Safeguard
Tag

sca

Safeguard articles tagged "sca" — guides, analysis, and best practices for software supply chain and application security.

345 articles

Supply Chain Security

A vendor-neutral framework for software supply chain security tools

Supply chain tooling splits into four distinct categories with different failure modes — the xz-utils backdoor slipped past most of them for over two years.

Jul 8, 20266 min read
FAQ

Affordable SCA Tool FAQ: Real Software Composition Analysis for $1

How to get affordable software composition analysis in 2026 — what SCA should cost, why free scanners aren't really free, and how Safeguard's $1 Starter plan delivers real SCA.

Jul 7, 20266 min read
Security Guides

Axios Security Guide (2026)

Axios is the most popular HTTP client in the JavaScript ecosystem — and its SSRF and credential-leak CVEs make its version and configuration security-relevant. Here is how to run it safely.

Jul 7, 20266 min read
Buyer's Guides

The Best Open Source Security Tools in 2026

You can build a capable security program from free tools. This balanced guide compares Trivy, Grype and Syft, OSV-Scanner, OWASP Dependency-Check, and Dependency-Track — and is honest about when a commercial platform earns its cost.

Jul 7, 20266 min read
Tutorials

How to Choose a Security Scanner

There are dozens of security scanners and the marketing all sounds the same. This beginner guide gives you a simple, hands-on way to pick the right one.

Jul 7, 20267 min read
Tutorials

How to Remediate Transitive Dependency Vulnerabilities

Fix vulnerabilities in the nested packages you never installed directly — trace the import chain, choose between upgrading the parent or overriding the child, and verify the fix without breaking builds.

Jul 7, 20265 min read
Buyer's Guides

JFrog Xray Alternatives in 2026: An Honest Buyer's Guide

A balanced comparison of the top JFrog Xray alternatives in 2026 — Snyk, Sonatype, Mend, Trivy, Anchore, and Safeguard — with candid pros, cons, and a way to choose.

Jul 7, 20266 min read
FAQ

Securing AI-Generated Code FAQ: What Breaks and How to Fix It in 2026

Practical answers on securing AI-generated code — the vulnerability patterns models produce, why volume defeats manual review, hallucinated dependencies, and how Safeguard scans and auto-fixes at merge time.

Jul 7, 20265 min read
Buyer's Guides

Source Code Analysis Explained: A Practical 2026 Guide

What source code analysis actually is in 2026 — the categories, the real tools, how it relates to SCA and reachability, and where Safeguard fits — explained honestly and without hype.

Jul 7, 20267 min read
Security Guides

tar (node-tar) Security Guide (2026)

node-tar is the archive engine underneath npm install itself — and a cluster of path-traversal and symlink CVEs made 'just extracting a tarball' one of the more dangerous operations in the Node.js ecosystem.

Jul 7, 20266 min read
Concepts

What Is Reachability Analysis in Security?

Reachability analysis determines whether a vulnerable piece of code can actually be executed from your application — cutting through the noise of vulnerabilities that exist but can never be triggered. Here's how it slashes false positives.

Jul 7, 20267 min read
Application Security

Apache Struts and the recurring pattern of path-traversal and RCE bugs

Equifax lost data on 147 million people to one unpatched Struts CVE in 2017 — and the same class of bug resurfaced in Struts as recently as December 2023.

Jul 7, 20266 min read
sca (Page 5) — Safeguard Blog