vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
Reachability Analysis: Cutting Through CVE Noise to Find What Actually Matters
Why most CVEs in your dependency tree are not exploitable in your application, and how reachability analysis separates real risk from noise.
Open Source Security Platforms: What They Actually Do
An open source security platform isn't one tool — it's usually a combination of SCA, license scanning, and vulnerability intelligence stitched into a pipeline that watches your dependencies.
SBOM automation from creation to scanning & analysis
SBOM generation alone isn't enough. See how continuous SBOM automation — from creation to scanning and analysis — closes the gaps left by point-in-time tools.
Tackling SBOM sprawl across an organization
SBOM generation has outpaced SBOM management. Here's why sprawl happens, what it costs in incident response and audits, and how to consolidate it for good.
What is Container Security? (definition, lifecycle, threats)
Container security spans build, ship, and runtime: scanning, SBOMs, Kubernetes hardening, and runtime detection. How it works, and where Anchore leaves gaps.
Tenable vs Qualys Vulnerability Management 2026
The two giants of vulnerability management have evolved past their network-scanner roots. A clear-eyed comparison of scan accuracy, exposure management, and cloud coverage in 2026.
ASPM Security: Application Security Posture Management Explained
ASPM doesn't scan anything new — it aggregates and prioritizes findings your existing SAST, DAST, and SCA tools already produce, which is exactly the problem most AppSec teams actually have.
Accepting The Unfixable: A Decision Framework
Some vulnerabilities cannot be fixed in any reasonable timeframe. Here is a structured framework for accepting risk responsibly with reachability and AI evidence.
Best practices for securing the software supply chain
From the xz backdoor to SolarWinds, real incidents show why SBOMs, build provenance, and continuous monitoring matter more than scanning alone.
What is DevSecOps? (principles, workflow, tooling)
DevSecOps explained: the principles, CI/CD workflow, and scanning tools that build security into every commit instead of bolting it on at release.
Reachability vs Pure-LLM Vulnerability Scanning In 2026
Pure-LLM vulnerability scanners hit production around 2024. By 2026 their failure modes are documented. Reachability remains the backbone — and the LLM is most useful on top of it.
Open source dependency scanning (OSS composition risk)
Open source dependency scanning has moved from periodic audits to a CI/CD gate. Here's how it works, where Anchore fits, and where Safeguard differs.