Safeguard
Tag

reachability-analysis

Safeguard articles tagged "reachability-analysis" — guides, analysis, and best practices for software supply chain and application security.

157 articles

Industry Analysis

Reachability Analysis Explained: Function-Level vs Packag...

Package-level reachability flags 60% of CVEs as "reachable." Function-level analysis, tracing real call paths, cuts that to under 10%. Here's the difference.

May 18, 20267 min read
DevSecOps

8 tips for securing your CI/CD pipeline

Real incidents like tj-actions and xz-utils show how CI/CD pipelines get compromised. Eight concrete, actionable tips to lock yours down.

May 18, 20266 min read
Vulnerability Management

Automated Dependency Patches: How Endor-Style Patch Gener...

Endor Labs generates automated dependency patches using reachability and AI rewrites. Here's how the pipeline works, where it breaks, and Safeguard's approach.

May 16, 20267 min read
DevSecOps

Shifting security left: what it really means for teams

Shift left security means catching vulnerabilities at commit time, not audit time. Here's what that requires in practice, with real CVEs and numbers.

May 15, 20266 min read
Product

Reachability analysis for vulnerability prioritization

Most CVEs your scanner flags are never executed. See how reachability analysis filters noise, how Socket.dev approaches it, and how Safeguard finds real risk.

May 8, 20267 min read
Compliance

Board-level reporting on application security risk

Boards now face legal disclosure deadlines on cyber risk. Here's what belongs in a board-level appsec report, how often to deliver it, and what the SEC and NYDFS require.

May 7, 20267 min read
Best Practices

Reducing false positives in security scanning

Most security scan findings never warrant action. Here's why scanners over-alert, what it costs teams, how Aikido's consolidation approach compares, and what actually cuts false positives.

May 4, 20267 min read
Vulnerability Analysis

Understanding zero-day vulnerabilities and incident response

A concrete look at zero-day vulnerabilities and incident response, using Log4Shell, MOVEit, and CISA KEV data to explain how fast defenders must move.

Apr 30, 20266 min read
Vulnerability Analysis

Reachability analysis for prioritizing vulnerabilities

Reachability analysis cuts vulnerability noise by 70-90% by tracing which CVEs are actually callable from your code, not just present in your dependency tree.

Apr 29, 20268 min read
Open Source Security

The State of Open Source Security report (annual series)

Safeguard's annual State of Open Source Security Report finds transitive dependencies now drive most exposure, and reachability — not CVSS alone — separates mature security programs.

Apr 25, 20267 min read
Industry Analysis

The State of Cloud Native Application Security survey

New 2026 survey data reveals a widening gap between vulnerability alert volume and remediation capacity — and what security teams say actually helps.

Apr 25, 20267 min read
Software Supply Chain Security

PulseMeter report: software supply chain risk perceptions

Safeguard's latest PulseMeter survey finds 71% of teams hit a supply chain incident this year, but only 34% feel confident they'd catch one in time.

Apr 25, 20267 min read
reachability-analysis (Page 5) — Safeguard Blog