sca
Safeguard articles tagged "sca" — guides, analysis, and best practices for software supply chain and application security.
345 articles
PHP 7.3 to 7.4 Version Vulnerabilities: A Security Changelog
PHP 7.4 vulnerabilities span years of unsupported point releases; here is what changed security-wise across the 7.3 and 7.4 lines and why staying on either branch today is a standing risk.
npm Vulnerabilities: Detection, Triage, and Fix Workflow
Known CVEs and hostile packages are two different problems that share one dependency tree. A workflow for detecting npm vulnerabilities, triaging by reachability, and fixing without breaking your lockfile.
Docker and Container Security Best Practices: A Combined Checklist
A single, practical checklist covering dockers and containers together — image build, runtime config, and CI gates — instead of treating Docker security and container security as separate problems.
Reading a Scan Report: What Actually Matters
Most scan reports bury the three fields that decide whether a finding needs action today — this is how to read one without drowning in noise.
Application Vulnerability Management: Program Basics
A working definition of application vulnerability management and the five program elements that separate a real practice from a pile of scanner tickets.
Node.js Vulnerabilities: Tracking and Patching at Scale
How to actually keep up with Node.js vulnerabilities across dozens of services — where advisories come from, what to automate, and what still needs a human.
Container Image Vulnerability Scanning in CI
How to wire container image vulnerability scanning into your CI pipeline so builds fail on real risk instead of shipping unscanned images to production.
The Software Composition Analysis Market in 2024: Consolidation and Evolution
The SCA market is maturing fast, with acquisitions, AI-powered analysis, and SBOM mandates reshaping the competitive landscape and what buyers should expect.
The Apache License, Version 2.0: What It Actually Requires
What the Apache License, Version 2.0 actually obligates you to do — attribution, notice files, and the patent grant most summaries skip.
What is a Reachability Analysis in SCA
Reachability analysis checks whether your code actually calls the vulnerable function inside a dependency — the difference between 400 alerts and 12 that matter.
Reachability Analysis: Cutting Through Vulnerability Noise
Not every vulnerability in your dependencies is exploitable. Safeguard's reachability analysis determines whether vulnerable code paths are actually invoked in your application.
Software Security Testing: A Practitioner's Overview
Software security testing spans static analysis, dynamic testing, dependency scanning, and manual review — a practical map of which method catches what, written for people who actually run these programs.