Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Software Supply Chain Security

GitHub dependency graph and dependency review explained

How GitHub Dependency Graph and Dependency Review actually work, what GitHub Advanced Security adds on top, and where the coverage gaps are for teams relying on manifest-only scanning.

Jun 29, 20267 min read
Software Supply Chain Security

SBOM export in GitHub: generating a software bill of mate...

GitHub lets you export an SPDX SBOM in two clicks, but the file only reflects what its dependency graph can see. Here's what's missing and how Safeguard fills it.

Jun 28, 20266 min read
Container Security

10 Docker image security best practices

Ten concrete Docker image security practices — minimal base images, secret handling, reachability-based scanning, non-root runtimes, and SBOMs — with real CVEs and data.

Jun 28, 202610 min read
Container Security

Choosing secure base images for containers

Base image choice drives most of your container's attack surface. Here's what secure Docker base images actually require, with concrete CVE data.

Jun 28, 20267 min read
Container Security

Distroless container images explained

Distroless images cut container size by up to 90% and eliminate OS-level CVEs, but they don't secure app dependencies. Here's how they work and where they fall short.

Jun 27, 20267 min read
Container Security

Alpine vs distroless: which base image is more secure

Alpine and distroless both shrink attack surface differently. We compare real CVEs, musl risks, and patch tradeoffs to settle which base image actually wins.

Jun 27, 20267 min read
Container Security

Scanning container images in CI/CD pipelines

Where to put container image scanning in your CI/CD pipeline, what it actually catches, and how to stop CVE floods from blocking every build.

Jun 27, 20267 min read
Application Security

How AppSec teams cut false-positive triage time

AppSec teams drown in false positives. See how Safeguard's supply-chain-native triage compares to Checkmarx's SAST-driven approach on reachability, context, and workflow fit.

Jun 26, 20268 min read
Compliance

HIPAA requirements and application security

HIPAA's Security Rule ties ePHI protection to application security, but scanner tools like Checkmarx rarely map findings to 45 CFR safeguards. Here's what compliance teams actually need.

Jun 25, 20267 min read
Container Security

Container security throughout the SDLC

A clean build-time scan doesn't mean a secure container. Here's why container security has to span code, build, deploy, and runtime — with real CVE examples.

Jun 23, 20267 min read
Container Security

OCI image vulnerability scanning explained

A concrete breakdown of how OCI image vulnerability scanning works, where scanners miss real risk, and how to build a scan workflow that doesn't drown teams in noise.

Jun 22, 20267 min read
Application Security

Application Security: The Complete Guide

What is application security? A concrete guide covering AppSec fundamentals, OWASP Top 10 risks, supply chain threats, and how Safeguard fills the gaps legacy tools like Veracode leave open.

Jun 21, 202612 min read
vulnerability-management (Page 8) — Safeguard Blog