vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
How the Snyk Risk Score's 0-1000 scale is derived from CV...
How Snyk's 0-1000 Risk Score starts from the CVSS impact subscore formula, then layers in exploit maturity, social trends, and reachability data.
How Snyk's exploit maturity rating is researched and assi...
A look at how Snyk researches and assigns exploit maturity ratings — the categories, the manual research process, and how the label shapes vulnerability prioritization.
How Snyk's .snyk file structures ignore rules with expiry...
How Snyk's .snyk file encodes vulnerability ignore rules using reason and expiry date fields, and what happens in CI once an exception lapses.
What is a Vulnerability Exploitability eXchange (VEX) Statement
A VEX statement is a machine-readable assertion of whether a product is actually affected by a CVE — the document that stops your customers from triaging your SBOM for you.
How the --policy-path option centralizes ignore rules acr...
A technical look at how Snyk's --policy-path flag lets teams share one .snyk ignore file across repos instead of duplicating exceptions everywhere.
How Snyk continuously monitors production dependencies fo...
A technical walkthrough of how Snyk's continuous monitoring uses dependency snapshots, vuln-DB updates, and priority scoring to flag newly disclosed CVEs in production.
How Snyk's CLI test command differs technically from the ...
A technical breakdown of how Snyk's snyk test and snyk monitor commands differ mechanically — exit codes, dependency snapshots, and continuous vulnerability tracking.
How to Add Reachability Analysis to PR Checks
Run reachability analysis on every pull request to slash vulnerability false positives by 70%+, gate merges on exploitable findings, and keep devs focused.
Source Code Security Scanning Programs That Scale
A source code security scanning program that works for 20 repos usually breaks at 200 — here's how to design one that scales with the number of teams, not just the number of scans.
What is Patch Latency
Patch latency is the gap between a fix existing and the fix running in production. Here's how to measure it honestly, why it balloons, and how teams get it under 30 days.
How Snyk CLI's --severity-threshold and --fail-on flags g...
How Snyk CLI severity-threshold and fail-on flags filter and gate vulnerability findings, plus exit codes and common CI/CD misconfigurations.
How the Snyk CLI's JSON output format supports custom too...
A technical look at how Snyk CLI's --json and --sarif output structure vulnerability data, its exit-code quirks, and the official tools that turn it into reports.