Safeguard
Tag

sca

Safeguard articles tagged "sca" — guides, analysis, and best practices for software supply chain and application security.

345 articles

SBOM & Compliance

Mend vs Black Duck: Functional Comparison

Compare Mend (formerly WhiteSource) and Black Duck on SBOM export, license policy, detection sources, deployment model, and enterprise reporting for 2024 SCA selection.

Apr 3, 20245 min read
Vulnerabilities

Spring4Shell: What Shipped and How to Patch It

What the Spring4Shell vulnerability actually was, which configurations were exposed, and the concrete patch and mitigation steps that closed it.

Apr 2, 20245 min read
DevSecOps

GitHub Advanced Security vs Alternatives, Early 2024

GitHub Advanced Security anchors many AppSec programs in 2024, but Snyk, Semgrep, Endor, and others are credible alternatives. Here is an honest comparison.

Mar 25, 20246 min read
Licensing

GitHub Licenses: Choosing One for Your Repo

A practical walkthrough of the license options GitHub surfaces when you create a repo, and how to pick one that matches what you actually want people to do with your code.

Mar 14, 20246 min read
Tool Reviews

Endor Labs SCA Review: Reachability Analysis Changes the Game

A review of Endor Labs and its reachability-based approach to software composition analysis, examining how call graph analysis reduces vulnerability noise.

Mar 12, 20246 min read
Vulnerabilities

jQuery 1.10.2 Vulnerabilities: Should You Still Worry?

jQuery 1.10.2, released in 2013, predates the fixes for three well-documented CVEs — CVE-2015-9251, CVE-2019-11358, and CVE-2020-11022/11023 — which means yes, it's genuinely still worth worrying about.

Feb 20, 20246 min read
Tool Reviews

Veracode SCA: Mature Application Security Meets Dependency Scanning

An overview of Veracode's SCA capabilities within their broader application security platform, covering vulnerability prioritization, agent-based scanning, and enterprise features.

Jan 18, 20245 min read
Security Strategy

Open Source vs Commercial SCA Tools: An Honest Comparison

Free SCA tools have gotten remarkably good. Commercial tools still offer advantages. Here is when each makes sense for your organization.

Oct 8, 20234 min read
Tool Reviews

Checkmarx SCA: Application Security from a SAST Pioneer

A review of Checkmarx SCA covering its integration with the broader Checkmarx AST platform, vulnerability detection, and exploitability analysis capabilities.

Sep 28, 20235 min read
Open Source Security

Dependabot Security Updates: Behavior Deep Dive

A hands-on look at how Dependabot security updates behave in 2023 - PR grouping, semver strategy, transitive coverage, and alternatives when it misses a fix.

Sep 12, 20235 min read
DevSecOps

Snyk vs Dependabot: A Head-to-Head Comparison

Evaluate Snyk and Dependabot on vulnerability detection, ecosystem coverage, CI integration, pricing, and remediation to pick the right SCA tool for your team.

Jun 14, 20235 min read
Security Strategy

Vendor Lock-In in Security Tooling: The Hidden Cost of Integration

Deep integration with a security vendor creates efficiency but also dependency. Here is how to evaluate lock-in risk in your security tooling decisions.

Jun 8, 20234 min read
sca (Page 28) — Safeguard Blog