Safeguard
Tag

snyk

Safeguard articles tagged "snyk" — guides, analysis, and best practices for software supply chain and application security.

81 articles

Container Security

How Snyk Container's registry integrations authenticate a...

A technical walkthrough of how Snyk Container authenticates and pulls images from ECR, ACR, GCR, and Artifactory using IAM roles, service principals, and tokens.

Sep 5, 20257 min read
Container Security

How Snyk Container's automatic base image remediation PRs...

How Snyk Container's automatic base image remediation PRs pick replacement tags, what triggers them, and what they actually change in a Dockerfile.

Sep 4, 20256 min read
Container Security

How image digest pinning strengthens container supply cha...

How SHA-256 image digests, unlike mutable tags, anchor Snyk container scans to the exact artifact that ships—and why that distinction matters for supply chain integrity.

Sep 4, 20257 min read
Container Security

How Snyk Container's exclude and allow policies reduce no...

Snyk Container's exclude and allow policies scope ignore rules to specific paths and layers, filtering base-image noise without hiding real application risk.

Sep 3, 20257 min read
Cloud Security

How Snyk IaC's static analysis engine parses Terraform HC...

A technical walkthrough of how Snyk IaC parses Terraform HCL into JSON, evaluates it with OPA/Rego policies, and maps violations back to source lines.

Sep 3, 20257 min read
Cloud Security

How Snyk IaC's 400+ rule library maps to CIS benchmarks a...

How Snyk IaC's 400+ rules trace to numbered CIS AWS, Azure, GCP, and Kubernetes benchmark controls — and where benchmark-mapped scanning stops short.

Sep 3, 20258 min read
Cloud Security

How Snyk IaC scans a Terraform Plan JSON file to catch dr...

How Snyk IaC parses Terraform plan JSON's resource_changes to catch drift and misconfigurations before terraform apply — the mechanics, limits, and what it can't see.

Sep 2, 20257 min read
Cloud Security

How Snyk IaC's custom rule SDK structures resource-attrib...

A technical look at how Snyk IaC's Rego-based SDK normalizes Terraform, CloudFormation, Kubernetes, and ARM into one resource-attribute query model.

Sep 1, 20256 min read
Cloud Security

How Snyk IaC handles Terraform modules and remote module ...

How Snyk IaC statically parses Terraform, resolves local modules inline, and why remote Registry or Git modules stay unexpanded until a Terraform plan is scanned.

Aug 31, 20257 min read
Open Source Security

How Snyk Open Source builds a full dependency tree from p...

How Snyk Open Source turns package-lock.json and yarn.lock files into a full dependency graph to power vulnerability matching and fix advice.

Aug 30, 20258 min read
Open Source Security

How Snyk parses npm, yarn, and pnpm lockfiles differently...

How Snyk resolves exact package versions from npm, Yarn, and pnpm lockfiles — and why each format's structure demands its own parsing logic.

Aug 30, 20257 min read
Open Source Security

How Snyk resolves Maven and Gradle dependency graphs incl...

Snyk doesn't parse pom.xml or build.gradle statically -- it invokes real Maven and Gradle tooling to compute the exact dependency graph your build produces.

Aug 30, 20257 min read
snyk (Page 3) — Safeguard Blog