sca-scanning
Safeguard articles tagged "sca-scanning" — guides, analysis, and best practices for software supply chain and application security.
8 articles
PyPI Malware News: What's Happening and How to Detect It
PyPI malware news keeps repeating the same pattern — typosquats, compromised maintainer accounts, and post-install scripts that exfiltrate credentials — here's how to actually catch it.
Snyk's Market Position: An Independent Read Going Into 2026
Snyk's market position going into 2026 rests on developer-first SCA and container scanning, with SAST and DAST as comparatively newer additions.
SCA Scanning: What It Catches in Practice
SCA scanning finds known CVEs in your open-source dependencies and license conflicts you didn't know you'd agreed to — here's exactly what a scan catches, in order of how often it actually matters.
How snyk-to-html converts CLI scan results into shareable...
A technical look at how snyk-to-html converts Snyk CLI JSON scan output into shareable, self-contained HTML reports for CI pipelines and audits.
SCA Security: What Software Composition Analysis Actually Catches
SCA security scans the open source dependencies that make up most of your codebase, finding known CVEs, risky licenses, and malicious packages. Here is what it catches — and what it does not.
jQuery 3.7.1 Vulnerabilities: What Actually Changed From Earlier Releases
jQuery 3.7.1 vulnerabilities are mostly inherited history, not new CVEs — the real security story is what changed across 3.4, 3.5, and 3.7.
Types of Licenses: A Quick Reference for Engineers
Software licenses split into permissive, copyleft, and proprietary categories, each with different obligations. Here's a quick reference for the types of license engineers actually run into.
Apache 2 License: A Quick Reference
The Apache 2 license is a permissive open source license that allows commercial use, modification, and redistribution, with an explicit patent grant most permissive licenses lack.