the LGPL License? Linking and Weak Copyleft
The GNU Lesser GPL is a weak-copyleft license designed for libraries. It lets proprietary software link to LGPL code without becoming GPL. Here is how the linking rules actually work.
The Best Dependency Scanning Tools in 2026
Dependency scanning is crowded and the tools differ more than the marketing suggests. This balanced guide compares Dependabot, Snyk, Mend, Trivy, Socket, and Safeguard on accuracy, prioritization, and remediation.
What Is the AGPL License? The Network Copyleft, Explained
The GNU Affero GPL closes the SaaS loophole: it extends copyleft to software used over a network. Here is what AGPLv3 requires, why companies treat it cautiously, and what it means for you.
Lessons from the XZ Utils Backdoor: A Three-Year Social Engineering Heist
CVE-2024-3094 was a backdoor patiently planted in XZ Utils over years of social engineering, caught by an engineer chasing half a second of SSH latency. Here is the full story.
What Is a Software Dependency
A software dependency is outside code your program relies on to run. Here is what dependencies are, why modern apps have so many, and why they matter for security.
What Is Open Source License Compliance?
Open source license compliance is the practice of tracking every open source component you use and honoring the legal obligations of its license. Get it wrong and you risk lawsuits, forced code disclosure, or a blocked acquisition.