software-supply-chain
Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
526 articles
How Snyk AI-BOM's --html flag visualizes AI dependency an...
How Snyk's snyk aibom --html flag turns CycloneDX AI-BOM data into an interactive graph of models, agents, tools, and MCP client-server-tool dependency chains.
How Snyk detects AI/ML-specific libraries during standard...
Snyk's standard SCA treats AI/ML packages like any other dependency, while a separate AI-BOM tool adds static analysis to detect models, agents, and MCP connections.
How the Snyk Language Server powers IDE plugins across VS...
A technical look at how Snyk's Go-based Language Server uses LSP and a delegating scanner pattern to power VS Code, JetBrains, and Eclipse plugins from one binary.
How Snyk CLI's --severity-threshold and --fail-on flags g...
How Snyk CLI severity-threshold and fail-on flags filter and gate vulnerability findings, plus exit codes and common CI/CD misconfigurations.
How the Snyk CLI's JSON output format supports custom too...
A technical look at how Snyk CLI's --json and --sarif output structure vulnerability data, its exit-code quirks, and the official tools that turn it into reports.
How snyk-to-html converts CLI scan results into shareable...
A technical look at how snyk-to-html converts Snyk CLI JSON scan output into shareable, self-contained HTML reports for CI pipelines and audits.
How the Snyk CLI generates SARIF output for GitHub code s...
A technical walkthrough of how the Snyk CLI serializes scan results into SARIF 2.1.0 and how GitHub code scanning ingests them into Security tab alerts.
How Snyk's GitLab CI/CD template integrates security gate...
A technical look at how Snyk's GitLab CI/CD template authenticates, scans, and uses severity thresholds to block merge requests with known vulnerabilities.
How Snyk integrates with Jenkins to fail builds on new vu...
A mechanical look at how the Snyk Jenkins plugin scans manifests, applies severity thresholds, and turns newly disclosed vulnerabilities into failed builds.
How the Snyk CLI handles proxy and air-gapped enterprise ...
How the Snyk CLI actually handles corporate proxies, TLS-inspecting firewalls, and air-gapped network claims — based on Snyk's own documented configuration surface.
How Snyk's --project-tags and business-criticality flags ...
How Snyk CLI's --project-tags and --project-business-criticality flags attach business context to scans, and why that context can drift out of date.
Why Transitive Dependencies Are the Blind Spot in Most Vu...
Most vulnerability scans stop at direct dependencies, missing the 70-80% of your codebase that arrives transitively — where Log4Shell and other major CVEs actually hid.