software-supply-chain
Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
526 articles
CVE-2023-29331: Remote code execution in .NET via crafted...
CVE-2023-29331 lets a crafted .NET assembly trigger remote code execution during loading. Here's what's affected, the severity context, and how to remediate it.
CVE-2021-43565: Denial of service in golang.org/x/crypto/...
A crafted SSH packet could crash Go services using golang.org/x/crypto/ssh before the December 2021 fix. What's affected, the severity context, and how to remediate.
Inside DeepCode AI: how Snyk Code's ML models are trained...
How Snyk's DeepCode AI turns millions of open-source commit fixes into the symbolic-AI and ML models powering Snyk Code's vulnerability detection and autofixes.
How taint analysis works in Snyk Code: tracking data from...
Snyk Code traces untrusted data from source to sink using interprocedural static analysis and ML ranking. Here's how the taint-tracking mechanics work.
How Snyk Code detects SQL injection vulnerabilities step ...
A mechanical, publicly-documented look at how Snyk Code's symbolic analysis and ML model trace source-to-sink data flow to detect SQL injection vulnerabilities.
How Snyk Code's security rule sets are structured and ver...
A technical look at how Snyk Code structures, scores, and versions its SAST rules — from the DeepCode AI engine to CWE mapping and custom rule bundles.
How Snyk Code scans multi-language monorepos in a single ...
Snyk Code scans multi-language monorepos in a single pass by parsing source files directly into a shared internal representation, no build step required.
What triggers a Snyk Code scan in the IDE: save, open, an...
A mechanical breakdown of when Snyk Code scans fire in the IDE — on open, on save, and on manual command — and how each trigger affects scan scope and speed.
How Snyk Agent Fix's agentic retry loop self-corrects fai...
A technical look at how Snyk's Agent Fix uses a bounded, feedback-driven retry loop to validate and self-correct AI-generated vulnerability fixes before they reach a pull request.
What Is Semantic Versioning?
Semantic versioning encodes the meaning of a release into its version number. Here is how MAJOR.MINOR.PATCH works and why it drives both dependency resolution and security triage.
Why Snyk Agent Fix scopes fixes to a single file, and wha...
Snyk Agent Fix patches one file per finding. Here's why that scope exists, which vulnerability classes need multi-file fixes, and how to catch what a single-file patch leaves behind.
How Snyk Code's duplicate and similar-code detection supp...
Snyk Code once shipped duplicate and similar-code detection under its Code Quality rules. Here's how it worked, and what its 2025 retirement means for teams.