Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Open Source Security

How Snyk Container parses apk, deb, and rpm package datab...

How Snyk Container reads apk, dpkg, and rpm databases inside image layers to detect OS package vulnerabilities without ever running the container.

Sep 4, 20257 min read
Container Security

How image digest pinning strengthens container supply cha...

How SHA-256 image digests, unlike mutable tags, anchor Snyk container scans to the exact artifact that ships—and why that distinction matters for supply chain integrity.

Sep 4, 20257 min read
Containers

Docker Image Labels: Metadata That Actually Matters

Docker image labels are free-form key-value metadata that, used well, drive SBOM generation, ownership tracing, and vulnerability triage — used poorly, they're just clutter in the Dockerfile.

Sep 3, 20255 min read
Open Source Security

How Snyk Open Source builds a full dependency tree from p...

How Snyk Open Source turns package-lock.json and yarn.lock files into a full dependency graph to power vulnerability matching and fix advice.

Aug 30, 20258 min read
Open Source Security

How Snyk resolves Maven and Gradle dependency graphs incl...

Snyk doesn't parse pom.xml or build.gradle statically -- it invokes real Maven and Gradle tooling to compute the exact dependency graph your build produces.

Aug 30, 20257 min read
Open Source Security

How Snyk Open Source scans Go modules and resolves the Go...

How Snyk Open Source reads go.mod/go.sum, builds the Go module dependency graph, and uses Minimal Version Selection to identify vulnerable versions.

Aug 29, 20257 min read
Product Launch

Safeguard Desktop App: Supply Chain Security Without the Browser Tab

Announcing the Safeguard Desktop App -- a native application for macOS, Windows, and Linux that brings SBOM management, vulnerability tracking, and policy gates to your desktop.

Aug 25, 20256 min read
Open Source Security

How Snyk keeps its license classifications aligned with t...

How Snyk detects, normalizes, and categorizes open source license metadata against the SPDX License List to power its license compliance policies.

Aug 24, 20257 min read
Concepts

What is a Vulnerability Exploitability eXchange (VEX) Statement

A VEX statement is a machine-readable assertion of whether a product is actually affected by a CVE — the document that stops your customers from triaging your SBOM for you.

Aug 22, 20256 min read
Containers

Container Image Security Tools, Compared

A container image security tool scans layers, packages, and configuration inside an image before and after it ships — here's how the major approaches differ and what actually matters when picking one.

Aug 22, 20255 min read
Open Source Security

How Snyk continuously monitors production dependencies fo...

A technical walkthrough of how Snyk's continuous monitoring uses dependency snapshots, vuln-DB updates, and priority scoring to flag newly disclosed CVEs in production.

Aug 22, 20257 min read
Engineering

Java Supply Chain Security Beyond Log4Shell

Log4Shell was the fire drill. The structural problems — unverified Maven resolution, invisible shaded jars, sprawling transitive graphs — are still there. Here's what to actually fix.

Aug 21, 20256 min read
sbom (Page 68) — Safeguard Blog