Safeguard
Tag

software-composition-analysis

Safeguard articles tagged "software-composition-analysis" — guides, analysis, and best practices for software supply chain and application security.

82 articles

Open Source Security

How Snyk handles Python dependency resolution across pip,...

How Snyk resolves Python dependency trees differently for pip, Poetry, and Pipenv, and what that means for vulnerability scan accuracy.

Aug 29, 20257 min read
Open Source Security

How Snyk Open Source scans Go modules and resolves the Go...

How Snyk Open Source reads go.mod/go.sum, builds the Go module dependency graph, and uses Minimal Version Selection to identify vulnerable versions.

Aug 29, 20257 min read
Open Source Security

How snyk monitor creates and tracks a point-in-time proje...

A technical walkthrough of how `snyk monitor` builds a dependency snapshot, stores it as a Project, and re-checks it against new CVEs after the fact.

Aug 27, 20257 min read
Open Source Security

How Snyk calculates direct versus transitive dependency v...

Snyk splits vulnerability exposure into direct and transitive dependencies using lockfile graphs, CVE version-range matching, and path-level reachability analysis.

Aug 27, 20257 min read
Open Source Security

How Snyk's reachability analysis determines whether vulne...

A technical walkthrough of how Snyk's reachability analysis builds static call graphs to determine whether vulnerable dependency functions are actually invoked by your code.

Aug 26, 20257 min read
Open Source Security

How reachability analysis coverage differs across Java, J...

Snyk's reachability analysis works differently across Java, JavaScript, and Python — here's why static, typed Java gets deeper coverage than dynamic Python and JS call graphs.

Aug 26, 20257 min read
Open Source Security

How Snyk's default license policy is structured and how t...

How Snyk structures its default license policy—severity tiers, unknown-license handling, and PR enforcement—and the concrete steps to customize it for your org.

Aug 24, 20257 min read
Open Source Security

How Snyk's CLI test command differs technically from the ...

A technical breakdown of how Snyk's snyk test and snyk monitor commands differ mechanically — exit codes, dependency snapshots, and continuous vulnerability tracking.

Aug 22, 20257 min read
Open Source Security

How Snyk's Eclipse plugin integrates open source and code...

A mechanical look at how Snyk's Eclipse plugin surfaces open source and code scan findings as native markers in the IDE's Problems view.

Aug 18, 20257 min read
Product

How Snyk's Visual Studio extension scans .NET solutions f...

How Snyk's Visual Studio extension resolves .NET dependency trees, matches NuGet packages against its vulnerability database, and surfaces results in-editor.

Aug 18, 20258 min read
SBOM

Binary SBOM Analysis: Creating Software Bills of Materials Without Source Code

Not all software comes with source code. Binary analysis techniques can extract component information from compiled artifacts, firmware, and commercial software to produce SBOMs where traditional tools cannot.

Aug 8, 20257 min read
Supply Chain

SCA Security Testing: A Workflow Guide

SCA security testing only works when it's wired into an actual development workflow — here's what that pipeline looks like from commit to merge to production monitoring.

Jul 21, 20255 min read
software-composition-analysis (Page 6) — Safeguard Blog