Safeguard
Tag

open-source-security

Safeguard articles tagged "open-source-security" — guides, analysis, and best practices for software supply chain and application security.

341 articles

AI Security

Launching Zero-Day Discovery: How Safeguard's Multi-Agent TAOR Deep Think AI Engine Finds Vulnerabilities Before Anyone Else

Safeguard launches its Zero-Day Discovery Engine, powered by the Multi-Agent TAOR Deep Think AI Engine — a multi-lead, multi-sub-agent architecture that performs deep CWE analysis on open-source packages to uncover vulnerabilities that traditional scanners miss.

Apr 10, 202610 min read
Software Supply Chain Security

What is Software Supply Chain Security

SolarWinds, Log4Shell, and XZ Utils show why software supply chain security now spans code, dependencies, and build pipelines alike.

Apr 4, 20267 min read
Software Supply Chain Security

Malicious dependency attacks in the software supply chain

Dependency confusion attacks let attackers hijack builds by publishing malicious packages with higher version numbers to public registries. Here's how they work and how to stop them.

Apr 4, 20267 min read
Software Supply Chain Security

What is Typosquatting

Typosquatting tricks developers into installing malicious lookalike packages. Learn how it works, real npm/PyPI attacks, and how to detect it.

Apr 4, 20267 min read
Open Source Security

What Are Transitive Dependencies

Transitive dependencies are the packages your code never directly imports but inherits anyway — and where 84% of open source CVEs actually live.

Apr 3, 20266 min read
Open Source Security

Direct vs Transitive Dependencies

Most known vulnerabilities live in transitive dependencies, not the ones in your manifest. Here's how to tell them apart and prioritize what's exploitable.

Apr 3, 20267 min read
Open Source Security

Open Source License Compliance

Redis, Elasticsearch, and Terraform all changed licenses in the last three years. Here's how license compliance actually breaks, and how to catch it before you ship.

Apr 3, 20267 min read
Open Source Security

Types of Open Source Licenses

A breakdown of permissive, copyleft, and source-available license types—MIT, GPL, AGPL, SSPL—and why misclassified licenses create hidden supply chain risk.

Apr 2, 20267 min read
Software Supply Chain Security

Software supply chain security: threat vectors & solutions

Real incidents, real numbers: how modern software supply chain threat vectors work, why SBOMs alone don't stop them, and what actually closes the gap.

Apr 2, 20268 min read
Open Source Security

Software Dependencies: How to Manage Them at Scale

Most apps run 10-20x more dependencies than engineers chose. Here's how reachability analysis and automation manage that risk at scale.

Apr 2, 20266 min read
Open Source Security

What is Dependency Management

Dependency management means tracking, scanning, and patching the open source packages your app relies on -- here's how it works and why it matters.

Apr 2, 20267 min read
Open Source Security

Known Vulnerabilities in Dependencies

Known vulnerabilities in dependencies cause most supply-chain breaches, not because they're undetected but because teams can't tell which ones are reachable.

Apr 1, 20267 min read
open-source-security (Page 8) — Safeguard Blog