Safeguard
Tag

sca

Safeguard articles tagged "sca" — guides, analysis, and best practices for software supply chain and application security.

345 articles

Comparisons

Snyk Vulnerability Scanning: How the Engine Actually Works

Snyk vulnerability scanning combines a proprietary vulnerability database with dependency-graph resolution and a separate static analysis engine for code — here's how each piece actually fits together.

Oct 15, 20255 min read
Vulnerability Analysis

CVE-2015-9251: jQuery cross-domain AJAX XSS

CVE-2015-9251 lets attackers exploit jQuery's cross-domain AJAX handling to run arbitrary script. Learn affected versions, risk context, and fixes.

Oct 15, 20257 min read
Vulnerability Analysis

CVE-2022-0235: node-fetch forwards sensitive headers on r...

CVE-2022-0235: node-fetch forwarded cookie and authorization headers across cross-origin redirects. Affected versions, exploitability context, and remediation steps.

Oct 13, 20258 min read
Vulnerability Analysis

CVE-2019-12814: Jackson-databind polymorphic type gadget ...

A look at CVE-2019-12814, a jackson-databind polymorphic typing gadget tied to JAXB classes, its risk profile, and how to remediate it in modern Java stacks.

Sep 30, 20257 min read
Containers

Scanning Docker Images for Vulnerabilities: How To

Knowing how to scan Docker images for vulnerabilities before they ship is the difference between catching a known CVE in CI and finding it in an incident report.

Sep 16, 20255 min read
Supply Chain

SCA vs Static Code Analysis: The Real Difference

Software composition analysis and static code analysis get lumped together constantly, but they read entirely different things and catch entirely different bugs.

Sep 15, 20256 min read
Concepts

What Is a Transitive Dependency?

A transitive dependency is code you never chose but still ship, pulled in by the libraries you did choose. Here is why indirect dependencies dominate your attack surface.

Aug 26, 20255 min read
Open Source Security

How Snyk handles vulnerability remediation for indirect (...

How does Snyk fix vulnerabilities buried in transitive dependencies you never directly installed? A look at dependency graphs, upgrade paths, and pinning.

Aug 23, 20256 min read
Comparisons

The .snyk Ignore File: How It Actually Works

Snyk ignore rules let teams suppress a finding without deleting it from history — here's how the .snyk file's syntax, expiry, and reason fields actually work in practice.

Aug 22, 20255 min read
Open Source Security

How Snyk detects AI/ML-specific libraries during standard...

Snyk's standard SCA treats AI/ML packages like any other dependency, while a separate AI-BOM tool adds static analysis to detect models, agents, and MCP connections.

Aug 19, 20257 min read
Product

How Snyk's JetBrains plugin family supports IntelliJ, PyC...

A mechanical look at how Snyk ships one JetBrains plugin across IntelliJ, PyCharm, WebStorm, GoLand, and Rider using a shared platform and backend scan engine.

Aug 18, 20256 min read
DevSecOps

How Snyk CLI's --severity-threshold and --fail-on flags g...

How Snyk CLI severity-threshold and fail-on flags filter and gate vulnerability findings, plus exit codes and common CI/CD misconfigurations.

Aug 17, 20257 min read
sca (Page 23) — Safeguard Blog