Safeguard
Tag

open-source-security

Safeguard articles tagged "open-source-security" — guides, analysis, and best practices for software supply chain and application security.

341 articles

Open Source Security

How the Snyk Risk Score's 0-1000 scale is derived from CV...

How Snyk's 0-1000 Risk Score starts from the CVSS impact subscore formula, then layers in exploit maturity, social trends, and reachability data.

Aug 26, 20257 min read
Open Source Security

How Snyk Advisor's package health score weighs popularity...

Snyk Advisor scores packages 0-100 using four signals: popularity, maintenance, community, and security. Here is exactly how each one is calculated.

Aug 25, 20257 min read
Open Source Security

How Snyk detects malicious and typosquatted open-source p...

How Snyk's research team detects malicious and typosquatted open-source packages — from name-similarity heuristics to install-script analysis and source-code provenance checks.

Aug 25, 20256 min read
Open Source Security

How Snyk identifies dependency confusion attacks in priva...

A technical look at how Snyk detects dependency confusion attacks — from vulnerability database malicious-package flags to registry scoping and Advisor scoring.

Aug 25, 20257 min read
Compliance

How Snyk's open-source license compliance engine classifi...

How Snyk's license compliance engine groups open-source licenses and maps them to low, medium, high, and critical severity levels.

Aug 25, 20257 min read
Open Source Security

How Snyk's default license policy is structured and how t...

How Snyk structures its default license policy—severity tiers, unknown-license handling, and PR enforcement—and the concrete steps to customize it for your org.

Aug 24, 20257 min read
Open Source Security

How Snyk keeps its license classifications aligned with t...

How Snyk detects, normalizes, and categorizes open source license metadata against the SPDX License List to power its license compliance policies.

Aug 24, 20257 min read
Open Source Security

How Snyk detects deprecated or unmaintained packages befo...

A look at how Snyk Advisor scores package maintenance health and surfaces deprecated or abandoned dependencies before they turn into security incidents.

Aug 24, 20257 min read
Open Source Security

How Snyk scans NuGet and .NET project files for vulnerabl...

How Snyk resolves NuGet and .NET dependency graphs from csproj, packages.config, and project.assets.json files to find vulnerable packages.

Aug 24, 20257 min read
Open Source Security

How Snyk scans Composer/PHP and RubyGems dependency manif...

A technical look at how Snyk parses composer.json/composer.lock and Gemfile/Gemfile.lock to build dependency trees and match PHP and Ruby packages against known vulnerabilities.

Aug 23, 20256 min read
Open Source Security

How Snyk's exploit maturity rating is researched and assi...

A look at how Snyk researches and assigns exploit maturity ratings — the categories, the manual research process, and how the label shapes vulnerability prioritization.

Aug 23, 20257 min read
Open Source Security

How Snyk handles vulnerability remediation for indirect (...

How does Snyk fix vulnerabilities buried in transitive dependencies you never directly installed? A look at dependency graphs, upgrade paths, and pinning.

Aug 23, 20256 min read
open-source-security (Page 23) — Safeguard Blog