Safeguard
Tag

sca

Safeguard articles tagged "sca" — guides, analysis, and best practices for software supply chain and application security.

345 articles

Application Security

Reachability Analysis for JavaScript and TypeScript in 2026

JS reachability with npm's nested trees, dynamic require, ESM/CJS interop, and bundler dead code elimination. What modern tools resolve and what they punt.

Apr 8, 20265 min read
Vulnerability Management

Reachability Analysis vs. SCA: Which Reduces Your Backlog?

SCA lists every CVE in every dependency. Reachability filters to the ones your code actually invokes. Here is how the two compare on a real backlog.

Apr 8, 20268 min read
Supply Chain

Software Supply Chain Threat Protection: A Framework

Software supply chain threat protection means securing the build pipeline and dependency graph itself, not just the code you write — provenance, signing, and SBOMs are the load-bearing pieces.

Apr 8, 20265 min read
Software Supply Chain Security

What is a Software Bill of Materials (SBOM)

An SBOM is a machine-readable inventory of every software component and dependency. Learn what it contains, why it matters, and how Safeguard uses it.

Apr 5, 20266 min read
Best Practices

Buyer Guide: Software Supply Chain Security 2026

A senior-engineer buyer guide for software supply chain security in 2026: what the categories mean, what to test, and what to ignore in vendor pitches.

Apr 4, 20269 min read
Application Security

Application security assessments: a practical guide

A practical, numbers-based guide to running application security assessments -- scope, cadence, findings, and how Safeguard compares to image-hardening tools like Chainguard.

Apr 3, 20267 min read
DevSecOps

Integrating Security Into the DevSecOps Toolchain

Integrating security into the DevSecOps toolchain works when scanning is wired into the tools engineers already use, not bolted on as a separate gate at the end.

Apr 2, 20265 min read
Application Security

Next-Gen SCA Explained: What Changed in 2026

Next-gen SCA tools moved past package-tree scanning to reachability, runtime context, and exploit signal. Here's what actually changed and why it matters.

Apr 2, 20265 min read
Open Source Security

What is Dependency Management

Dependency management means tracking, scanning, and patching the open source packages your app relies on -- here's how it works and why it matters.

Apr 2, 20267 min read
Open Source Security

What is Open Source Security

Open source powers 70-90% of modern codebases. Learn what open source security means, its real risks, and how reachability analysis cuts through the noise.

Apr 1, 20266 min read
Supply Chain

Open Source Security Platforms: What They Actually Do

An open source security platform isn't one tool — it's usually a combination of SCA, license scanning, and vulnerability intelligence stitched into a pipeline that watches your dependencies.

Mar 30, 20266 min read
SBOM

What is a Software Bill of Materials (SBOM) — definitions...

What is an SBOM? A plain-language breakdown of definitions, contents, formats (SPDX vs CycloneDX), compliance drivers, and real use cases like Log4Shell and xz-utils.

Mar 29, 20267 min read
sca (Page 17) — Safeguard Blog