Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Container Security

How Snyk Container handles multi-stage Docker builds duri...

How Snyk Container identifies base images, attributes vulnerabilities to Dockerfile instructions, and scopes scans across multi-stage Docker builds.

Sep 6, 20257 min read
Container Security

How Snyk Container's registry integrations authenticate a...

A technical walkthrough of how Snyk Container authenticates and pulls images from ECR, ACR, GCR, and Artifactory using IAM roles, service principals, and tokens.

Sep 5, 20257 min read
Container Security

How Snyk Container's automatic base image remediation PRs...

How Snyk Container's automatic base image remediation PRs pick replacement tags, what triggers them, and what they actually change in a Dockerfile.

Sep 4, 20256 min read
Container Security

How image digest pinning strengthens container supply cha...

How SHA-256 image digests, unlike mutable tags, anchor Snyk container scans to the exact artifact that ships—and why that distinction matters for supply chain integrity.

Sep 4, 20257 min read
Cloud Security

How Snyk IaC's severity scoring weighs the exploitability...

A mechanical look at how Snyk IaC assigns Critical-to-Low severity to misconfigurations, and how exploitability factors like exposure and privilege requirements shape the rating.

Sep 1, 20257 min read
Cloud Security

How Snyk IaC handles Terraform modules and remote module ...

How Snyk IaC statically parses Terraform, resolves local modules inline, and why remote Registry or Git modules stay unexpanded until a Terraform plan is scanned.

Aug 31, 20257 min read
Container Security

How Snyk IaC's admission-time Kubernetes scanning differs...

How Snyk IaC's static manifest scanning, the Snyk Controller's in-cluster monitoring, and true Kubernetes admission control mechanically differ — and why the gap between them matters.

Aug 30, 20257 min read
Open Source Security

How snyk monitor creates and tracks a point-in-time proje...

A technical walkthrough of how `snyk monitor` builds a dependency snapshot, stores it as a Project, and re-checks it against new CVEs after the fact.

Aug 27, 20257 min read
AppSec

XStream Deserialization Vulnerabilities: What You Need to Know

XStream, the popular Java XML serialization library, has a long history of deserialization vulnerabilities that lead to remote code execution when it processes untrusted input — here's what changed and how to fix it.

Aug 21, 20256 min read
Compliance

NIST SSDF PW.4: Reusing Well-Secured Software, Explained

PW.4 is the SSDF practice that governs how you consume third-party and open-source components. Here is what its tasks actually ask for and how to satisfy them with evidence, not policy documents.

Aug 19, 20256 min read
Industry Analysis

How Snyk AI-BOM identifies prompt files and prompt-inject...

How Snyk's AI-BOM tooling discovers prompt files, SKILL.md packages, and MCP tool chains, and the detection engine it uses to flag prompt-injection risk.

Aug 19, 20256 min read
Industry Analysis

How Snyk approaches securing AI-generated code from codin...

A technical look at how Snyk's DeepCode AI engine, Agent Fix, and Snyk Studio MCP server scan and govern code from AI coding assistants like Claude Code and Cursor.

Aug 19, 20258 min read
supply-chain-security (Page 77) — Safeguard Blog