Tag
open-source-dependency-scanner
Safeguard articles tagged "open-source-dependency-scanner" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Supply Chain
Open Source Dependency Scanners: A Buyer's Checklist
A practical checklist for evaluating an open source dependency scanner — ecosystem coverage, reachability analysis, license detection, and how each handles transitive dependencies.
Apr 14, 20265 min read
Supply Chain
PyPI Malware in 2026: What Changed
PyPI malware today looks less like typosquats and more like AI-assisted campaigns that mimic legitimate maintainers — here's what shifted and how teams are catching it before install.
Mar 11, 20265 min read
Supply Chain
Open Source Vulnerability Management Tools, Compared
OSV-Scanner, Trivy, Grype, and Dependency-Check all find known CVEs for free, but they differ sharply in language coverage, database freshness, and how far they get you toward an actual fix.
Feb 11, 20266 min read