Safeguard
Tag

software-composition-analysis

Safeguard articles tagged "software-composition-analysis" — guides, analysis, and best practices for software supply chain and application security.

82 articles

Regulatory Compliance

HIPAA compliance and software composition analysis for he...

HIPAA doesn't name software composition analysis, but auditors increasingly expect it. Here's how healthcare teams use SCA to manage third-party risk and protect ePHI.

Jan 2, 20267 min read
Industry Analysis

Third-party risk management for telehealth platforms

A six-step playbook for telehealth vendor risk management: inventory PHI flows, tier HIPAA business associate risk, run SCA on vendor SDKs, and monitor continuously.

Jan 1, 20268 min read
Buyer's Guides

Buyer's guide: selecting an SBOM tool for medical device ...

A buyer's guide comparing SBOM and SCA tools for medical device makers navigating FDA cybersecurity requirements, with honest vendor strengths and limitations.

Jan 1, 20268 min read
Regulatory Compliance

NIST 800-171 and software composition analysis for defens...

How NIST 800-171 software composition analysis, DFARS 252.204-7012, and CMMC 2.0 reshape open-source risk management for defense contractors protecting CUI.

Dec 27, 20257 min read
Vulnerability Analysis

Log4j SocketServer unsafe deserialization (CVE-2019-17571)

A deep dive into CVE-2019-17571, the Log4j 1.x SocketServer deserialization flaw enabling remote code execution, with remediation guidance.

Dec 25, 20257 min read
Vulnerability Analysis

dom4j XML external entity vulnerability (CVE-2018-1000632)

CVE-2018-1000632, the dom4j XXE vulnerability, let attackers inject and tamper with XML via unescaped addElement/addAttribute calls. Here's the fix.

Dec 24, 20258 min read
Open Source Security

CocoaPods Orphaned Pod Takeover Vulnerability (CVE-2024-3...

CVE-2024-38368 let attackers claim orphaned CocoaPods and push malicious code into any iOS or macOS app still depending on them. Here is what to check.

Nov 29, 20258 min read
Open Source Security

Apache Maven's Insecure HTTP Repository Resolution Enabli...

CVE-2021-26291 shows how Apache Maven resolved dependencies over plain HTTP, letting a MITM attacker swap in malicious artifacts during the build.

Nov 28, 20258 min read
Buyer's Guides

Best open source software composition analysis (SCA) tools

A practical comparison of the best open source SCA tools — vulnerability coverage, license scanning, and CI/CD fit — with honest strengths and limitations for each.

Nov 17, 20258 min read
Vulnerability Analysis

CVE-2020-7729: Command injection in node-notifier

CVE-2020-7729 lets attacker-influenced input reach node-notifier's OS notifier calls, enabling command injection. Here's the impact, timeline, and fix.

Oct 14, 20257 min read
Open Source Security

How Snyk Container detects application-level dependencies...

A mechanical look at how Snyk Container scans image filesystems to detect npm, pip, Maven, and other application dependencies bundled inside containers.

Sep 6, 20257 min read
Open Source Security

How Snyk Open Source builds a full dependency tree from p...

How Snyk Open Source turns package-lock.json and yarn.lock files into a full dependency graph to power vulnerability matching and fix advice.

Aug 30, 20258 min read
software-composition-analysis (Page 5) — Safeguard Blog