Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Open Source Security

How Snyk AI-BOM's --html flag visualizes AI dependency an...

How Snyk's snyk aibom --html flag turns CycloneDX AI-BOM data into an interactive graph of models, agents, tools, and MCP client-server-tool dependency chains.

Aug 20, 20257 min read
Open Source Security

How Snyk detects AI/ML-specific libraries during standard...

Snyk's standard SCA treats AI/ML packages like any other dependency, while a separate AI-BOM tool adds static analysis to detect models, agents, and MCP connections.

Aug 19, 20257 min read
Product

How the Snyk Language Server powers IDE plugins across VS...

A technical look at how Snyk's Go-based Language Server uses LSP and a delegating scanner pattern to power VS Code, JetBrains, and Eclipse plugins from one binary.

Aug 18, 20257 min read
DevSecOps

How Snyk CLI's --severity-threshold and --fail-on flags g...

How Snyk CLI severity-threshold and fail-on flags filter and gate vulnerability findings, plus exit codes and common CI/CD misconfigurations.

Aug 17, 20257 min read
Industry Analysis

How the Snyk CLI's JSON output format supports custom too...

A technical look at how Snyk CLI's --json and --sarif output structure vulnerability data, its exit-code quirks, and the official tools that turn it into reports.

Aug 17, 20257 min read
Industry Analysis

How snyk-to-html converts CLI scan results into shareable...

A technical look at how snyk-to-html converts Snyk CLI JSON scan output into shareable, self-contained HTML reports for CI pipelines and audits.

Aug 17, 20258 min read
Product

How the Snyk CLI generates SARIF output for GitHub code s...

A technical walkthrough of how the Snyk CLI serializes scan results into SARIF 2.1.0 and how GitHub code scanning ingests them into Security tab alerts.

Aug 16, 20257 min read
DevSecOps

How Snyk's GitLab CI/CD template integrates security gate...

A technical look at how Snyk's GitLab CI/CD template authenticates, scans, and uses severity thresholds to block merge requests with known vulnerabilities.

Aug 16, 20257 min read
Product

How Snyk integrates with Jenkins to fail builds on new vu...

A mechanical look at how the Snyk Jenkins plugin scans manifests, applies severity thresholds, and turns newly disclosed vulnerabilities into failed builds.

Aug 16, 20257 min read
Product

How the Snyk CLI handles proxy and air-gapped enterprise ...

How the Snyk CLI actually handles corporate proxies, TLS-inspecting firewalls, and air-gapped network claims — based on Snyk's own documented configuration surface.

Aug 15, 20257 min read
Product

How Snyk's --project-tags and business-criticality flags ...

How Snyk CLI's --project-tags and --project-business-criticality flags attach business context to scans, and why that context can drift out of date.

Aug 14, 20257 min read
Open Source Security

Why Transitive Dependencies Are the Blind Spot in Most Vu...

Most vulnerability scans stop at direct dependencies, missing the 70-80% of your codebase that arrives transitively — where Log4Shell and other major CVEs actually hid.

Aug 13, 20257 min read
software-supply-chain (Page 38) — Safeguard Blog