Safeguard
Tag

sca

Safeguard articles tagged "sca" — guides, analysis, and best practices for software supply chain and application security.

345 articles

Governance

Writing an Open Source Software Policy

An open source software policy is what turns ad-hoc dependency choices into a governed, auditable process — here's what to actually put in one.

Jun 17, 20254 min read
Supply Chain

Open Source Code Scanning: Tools and Workflow

Open source code scanning tools can cover most of a small team's needs for free, but the workflow around them — what runs where, and who reviews the output — matters more than which tool you pick.

Jun 17, 20255 min read
AppSec

Application Security Vulnerability Management: A Working Workflow

A concrete workflow for application security vulnerability management, from scan to fix to verified close, that survives contact with a real release calendar.

Jun 11, 20255 min read
Comparisons

Snyk Supported Languages and Ecosystems: A Reference

A practical reference for Snyk supported languages across SCA and SAST, how Snyk opensource scanning compares to Snyk Code, and what to check before assuming your stack is covered.

Jun 9, 20255 min read
DevSecOps

Security Testing in the Software Development Lifecycle

Security testing for software development only works when it's distributed across the SDLC, not bolted on as a single pre-release gate — here's where each test type actually belongs.

Jun 9, 20255 min read
Compliance

BSD 3-Clause License Explained

The BSD 3-clause license is one of the most permissive open source licenses in wide use — here's what its three conditions actually require and how it differs from MIT and Apache 2.0.

May 6, 20256 min read
AppSec

JavaScript Vulnerability Scanners: How They Actually Work

A javascript vulnerability scanner has to reason about a dynamically typed, dependency-heavy language — which is why the good ones combine static analysis with dependency-graph lookups rather than relying on either alone.

May 6, 20255 min read
Vulnerabilities

npm Security Vulnerabilities: How to Track Them

A practical system for tracking npm security vulnerabilities across a real dependency tree, why you shouldn't rely on npm check vulnerabilities output alone, and what to automate.

Apr 25, 20255 min read
Containers

Docker Security Concerns: The Real List

Docker security concerns that actually cause incidents are narrower than most checklists suggest — root-by-default containers, exposed daemon sockets, and unpatched base images account for most real-world breaches.

Apr 23, 20255 min read
SecOps

Vulnerability Scanner Software: Categories and How to Choose

Network scanners, DAST, SCA, SAST, container and cloud scanners all claim the same job. Here is what each category actually finds and how to assemble coverage without buying six consoles.

Apr 22, 20255 min read
DevSecOps

DevSecOps Tools Comparison 2025: Choosing the Right Stack

The DevSecOps tooling landscape has exploded. From SAST to SCA to SBOM management, this guide compares the major categories and helps you build a coherent security toolchain.

Apr 20, 20256 min read
AppSec

AppSec Vulnerability Management: A Workflow Guide

A step-by-step appsec vulnerability management workflow for teams drowning in scanner output — from intake and triage through prioritization, remediation, and verification.

Apr 9, 20255 min read
sca (Page 25) — Safeguard Blog