Safeguard
Tag

reachability-analysis

Safeguard articles tagged "reachability-analysis" — guides, analysis, and best practices for software supply chain and application security.

157 articles

Open Source Security

Cargo crate vulnerability trends report

RustSec advisories rose 38% year-over-year as crates.io passed 195,000 packages. A breakdown of where Cargo's supply-chain risk is concentrated in 2026.

Nov 12, 20257 min read
Open Source Security

Rust supply chain security landscape

Rust's crates.io has topped 170,000 packages and real attacks are following. Here's what's changed and how security teams should respond.

Nov 11, 20257 min read
Software Supply Chain Security

Malicious VS Code extensions report

150+ malicious VS Code extensions have been pulled from marketplaces since 2024. Here's how the attacks work — and how to defend against them.

Nov 9, 20258 min read
Software Supply Chain Security

Terraform Registry module vulnerability trends

Registry-wide analysis shows a rising share of Terraform modules carry stale provider pins and insecure defaults — here's what's driving it and how to respond.

Nov 9, 20257 min read
Software Supply Chain Security

Homebrew formula security incidents

A timeline of Homebrew formula security incidents — from the 2018 Jenkins token leak to 2026's Trivy tap compromise — and what Homebrew's Tap Trust fix means for security teams.

Nov 9, 20258 min read
Incident Analysis

jQuery CDN supply chain risk analysis

jQuery loads on ~75% of websites, often via CDNs with no SRI or version pinning. The cdnjs RCE and Polyfill.io hijack show why that trust model keeps failing.

Nov 6, 20258 min read
Open Source Security

How Snyk's reachability analysis determines whether vulne...

A technical walkthrough of how Snyk's reachability analysis builds static call graphs to determine whether vulnerable dependency functions are actually invoked by your code.

Aug 26, 20257 min read
Open Source Security

How reachability analysis coverage differs across Java, J...

Snyk's reachability analysis works differently across Java, JavaScript, and Python — here's why static, typed Java gets deeper coverage than dynamic Python and JS call graphs.

Aug 26, 20257 min read
Open Source Security

How the Snyk Priority Score algorithm blends CVSS, exploi...

How Snyk's Priority Score blends CVSS severity, exploit maturity, and reachability analysis into a single 1-1000 vulnerability ranking score.

Aug 26, 20257 min read
Application Security

Reachability Analysis in 2025: Separating Exploitable Vulnerabilities from Noise

Reachability analysis determines whether a vulnerable function is actually called by your application. The technology has matured from research concept to production tool. Here is how it works and where it falls short.

Jul 28, 20258 min read
Industry Analysis

Runtime Reachability Analysis: Cutting Through Vulnerabil...

Most CVE findings are noise. Here's how runtime reachability analysis separates exploitable risk from theoretical severity, and why CVSS alone can't prioritize your patch queue.

Jul 24, 20258 min read
Concepts

What is a Reachability Analysis in SCA

Reachability analysis checks whether your code actually calls the vulnerable function inside a dependency — the difference between 400 alerts and 12 that matter.

Nov 12, 20246 min read
reachability-analysis (Page 13) — Safeguard Blog