Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Open Source Security

How the Snyk Risk Score's 0-1000 scale is derived from CV...

How Snyk's 0-1000 Risk Score starts from the CVSS impact subscore formula, then layers in exploit maturity, social trends, and reachability data.

Aug 26, 20257 min read
Open Source Security

How Snyk's exploit maturity rating is researched and assi...

A look at how Snyk researches and assigns exploit maturity ratings — the categories, the manual research process, and how the label shapes vulnerability prioritization.

Aug 23, 20257 min read
Open Source Security

How Snyk's .snyk file structures ignore rules with expiry...

How Snyk's .snyk file encodes vulnerability ignore rules using reason and expiry date fields, and what happens in CI once an exception lapses.

Aug 23, 20257 min read
Concepts

What is a Vulnerability Exploitability eXchange (VEX) Statement

A VEX statement is a machine-readable assertion of whether a product is actually affected by a CVE — the document that stops your customers from triaging your SBOM for you.

Aug 22, 20256 min read
Open Source Security

How the --policy-path option centralizes ignore rules acr...

A technical look at how Snyk's --policy-path flag lets teams share one .snyk ignore file across repos instead of duplicating exceptions everywhere.

Aug 22, 20256 min read
Open Source Security

How Snyk continuously monitors production dependencies fo...

A technical walkthrough of how Snyk's continuous monitoring uses dependency snapshots, vuln-DB updates, and priority scoring to flag newly disclosed CVEs in production.

Aug 22, 20257 min read
Open Source Security

How Snyk's CLI test command differs technically from the ...

A technical breakdown of how Snyk's snyk test and snyk monitor commands differ mechanically — exit codes, dependency snapshots, and continuous vulnerability tracking.

Aug 22, 20257 min read
DevSecOps

How to Add Reachability Analysis to PR Checks

Run reachability analysis on every pull request to slash vulnerability false positives by 70%+, gate merges on exploitable findings, and keep devs focused.

Aug 20, 20255 min read
AppSec

Source Code Security Scanning Programs That Scale

A source code security scanning program that works for 20 repos usually breaks at 200 — here's how to design one that scales with the number of teams, not just the number of scans.

Aug 19, 20256 min read
Concepts

What is Patch Latency

Patch latency is the gap between a fix existing and the fix running in production. Here's how to measure it honestly, why it balloons, and how teams get it under 30 days.

Aug 17, 20257 min read
DevSecOps

How Snyk CLI's --severity-threshold and --fail-on flags g...

How Snyk CLI severity-threshold and fail-on flags filter and gate vulnerability findings, plus exit codes and common CI/CD misconfigurations.

Aug 17, 20257 min read
Industry Analysis

How the Snyk CLI's JSON output format supports custom too...

A technical look at how Snyk CLI's --json and --sarif output structure vulnerability data, its exit-code quirks, and the official tools that turn it into reports.

Aug 17, 20257 min read
vulnerability-management (Page 43) — Safeguard Blog