Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Vulnerability Analysis

CVE-2023-29331: Remote code execution in .NET via crafted...

CVE-2023-29331 lets a crafted .NET assembly trigger remote code execution during loading. Here's what's affected, the severity context, and how to remediate it.

Sep 18, 20258 min read
Vulnerability Analysis

CVE-2021-43565: Denial of service in golang.org/x/crypto/...

A crafted SSH packet could crash Go services using golang.org/x/crypto/ssh before the December 2021 fix. What's affected, the severity context, and how to remediate.

Sep 16, 20257 min read
Application Security

Inside DeepCode AI: how Snyk Code's ML models are trained...

How Snyk's DeepCode AI turns millions of open-source commit fixes into the symbolic-AI and ML models powering Snyk Code's vulnerability detection and autofixes.

Sep 14, 20258 min read
Application Security

How taint analysis works in Snyk Code: tracking data from...

Snyk Code traces untrusted data from source to sink using interprocedural static analysis and ML ranking. Here's how the taint-tracking mechanics work.

Sep 14, 20258 min read
Application Security

How Snyk Code detects SQL injection vulnerabilities step ...

A mechanical, publicly-documented look at how Snyk Code's symbolic analysis and ML model trace source-to-sink data flow to detect SQL injection vulnerabilities.

Sep 13, 20258 min read
Application Security

How Snyk Code's security rule sets are structured and ver...

A technical look at how Snyk Code structures, scores, and versions its SAST rules — from the DeepCode AI engine to CWE mapping and custom rule bundles.

Sep 12, 20258 min read
Application Security

How Snyk Code scans multi-language monorepos in a single ...

Snyk Code scans multi-language monorepos in a single pass by parsing source files directly into a shared internal representation, no build step required.

Sep 12, 20258 min read
Application Security

What triggers a Snyk Code scan in the IDE: save, open, an...

A mechanical breakdown of when Snyk Code scans fire in the IDE — on open, on save, and on manual command — and how each trigger affects scan scope and speed.

Sep 11, 20258 min read
AI Security

How Snyk Agent Fix's agentic retry loop self-corrects fai...

A technical look at how Snyk's Agent Fix uses a bounded, feedback-driven retry loop to validate and self-correct AI-generated vulnerability fixes before they reach a pull request.

Sep 10, 20258 min read
Concepts

What Is Semantic Versioning?

Semantic versioning encodes the meaning of a release into its version number. Here is how MAJOR.MINOR.PATCH works and why it drives both dependency resolution and security triage.

Sep 9, 20256 min read
Application Security

Why Snyk Agent Fix scopes fixes to a single file, and wha...

Snyk Agent Fix patches one file per finding. Here's why that scope exists, which vulnerability classes need multi-file fixes, and how to catch what a single-file patch leaves behind.

Sep 9, 20257 min read
Application Security

How Snyk Code's duplicate and similar-code detection supp...

Snyk Code once shipped duplicate and similar-code detection under its Code Quality rules. Here's how it worked, and what its 2025 retirement means for teams.

Sep 8, 20257 min read
software-supply-chain (Page 35) — Safeguard Blog