reachability-analysis
Safeguard articles tagged "reachability-analysis" — guides, analysis, and best practices for software supply chain and application security.
157 articles
Reachability Analysis Explained: Function-Level vs Packag...
Package-level reachability flags 60% of CVEs as "reachable." Function-level analysis, tracing real call paths, cuts that to under 10%. Here's the difference.
8 tips for securing your CI/CD pipeline
Real incidents like tj-actions and xz-utils show how CI/CD pipelines get compromised. Eight concrete, actionable tips to lock yours down.
Automated Dependency Patches: How Endor-Style Patch Gener...
Endor Labs generates automated dependency patches using reachability and AI rewrites. Here's how the pipeline works, where it breaks, and Safeguard's approach.
Shifting security left: what it really means for teams
Shift left security means catching vulnerabilities at commit time, not audit time. Here's what that requires in practice, with real CVEs and numbers.
Reachability analysis for vulnerability prioritization
Most CVEs your scanner flags are never executed. See how reachability analysis filters noise, how Socket.dev approaches it, and how Safeguard finds real risk.
Board-level reporting on application security risk
Boards now face legal disclosure deadlines on cyber risk. Here's what belongs in a board-level appsec report, how often to deliver it, and what the SEC and NYDFS require.
Reducing false positives in security scanning
Most security scan findings never warrant action. Here's why scanners over-alert, what it costs teams, how Aikido's consolidation approach compares, and what actually cuts false positives.
Understanding zero-day vulnerabilities and incident response
A concrete look at zero-day vulnerabilities and incident response, using Log4Shell, MOVEit, and CISA KEV data to explain how fast defenders must move.
Reachability analysis for prioritizing vulnerabilities
Reachability analysis cuts vulnerability noise by 70-90% by tracing which CVEs are actually callable from your code, not just present in your dependency tree.
The State of Open Source Security report (annual series)
Safeguard's annual State of Open Source Security Report finds transitive dependencies now drive most exposure, and reachability — not CVSS alone — separates mature security programs.
The State of Cloud Native Application Security survey
New 2026 survey data reveals a widening gap between vulnerability alert volume and remediation capacity — and what security teams say actually helps.
PulseMeter report: software supply chain risk perceptions
Safeguard's latest PulseMeter survey finds 71% of teams hit a supply chain incident this year, but only 34% feel confident they'd catch one in time.