sca
Safeguard articles tagged "sca" — guides, analysis, and best practices for software supply chain and application security.
345 articles
Snyk Vulnerability Scanning: How the Engine Actually Works
Snyk vulnerability scanning combines a proprietary vulnerability database with dependency-graph resolution and a separate static analysis engine for code — here's how each piece actually fits together.
CVE-2015-9251: jQuery cross-domain AJAX XSS
CVE-2015-9251 lets attackers exploit jQuery's cross-domain AJAX handling to run arbitrary script. Learn affected versions, risk context, and fixes.
CVE-2022-0235: node-fetch forwards sensitive headers on r...
CVE-2022-0235: node-fetch forwarded cookie and authorization headers across cross-origin redirects. Affected versions, exploitability context, and remediation steps.
CVE-2019-12814: Jackson-databind polymorphic type gadget ...
A look at CVE-2019-12814, a jackson-databind polymorphic typing gadget tied to JAXB classes, its risk profile, and how to remediate it in modern Java stacks.
Scanning Docker Images for Vulnerabilities: How To
Knowing how to scan Docker images for vulnerabilities before they ship is the difference between catching a known CVE in CI and finding it in an incident report.
SCA vs Static Code Analysis: The Real Difference
Software composition analysis and static code analysis get lumped together constantly, but they read entirely different things and catch entirely different bugs.
What Is a Transitive Dependency?
A transitive dependency is code you never chose but still ship, pulled in by the libraries you did choose. Here is why indirect dependencies dominate your attack surface.
How Snyk handles vulnerability remediation for indirect (...
How does Snyk fix vulnerabilities buried in transitive dependencies you never directly installed? A look at dependency graphs, upgrade paths, and pinning.
The .snyk Ignore File: How It Actually Works
Snyk ignore rules let teams suppress a finding without deleting it from history — here's how the .snyk file's syntax, expiry, and reason fields actually work in practice.
How Snyk detects AI/ML-specific libraries during standard...
Snyk's standard SCA treats AI/ML packages like any other dependency, while a separate AI-BOM tool adds static analysis to detect models, agents, and MCP connections.
How Snyk's JetBrains plugin family supports IntelliJ, PyC...
A mechanical look at how Snyk ships one JetBrains plugin across IntelliJ, PyCharm, WebStorm, GoLand, and Rider using a shared platform and backend scan engine.
How Snyk CLI's --severity-threshold and --fail-on flags g...
How Snyk CLI severity-threshold and fail-on flags filter and gate vulnerability findings, plus exit codes and common CI/CD misconfigurations.