Safeguard
Tag

sca

Safeguard articles tagged "sca" — guides, analysis, and best practices for software supply chain and application security.

345 articles

AppSec

PHP 7.3 to 7.4 Version Vulnerabilities: A Security Changelog

PHP 7.4 vulnerabilities span years of unsupported point releases; here is what changed security-wise across the 7.3 and 7.4 lines and why staying on either branch today is a standing risk.

Mar 19, 20256 min read
Supply Chain

npm Vulnerabilities: Detection, Triage, and Fix Workflow

Known CVEs and hostile packages are two different problems that share one dependency tree. A workflow for detecting npm vulnerabilities, triaging by reachability, and fixing without breaking your lockfile.

Mar 18, 20256 min read
Containers

Docker and Container Security Best Practices: A Combined Checklist

A single, practical checklist covering dockers and containers together — image build, runtime config, and CI gates — instead of treating Docker security and container security as separate problems.

Mar 18, 20255 min read
AppSec

Reading a Scan Report: What Actually Matters

Most scan reports bury the three fields that decide whether a finding needs action today — this is how to read one without drowning in noise.

Mar 18, 20255 min read
AppSec

Application Vulnerability Management: Program Basics

A working definition of application vulnerability management and the five program elements that separate a real practice from a pile of scanner tickets.

Mar 11, 20256 min read
Vulnerabilities

Node.js Vulnerabilities: Tracking and Patching at Scale

How to actually keep up with Node.js vulnerabilities across dozens of services — where advisories come from, what to automate, and what still needs a human.

Feb 19, 20255 min read
Containers

Container Image Vulnerability Scanning in CI

How to wire container image vulnerability scanning into your CI pipeline so builds fail on real risk instead of shipping unscanned images to production.

Feb 18, 20256 min read
Industry Analysis

The Software Composition Analysis Market in 2024: Consolidation and Evolution

The SCA market is maturing fast, with acquisitions, AI-powered analysis, and SBOM mandates reshaping the competitive landscape and what buyers should expect.

Nov 20, 20246 min read
Licensing

The Apache License, Version 2.0: What It Actually Requires

What the Apache License, Version 2.0 actually obligates you to do — attribution, notice files, and the patent grant most summaries skip.

Nov 12, 20245 min read
Concepts

What is a Reachability Analysis in SCA

Reachability analysis checks whether your code actually calls the vulnerable function inside a dependency — the difference between 400 alerts and 12 that matter.

Nov 12, 20246 min read
Product

Reachability Analysis: Cutting Through Vulnerability Noise

Not every vulnerability in your dependencies is exploitable. Safeguard's reachability analysis determines whether vulnerable code paths are actually invoked in your application.

Nov 1, 20246 min read
AppSec

Software Security Testing: A Practitioner's Overview

Software security testing spans static analysis, dynamic testing, dependency scanning, and manual review — a practical map of which method catches what, written for people who actually run these programs.

Sep 30, 20245 min read
sca (Page 26) — Safeguard Blog