supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1045 articles
How Snyk Container handles multi-stage Docker builds duri...
How Snyk Container identifies base images, attributes vulnerabilities to Dockerfile instructions, and scopes scans across multi-stage Docker builds.
How Snyk Container's registry integrations authenticate a...
A technical walkthrough of how Snyk Container authenticates and pulls images from ECR, ACR, GCR, and Artifactory using IAM roles, service principals, and tokens.
How Snyk Container's automatic base image remediation PRs...
How Snyk Container's automatic base image remediation PRs pick replacement tags, what triggers them, and what they actually change in a Dockerfile.
How image digest pinning strengthens container supply cha...
How SHA-256 image digests, unlike mutable tags, anchor Snyk container scans to the exact artifact that ships—and why that distinction matters for supply chain integrity.
How Snyk IaC's severity scoring weighs the exploitability...
A mechanical look at how Snyk IaC assigns Critical-to-Low severity to misconfigurations, and how exploitability factors like exposure and privilege requirements shape the rating.
How Snyk IaC handles Terraform modules and remote module ...
How Snyk IaC statically parses Terraform, resolves local modules inline, and why remote Registry or Git modules stay unexpanded until a Terraform plan is scanned.
How Snyk IaC's admission-time Kubernetes scanning differs...
How Snyk IaC's static manifest scanning, the Snyk Controller's in-cluster monitoring, and true Kubernetes admission control mechanically differ — and why the gap between them matters.
How snyk monitor creates and tracks a point-in-time proje...
A technical walkthrough of how `snyk monitor` builds a dependency snapshot, stores it as a Project, and re-checks it against new CVEs after the fact.
XStream Deserialization Vulnerabilities: What You Need to Know
XStream, the popular Java XML serialization library, has a long history of deserialization vulnerabilities that lead to remote code execution when it processes untrusted input — here's what changed and how to fix it.
NIST SSDF PW.4: Reusing Well-Secured Software, Explained
PW.4 is the SSDF practice that governs how you consume third-party and open-source components. Here is what its tasks actually ask for and how to satisfy them with evidence, not policy documents.
How Snyk AI-BOM identifies prompt files and prompt-inject...
How Snyk's AI-BOM tooling discovers prompt files, SKILL.md packages, and MCP tool chains, and the detection engine it uses to flag prompt-injection risk.
How Snyk approaches securing AI-generated code from codin...
A technical look at how Snyk's DeepCode AI engine, Agent Fix, and Snyk Studio MCP server scan and govern code from AI coding assistants like Claude Code and Cursor.