snyk
Safeguard articles tagged "snyk" — guides, analysis, and best practices for software supply chain and application security.
81 articles
How Snyk Container's registry integrations authenticate a...
A technical walkthrough of how Snyk Container authenticates and pulls images from ECR, ACR, GCR, and Artifactory using IAM roles, service principals, and tokens.
How Snyk Container's automatic base image remediation PRs...
How Snyk Container's automatic base image remediation PRs pick replacement tags, what triggers them, and what they actually change in a Dockerfile.
How image digest pinning strengthens container supply cha...
How SHA-256 image digests, unlike mutable tags, anchor Snyk container scans to the exact artifact that ships—and why that distinction matters for supply chain integrity.
How Snyk Container's exclude and allow policies reduce no...
Snyk Container's exclude and allow policies scope ignore rules to specific paths and layers, filtering base-image noise without hiding real application risk.
How Snyk IaC's static analysis engine parses Terraform HC...
A technical walkthrough of how Snyk IaC parses Terraform HCL into JSON, evaluates it with OPA/Rego policies, and maps violations back to source lines.
How Snyk IaC's 400+ rule library maps to CIS benchmarks a...
How Snyk IaC's 400+ rules trace to numbered CIS AWS, Azure, GCP, and Kubernetes benchmark controls — and where benchmark-mapped scanning stops short.
How Snyk IaC scans a Terraform Plan JSON file to catch dr...
How Snyk IaC parses Terraform plan JSON's resource_changes to catch drift and misconfigurations before terraform apply — the mechanics, limits, and what it can't see.
How Snyk IaC's custom rule SDK structures resource-attrib...
A technical look at how Snyk IaC's Rego-based SDK normalizes Terraform, CloudFormation, Kubernetes, and ARM into one resource-attribute query model.
How Snyk IaC handles Terraform modules and remote module ...
How Snyk IaC statically parses Terraform, resolves local modules inline, and why remote Registry or Git modules stay unexpanded until a Terraform plan is scanned.
How Snyk Open Source builds a full dependency tree from p...
How Snyk Open Source turns package-lock.json and yarn.lock files into a full dependency graph to power vulnerability matching and fix advice.
How Snyk parses npm, yarn, and pnpm lockfiles differently...
How Snyk resolves exact package versions from npm, Yarn, and pnpm lockfiles — and why each format's structure demands its own parsing logic.
How Snyk resolves Maven and Gradle dependency graphs incl...
Snyk doesn't parse pom.xml or build.gradle statically -- it invokes real Maven and Gradle tooling to compute the exact dependency graph your build produces.