sca
Safeguard articles tagged "sca" — guides, analysis, and best practices for software supply chain and application security.
345 articles
Writing an Open Source Software Policy
An open source software policy is what turns ad-hoc dependency choices into a governed, auditable process — here's what to actually put in one.
Open Source Code Scanning: Tools and Workflow
Open source code scanning tools can cover most of a small team's needs for free, but the workflow around them — what runs where, and who reviews the output — matters more than which tool you pick.
Application Security Vulnerability Management: A Working Workflow
A concrete workflow for application security vulnerability management, from scan to fix to verified close, that survives contact with a real release calendar.
Snyk Supported Languages and Ecosystems: A Reference
A practical reference for Snyk supported languages across SCA and SAST, how Snyk opensource scanning compares to Snyk Code, and what to check before assuming your stack is covered.
Security Testing in the Software Development Lifecycle
Security testing for software development only works when it's distributed across the SDLC, not bolted on as a single pre-release gate — here's where each test type actually belongs.
BSD 3-Clause License Explained
The BSD 3-clause license is one of the most permissive open source licenses in wide use — here's what its three conditions actually require and how it differs from MIT and Apache 2.0.
JavaScript Vulnerability Scanners: How They Actually Work
A javascript vulnerability scanner has to reason about a dynamically typed, dependency-heavy language — which is why the good ones combine static analysis with dependency-graph lookups rather than relying on either alone.
npm Security Vulnerabilities: How to Track Them
A practical system for tracking npm security vulnerabilities across a real dependency tree, why you shouldn't rely on npm check vulnerabilities output alone, and what to automate.
Docker Security Concerns: The Real List
Docker security concerns that actually cause incidents are narrower than most checklists suggest — root-by-default containers, exposed daemon sockets, and unpatched base images account for most real-world breaches.
Vulnerability Scanner Software: Categories and How to Choose
Network scanners, DAST, SCA, SAST, container and cloud scanners all claim the same job. Here is what each category actually finds and how to assemble coverage without buying six consoles.
DevSecOps Tools Comparison 2025: Choosing the Right Stack
The DevSecOps tooling landscape has exploded. From SAST to SCA to SBOM management, this guide compares the major categories and helps you build a coherent security toolchain.
AppSec Vulnerability Management: A Workflow Guide
A step-by-step appsec vulnerability management workflow for teams drowning in scanner output — from intake and triage through prioritization, remediation, and verification.