Safeguard
Tag

sca

Safeguard articles tagged "sca" — guides, analysis, and best practices for software supply chain and application security.

345 articles

Tool Comparisons

Snyk vs Sonatype: A Head-to-Head SCA Comparison

We break down the real differences between Snyk and Sonatype for software composition analysis, covering vulnerability detection, developer experience, and pricing.

May 10, 20236 min read
Analysis

Choosing Between SCA Tools in 2023

A no-nonsense comparison of software composition analysis tools to help you pick the right one for your team's needs, budget, and workflow.

Apr 15, 20236 min read
Tool Reviews

Black Duck SCA: The Enterprise Stalwart of Open Source Security

A review of Synopsys Black Duck for software composition analysis, covering its strengths in license compliance, vulnerability detection, and enterprise governance.

Apr 15, 20235 min read
Tool Reviews

FOSSA Review: Open Source License Compliance at Enterprise Scale

A review of FOSSA for open source license compliance and vulnerability management, covering license detection, policy automation, and enterprise integration patterns.

Dec 8, 20226 min read
Software Supply Chain

Dependency Graph Analysis: Finding Hidden Transitive Risks

Your project has 50 direct dependencies. It actually depends on 1,200 packages. Transitive dependency analysis is how you find the risks hiding three layers deep.

Dec 1, 20228 min read
Tool Reviews

Mend.io (WhiteSource): The Renamed SCA Veteran

A review of Mend.io, formerly WhiteSource, covering its SCA capabilities, Renovate integration, automated remediation, and position in the crowded dependency scanning market.

Oct 22, 20225 min read
Vulnerability Analysis

Detecting Log4Shell in Your Software Supply Chain

Log4j isn't just in your code — it's in your vendors' code, your container base images, and your transitive dependencies. Here's how to find it everywhere.

Dec 18, 20216 min read
Tools & Techniques

Software Composition Analysis: The 2021 Buyer's Guide

SCA tools have exploded in number and capability. Here's how to evaluate them without getting lost in vendor marketing.

Nov 20, 20218 min read
DevSecOps

Why Software Bill of Materials Matter

SBOMs are the foundation of software supply chain security. Without knowing what's in your software, you can't secure it. Here's why SBOMs matter and how to get started.

Jul 25, 20216 min read
sca (Page 29) — Safeguard Blog