Safeguard
Tag

sca

Safeguard articles tagged "sca" — guides, analysis, and best practices for software supply chain and application security.

345 articles

Licensing

The MIT License, Meaning in Plain English

The MIT license meaning, stripped of legalese: do almost anything you want with the code, keep the copyright notice, and the author owes you nothing if it breaks.

Aug 30, 20245 min read
Vulnerabilities

The Moq Vulnerability: What Happened and What to Do

The Moq incident wasn't a classic CVE — it was a popular .NET mocking library quietly bundling a data-collection dependency in a routine version bump, and it's a case study in why supply-chain monitoring has to watch behavior, not just version numbers.

Aug 15, 20245 min read
Vulnerabilities

CVE-2020-15250: The JUnit Temp File Vulnerability

CVE-2020-15250 shows how a test-only utility class in JUnit 4 created world-readable temp files on Unix systems, and why it still shows up in scans of projects that never touched production code paths.

Aug 6, 20244 min read
Comparisons

SCA vs SAST vs DAST: Which Do You Actually Need First

Three scanner acronyms, one budget. A spec-level comparison of SCA, SAST, and DAST — what each catches, what each costs to run, and the order that pays off fastest.

Jul 2, 20246 min read
Product

Safeguard SCA: Vulnerability Scanning Built for the Supply Chain

Safeguard SCA goes beyond basic CVE matching with multi-source intelligence, version-range precision, and exploitability context that cuts through vulnerability noise.

Jul 1, 20247 min read
Vulnerabilities

CVE-2021-29425: The Commons IO Path Traversal Bug

CVE-2021-29425 shows how a single unhandled case in Apache Commons IO's path normalization let attackers slip past directory checks that assumed a canonicalized path was actually safe.

Jun 17, 20244 min read
Licensing

Open Source Licenses Explained: A Practical Primer

Open source licenses explained for engineers who need to make a compliance call today, not read a legal treatise — permissive, copyleft, and what actually changes your obligations.

Jun 17, 20245 min read
Vulnerabilities

CVE-2019-8331: The Bootstrap XSS Vulnerability, Explained

CVE-2019-8331 let attackers inject script through Bootstrap's tooltip and popover template options, a pattern that recurred across several Bootstrap CVEs before 4.3.1 finally closed it.

May 21, 20244 min read
Open Source Security

.NET Supply Chain Audit Patterns

Auditing a .NET supply chain is a different exercise than auditing a JavaScript one, and the patterns that actually find problems are specific to how the ecosystem works.

May 18, 20246 min read
Vulnerabilities

CVE-2017-18214: Why an Old CVE Still Shows Up in Scans

CVE-2017-18214 is a ReDoS bug in Moment.js patched back in 2017, yet it keeps surfacing in scans years later because bundled copies and stale lockfiles never got the memo.

Apr 9, 20244 min read
Licensing

Open Source License Types: A Quick Guide for Engineers

Open source license types split into permissive and copyleft, and knowing which one a dependency uses can matter as much as knowing whether it has a CVE.

Apr 9, 20246 min read
Industry Guides

Enterprise SCA Tool Evaluation Framework

Choosing a software composition analysis tool for the enterprise? Here's a structured evaluation framework covering what actually matters.

Apr 5, 20248 min read
sca (Page 27) — Safeguard Blog