Safeguard
Tag

vulnerability-scanning

Safeguard articles tagged "vulnerability-scanning" — guides, analysis, and best practices for software supply chain and application security.

82 articles

Container Security

OSS container image scanning tools compared

Trivy finds CVEs fast and free. Safeguard compares how each handles fleet-wide inventory, triage, policy enforcement, and audit evidence at scale.

Apr 29, 20267 min read
Buyer's Guides

What is Trivy and how it compares to other open-source sc...

Trivy is Aqua Security's free open-source scanner for containers, IaC, and dependencies. Here's how it compares to Grype, Clair, and Snyk—and where it falls short.

Apr 28, 20268 min read
Open Source Security

npm audit vs Snyk: comparing vulnerability scanners

npm audit is free and built-in; Snyk adds reachability analysis and auto-fix PRs. Here's how they really compare on data, false positives, and supply chain attacks.

Apr 20, 20267 min read
Application Security

How Does SAST Work? Stages of SAST Scanning

A stage-by-stage breakdown of how SAST scanning actually works — parsing, taint analysis, false positives — with real CVEs and benchmark data.

Apr 16, 20267 min read
Application Security

DAST vs IAST

DAST attacks running apps from the outside; IAST watches from inside during tests. Here's how they differ, where each wins, and when to use both.

Apr 14, 20268 min read
Application Security

What is Penetration Testing

Penetration testing simulates real attacks to prove exploitability, not just list CVEs. Here's how it works, what it costs, and how often it's required.

Apr 13, 20268 min read
Application Security

What is Vulnerability Scanning

Vulnerability scanning automatically checks code, dependencies, and infra against known-flaw databases like the NVD. Here's how it works and why reachability matters.

Apr 13, 20267 min read
Application Security

What is a Vulnerability Assessment

A vulnerability assessment finds and ranks security weaknesses at scale — here's how it differs from a pentest, its five-step process, and reporting essentials.

Apr 13, 20268 min read
AI Security

Anthropic's Mythos Vulnerability Scanner: An Honest Assessment of Strengths, Weaknesses, and Reasons to Be Cautious

Anthropic's Mythos model is generating buzz for AI-powered vulnerability detection. We break down what it does well, where it struggles, and why security teams should approach the results with healthy skepticism.

Apr 10, 202613 min read
AI Security

The Limits of Single-Model Vulnerability Scanning: A Technical Analysis of the Mythos Approach

Anthropic's Mythos model claims to find vulnerabilities in open-source code using a single LLM. We analyze where this approach falls short and why production-grade zero-day discovery requires Safeguard's Multi-Agent TAOR Deep Think AI Engine.

Apr 10, 202610 min read
AI Security

Why LLM-Based Vulnerability Scanning Needs More Than a Single Model

Large language models are being used to find vulnerabilities in open-source code. But a single model, no matter how capable, isn't enough. Here's why multi-agent orchestration, structured CWE analysis, and deep context matter more than model size.

Apr 10, 202611 min read
Vulnerability Management

A guide to modern vulnerability scanning

Scanners disagree, CVE volume is exploding, and hardened base images solve only one layer. Here's how modern vulnerability scanning actually works — and where prioritization beats raw CVE counts.

Apr 3, 20268 min read
vulnerability-scanning (Page 3) — Safeguard Blog