sca
Safeguard articles tagged "sca" — guides, analysis, and best practices for software supply chain and application security.
345 articles
Reachability Analysis for JavaScript and TypeScript in 2026
JS reachability with npm's nested trees, dynamic require, ESM/CJS interop, and bundler dead code elimination. What modern tools resolve and what they punt.
Reachability Analysis vs. SCA: Which Reduces Your Backlog?
SCA lists every CVE in every dependency. Reachability filters to the ones your code actually invokes. Here is how the two compare on a real backlog.
Software Supply Chain Threat Protection: A Framework
Software supply chain threat protection means securing the build pipeline and dependency graph itself, not just the code you write — provenance, signing, and SBOMs are the load-bearing pieces.
What is a Software Bill of Materials (SBOM)
An SBOM is a machine-readable inventory of every software component and dependency. Learn what it contains, why it matters, and how Safeguard uses it.
Buyer Guide: Software Supply Chain Security 2026
A senior-engineer buyer guide for software supply chain security in 2026: what the categories mean, what to test, and what to ignore in vendor pitches.
Application security assessments: a practical guide
A practical, numbers-based guide to running application security assessments -- scope, cadence, findings, and how Safeguard compares to image-hardening tools like Chainguard.
Integrating Security Into the DevSecOps Toolchain
Integrating security into the DevSecOps toolchain works when scanning is wired into the tools engineers already use, not bolted on as a separate gate at the end.
Next-Gen SCA Explained: What Changed in 2026
Next-gen SCA tools moved past package-tree scanning to reachability, runtime context, and exploit signal. Here's what actually changed and why it matters.
What is Dependency Management
Dependency management means tracking, scanning, and patching the open source packages your app relies on -- here's how it works and why it matters.
What is Open Source Security
Open source powers 70-90% of modern codebases. Learn what open source security means, its real risks, and how reachability analysis cuts through the noise.
Open Source Security Platforms: What They Actually Do
An open source security platform isn't one tool — it's usually a combination of SCA, license scanning, and vulnerability intelligence stitched into a pipeline that watches your dependencies.
What is a Software Bill of Materials (SBOM) — definitions...
What is an SBOM? A plain-language breakdown of definitions, contents, formats (SPDX vs CycloneDX), compliance drivers, and real use cases like Log4Shell and xz-utils.