reachability-analysis
Safeguard articles tagged "reachability-analysis" — guides, analysis, and best practices for software supply chain and application security.
157 articles
Top Docker security vulnerabilities to watch
Runc escapes, exposed Docker APIs, malicious registry images: the Docker vulnerabilities actually driving incidents in 2024-2025, and how to triage what's exploitable.
Container security throughout the SDLC
A clean build-time scan doesn't mean a secure container. Here's why container security has to span code, build, deploy, and runtime — with real CVE examples.
Reachability-based vulnerability prioritization (Polaris ...
Reachability analysis cuts CVE noise by confirming which vulnerabilities are exploitable. Here's how Black Duck's Polaris reachability compares to Safeguard's pipeline-native approach.
The cost of cloud misconfiguration breaches
New breach-cost data shows cloud misconfigurations now cost millions per incident and take months to detect — here's what's driving the trend and how to close the gap.
Reachability Analysis as the Missing Piece of SCA
Most SCA-flagged vulnerabilities aren't exploitable. Here's why reachability analysis — not just dependency matching — is what separates real risk from noise, and where Sonatype falls short.
Building trust in AI-assisted software development
AI writes 30-50% of new code at many shops now, and 45% of it ships with security flaws. Here's how to build real trust in that pipeline.
Best SAST Tools in 2026: Semgrep, CodeQL, Snyk, and the AI Shift Compared
An honest buyer's guide to the best SAST tools in 2026 — from Semgrep and CodeQL to SonarQube, Snyk Code, and Checkmarx — plus how reachability analysis and agentic AI are reshaping static application security testing and where Safeguard fits.
Zero-day risk in third-party AI model dependencies
Malicious Hugging Face models, a trojanized Ultralytics PyPI release, and a torch.load bypass show AI model dependencies now carry real zero-day risk.
Best SCA Tools in 2026: Software Composition Analysis Compared
An honest comparison of the best SCA tools in 2026 — Snyk, Endor Labs, Socket, Mend, Sonatype, JFrog, Trivy, and Safeguard — covering reachability analysis, malicious-package detection, SBOM/AIBOM, and remediation, with a clear best-for line for each.
What is SCA? Software Composition Analysis explained
SCA scans your open-source dependencies for known vulnerabilities and license risk. Here's what it checks, how it differs from SAST, and why reachability matters.
Dependabot Alternatives in 2026: An Honest Buyer's Guide
An honest guide to Dependabot alternatives in 2026 — Renovate, Snyk, Socket, Endor Labs, Mend, and Safeguard — covering dependency updates, reachability analysis, malicious-package detection, and software supply chain security.
When is a CVE not a CVE?
Not all CVEs are equal: NVD's 2024 backlog, disputed curl CVEs, and duplicate OpenSSL bugs show why CVE quality varies wildly.