Safeguard
Tag

software-composition-analysis

Safeguard articles tagged "software-composition-analysis" — guides, analysis, and best practices for software supply chain and application security.

82 articles

Compliance

Open source license risk in M&A due diligence

Open source license conflicts hide in most acquisition targets' codebases. Here's why manifest-based SCA tools like Mend.io miss them in M&A diligence — and what a real audit needs.

May 22, 20268 min read
Comparisons

Snyk Open Source vs Safeguard SCA

Two developer-first SCA tools, one honest comparison: vulnerability data, fix automation, noise levels, pricing models, and where each one actually fits.

May 19, 20265 min read
Supply Chain

Axios npm Vulnerabilities: The Full CVE History and Patch Guide

Every notable axios npm vulnerability, from the 2019 DoS to the 2025 SSRF, with the fixed versions and a patch path that also catches the transitive ones.

May 19, 20266 min read
Buyer's Guides

Endor Labs vs Safeguard: Reachability-Based SCA Compared

How Endor Labs and Safeguard both use reachability analysis to cut SCA noise, and where their scope and approach to supply chain security diverge.

May 19, 20268 min read
Industry Analysis

Reachability Analysis Explained: Function-Level vs Packag...

Package-level reachability flags 60% of CVEs as "reachable." Function-level analysis, tracing real call paths, cuts that to under 10%. Here's the difference.

May 18, 20267 min read
Vulnerability Management

Automated Dependency Patches: How Endor-Style Patch Gener...

Endor Labs generates automated dependency patches using reachability and AI rewrites. Here's how the pipeline works, where it breaks, and Safeguard's approach.

May 16, 20267 min read
Buyer's Guides

Aikido vs Socket: supply chain security comparison

Aikido bundles SAST/DAST/SCA into one ASPM platform; Socket digs into package behavior. Here's where Safeguard's provenance-first approach fits between them.

May 6, 20267 min read
Vulnerability Analysis

jQuery prototype pollution vulnerability re-emerges

jQuery's prototype pollution flaw (CVE-2019-11358) keeps surfacing in 2026 dependency scans. Here's why it persists and how to remediate it.

May 2, 20268 min read
Industry Analysis

Open source dependency vulnerability scanning explained

How open source vulnerability scanning works, why false positives plague tools like Aikido, and how reachability and SBOMs cut real triage time.

Apr 30, 20267 min read
Open Source Security

Software Composition Analysis (SCA)

SCA finds every open source package in your code and flags known CVEs against it. Here's how it works, its blind spots, and how to fix them.

Apr 15, 20266 min read
Application Security

SAST vs SCA Testing

SAST scans the code you wrote; SCA scans the code you imported. Here's the real difference, with Equifax, Log4Shell, and xz as case studies.

Apr 14, 20267 min read
Software Supply Chain Security

SCA vs SBOM: What's the Difference

SCA and SBOM aren't the same thing: one is a scanning process, the other is a compliance artifact. Here's how they differ and why you need both.

Apr 14, 20267 min read
software-composition-analysis (Page 3) — Safeguard Blog