Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Tools

JFrog Xray Alternatives: A 2026 Buyer's Guide

Where JFrog Xray fits, where it falls short, and which alternatives actually deserve a seat at the evaluation table in 2026 for SCA, container scanning, and policy enforcement.

Feb 12, 20265 min read
DevSecOps

DevOps Metrics That Security Teams Should Watch Too

Deploy frequency and lead time aren't just engineering KPIs — read alongside vulnerability data, they tell security teams exactly where risk is accumulating.

Feb 11, 20265 min read
Comparisons

The Snyk Tool: What It Does, and What It Doesn't

The Snyk tool covers SCA, container, and IaC scanning well, but its SAST depth and enterprise pricing are the two things buyers most often get wrong going in.

Feb 11, 20265 min read
SBOM

OpenVEX vs. CycloneDX VEX: Which to Pick

A direct comparison of OpenVEX and CycloneDX VEX in 2026, covering spec differences, tooling support, and the operational tradeoffs that actually affect your choice.

Feb 11, 20266 min read
AppSec

Application Security Testing Software: A Category Map

A clear map of the application security testing software categories — SAST, DAST, IAST, SCA, and the platforms that bundle them — and when each one actually applies.

Feb 11, 20266 min read
Vulnerability Management

How to set up a vulnerability management program

A step-by-step guide to setting up a vulnerability management program: scanning schedules, risk-based triage, patch management, and metrics that hold up in an audit.

Feb 11, 20268 min read
Vulnerability Management

How to configure Nessus for vulnerability scanning

A step-by-step guide to installing Nessus, building scan policies, defining safe targets, and validating results — plus where supply chain risk starts beyond the network scan.

Feb 11, 20267 min read
DevSecOps

How to set up a CI/CD pipeline security gate

A practical, step-by-step guide to building a CI/CD pipeline security gate that scans, enforces vulnerability thresholds, and blocks risky builds without slowing developers down.

Feb 11, 20268 min read
AppSec

DAST, SAST, IAST, and SCA: How They Actually Compose Into a Program

DAST, SAST, IAST, and SCA each catch a different slice of application risk. Here's how they overlap, where each one is blind, and how to combine them without duplicating effort.

Feb 9, 20266 min read
Open Source Security

What is Open Source Software

Open source software now sits in 96% of codebases. Here's what OSS actually is, how licensing works, and where the real security risk hides.

Feb 9, 20268 min read
DevSecOps

What is a Monorepo

A monorepo houses many projects in one repository. Learn how Google, Meta, and Microsoft use them, and the blast-radius risks security teams must manage.

Feb 7, 20266 min read
Application Security

What is Static Code Analysis

Static code analysis scans source code for flaws before it runs. Here's how SAST works, what it catches, and where it falls short without reachability context.

Feb 7, 20266 min read
vulnerability-management (Page 30) — Safeguard Blog