vulnerability-scanning
Safeguard articles tagged "vulnerability-scanning" — guides, analysis, and best practices for software supply chain and application security.
82 articles
How Snyk Container parses apk, deb, and rpm package datab...
How Snyk Container reads apk, dpkg, and rpm databases inside image layers to detect OS package vulnerabilities without ever running the container.
Vulnerability Scanning: A Quick Reference
A fast reference for what a vuln scan actually checks, the different scan types, and how often each should run — for engineers who need the answer, not the textbook.
How Snyk's GitHub Actions integration scans pull requests...
A mechanical breakdown of how Snyk's GitHub Actions integration scans pull requests: triggers, SARIF uploads, severity thresholds, and what the checks can't see.
Why Transitive Dependencies Are the Blind Spot in Most Vu...
Most vulnerability scans stop at direct dependencies, missing the 70-80% of your codebase that arrives transitively — where Log4Shell and other major CVEs actually hid.
Why Ephemeral Infrastructure Makes Traditional Vulnerabil...
Containers now live for minutes, not months. Here's why periodic vulnerability scanning can't see ephemeral infrastructure — and what actually closes the gap.
Scanning a Website for Vulnerabilities, Step by Step
A practical walkthrough of how to scan a website for vulnerabilities — from picking a scan target and authentication mode to reading the results without drowning in false positives.
Free Web Security Scanners: What to Expect From the Free Tier
What a free web security scanner will and won't catch, how the free tiers of popular tools are actually limited, and when you need to pay for real coverage.
Vulnerability Scanner Software: Categories and How to Choose
Network scanners, DAST, SCA, SAST, container and cloud scanners all claim the same job. Here is what each category actually finds and how to assemble coverage without buying six consoles.
How to Run Grype in Offline/Airgap Environments
A hands-on tutorial for running Grype vulnerability scans in offline and airgapped environments, including vulnerability database hosting and CI integration.
bundler-audit Production Setup
A practical guide to running bundler-audit in production CI pipelines, including advisory database updates, exception handling, and integration with remediation workflows.
SCA vs SAST vs DAST: Which Do You Actually Need First
Three scanner acronyms, one budget. A spec-level comparison of SCA, SAST, and DAST — what each catches, what each costs to run, and the order that pays off fastest.
Safeguard SCA: Vulnerability Scanning Built for the Supply Chain
Safeguard SCA goes beyond basic CVE matching with multi-source intelligence, version-range precision, and exploitability context that cuts through vulnerability noise.