vulnerability-scanning
Safeguard articles tagged "vulnerability-scanning" — guides, analysis, and best practices for software supply chain and application security.
82 articles
OSS container image scanning tools compared
Trivy finds CVEs fast and free. Safeguard compares how each handles fleet-wide inventory, triage, policy enforcement, and audit evidence at scale.
What is Trivy and how it compares to other open-source sc...
Trivy is Aqua Security's free open-source scanner for containers, IaC, and dependencies. Here's how it compares to Grype, Clair, and Snyk—and where it falls short.
npm audit vs Snyk: comparing vulnerability scanners
npm audit is free and built-in; Snyk adds reachability analysis and auto-fix PRs. Here's how they really compare on data, false positives, and supply chain attacks.
How Does SAST Work? Stages of SAST Scanning
A stage-by-stage breakdown of how SAST scanning actually works — parsing, taint analysis, false positives — with real CVEs and benchmark data.
DAST vs IAST
DAST attacks running apps from the outside; IAST watches from inside during tests. Here's how they differ, where each wins, and when to use both.
What is Penetration Testing
Penetration testing simulates real attacks to prove exploitability, not just list CVEs. Here's how it works, what it costs, and how often it's required.
What is Vulnerability Scanning
Vulnerability scanning automatically checks code, dependencies, and infra against known-flaw databases like the NVD. Here's how it works and why reachability matters.
What is a Vulnerability Assessment
A vulnerability assessment finds and ranks security weaknesses at scale — here's how it differs from a pentest, its five-step process, and reporting essentials.
Anthropic's Mythos Vulnerability Scanner: An Honest Assessment of Strengths, Weaknesses, and Reasons to Be Cautious
Anthropic's Mythos model is generating buzz for AI-powered vulnerability detection. We break down what it does well, where it struggles, and why security teams should approach the results with healthy skepticism.
The Limits of Single-Model Vulnerability Scanning: A Technical Analysis of the Mythos Approach
Anthropic's Mythos model claims to find vulnerabilities in open-source code using a single LLM. We analyze where this approach falls short and why production-grade zero-day discovery requires Safeguard's Multi-Agent TAOR Deep Think AI Engine.
Why LLM-Based Vulnerability Scanning Needs More Than a Single Model
Large language models are being used to find vulnerabilities in open-source code. But a single model, no matter how capable, isn't enough. Here's why multi-agent orchestration, structured CWE analysis, and deep context matter more than model size.
A guide to modern vulnerability scanning
Scanners disagree, CVE volume is exploding, and hardened base images solve only one layer. Here's how modern vulnerability scanning actually works — and where prioritization beats raw CVE counts.