Safeguard
Tag

snyk

Safeguard articles tagged "snyk" — guides, analysis, and best practices for software supply chain and application security.

81 articles

Open Source Security

How Snyk identifies dependency confusion attacks in priva...

A technical look at how Snyk detects dependency confusion attacks — from vulnerability database malicious-package flags to registry scoping and Advisor scoring.

Aug 25, 20257 min read
Compliance

How Snyk's open-source license compliance engine classifi...

How Snyk's license compliance engine groups open-source licenses and maps them to low, medium, high, and critical severity levels.

Aug 25, 20257 min read
Open Source Security

How Snyk's default license policy is structured and how t...

How Snyk structures its default license policy—severity tiers, unknown-license handling, and PR enforcement—and the concrete steps to customize it for your org.

Aug 24, 20257 min read
Open Source Security

How Snyk keeps its license classifications aligned with t...

How Snyk detects, normalizes, and categorizes open source license metadata against the SPDX License List to power its license compliance policies.

Aug 24, 20257 min read
Open Source Security

How Snyk detects deprecated or unmaintained packages befo...

A look at how Snyk Advisor scores package maintenance health and surfaces deprecated or abandoned dependencies before they turn into security incidents.

Aug 24, 20257 min read
Open Source Security

How Snyk scans NuGet and .NET project files for vulnerabl...

How Snyk resolves NuGet and .NET dependency graphs from csproj, packages.config, and project.assets.json files to find vulnerable packages.

Aug 24, 20257 min read
Open Source Security

How Snyk scans Composer/PHP and RubyGems dependency manif...

A technical look at how Snyk parses composer.json/composer.lock and Gemfile/Gemfile.lock to build dependency trees and match PHP and Ruby packages against known vulnerabilities.

Aug 23, 20256 min read
Open Source Security

How Snyk's exploit maturity rating is researched and assi...

A look at how Snyk researches and assigns exploit maturity ratings — the categories, the manual research process, and how the label shapes vulnerability prioritization.

Aug 23, 20257 min read
Open Source Security

How Snyk handles vulnerability remediation for indirect (...

How does Snyk fix vulnerabilities buried in transitive dependencies you never directly installed? A look at dependency graphs, upgrade paths, and pinning.

Aug 23, 20256 min read
Open Source Security

How Snyk's .snyk file structures ignore rules with expiry...

How Snyk's .snyk file encodes vulnerability ignore rules using reason and expiry date fields, and what happens in CI once an exception lapses.

Aug 23, 20257 min read
Open Source Security

How the --policy-path option centralizes ignore rules acr...

A technical look at how Snyk's --policy-path flag lets teams share one .snyk ignore file across repos instead of duplicating exceptions everywhere.

Aug 22, 20256 min read
Open Source Security

How Snyk continuously monitors production dependencies fo...

A technical walkthrough of how Snyk's continuous monitoring uses dependency snapshots, vuln-DB updates, and priority scoring to flag newly disclosed CVEs in production.

Aug 22, 20257 min read
snyk (Page 5) — Safeguard Blog