Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

DevSecOps

How Snyk's GitLab CI/CD template integrates security gate...

A technical look at how Snyk's GitLab CI/CD template authenticates, scans, and uses severity thresholds to block merge requests with known vulnerabilities.

Aug 16, 20257 min read
Product

How Snyk integrates with Jenkins to fail builds on new vu...

A mechanical look at how the Snyk Jenkins plugin scans manifests, applies severity thresholds, and turns newly disclosed vulnerabilities into failed builds.

Aug 16, 20257 min read
Product

How Snyk's --project-tags and business-criticality flags ...

How Snyk CLI's --project-tags and --project-business-criticality flags attach business context to scans, and why that context can drift out of date.

Aug 14, 20257 min read
Vulnerabilities

Nginx 1.18.0 Vulnerabilities: Audit and Upgrade Path

Nginx 1.18.0 left support in 2021, but not every scanner hit is exploitable — and many distro builds are already patched. How to audit what you actually run and get onto a supported line.

Aug 14, 20256 min read
Open Source Security

The Real Cost of Delayed Patching in Open Source Components

Patches for open source flaws often exist for months before teams apply them. Here is what that patch lag actually costs in breaches, cleanup, and trust.

Aug 13, 20258 min read
Open Source Security

How Dependency Graphs Reveal Hidden Supply Chain Risk

Dependency graph analysis reveals which transitive packages can actually reach your code. From Log4Shell to the xz backdoor, see why flat scans miss what graphs catch.

Aug 12, 20258 min read
Open Source Security

Why 'Time to Fix' Is a Better Supply Chain Metric Than Vu...

Vulnerability counts measure how hard you're looking, not how exposed you are. Here's why mean time to remediate is the metric that actually predicts breach risk.

Aug 12, 20259 min read
Open Source Security

Monorepo vs Polyrepo: How Architecture Choices Shape Supp...

Monorepos and polyrepos don't just shape build times — they shape blast radius, patch speed, and dependency visibility. Here's how each affects supply chain risk.

Aug 11, 20257 min read
Open Source Security

The Economics of Free Riding in Open Source Security

Open source runs on unpaid labor while billion-dollar companies use it for free. Here's the economics behind Log4Shell, xz-utils, and the free rider problem.

Aug 10, 20258 min read
Vulnerability Analysis

Why Vulnerability Disclosure Timelines Still Vary Wildly ...

Google gives vendors 90 days, ZDI gives 120, the EU wants 24 hours, and Linux had no CVE process until 2024. Here's why disclosure timelines diverge so sharply across ecosystems.

Aug 10, 20257 min read
Open Source Security

From Log4Shell to Now: What Changed and What Didn't in Su...

Three years after Log4Shell, Log4j is still found in production systems. Here is what the industry fixed, what it didn't, and why the risk persists.

Aug 10, 20258 min read
Open Source Security

Do Bug Bounties Actually Reduce Open Source Risk? An Inde...

Bug bounties didn't catch Log4Shell or the XZ Utils backdoor. An independent look at what OSS bounty programs actually cover — and where they structurally fall short.

Aug 9, 20257 min read
vulnerability-management (Page 44) — Safeguard Blog