Safeguard
Tag

vulnerability-scanning

Safeguard articles tagged "vulnerability-scanning" — guides, analysis, and best practices for software supply chain and application security.

82 articles

Open Source Security

How Snyk Container parses apk, deb, and rpm package datab...

How Snyk Container reads apk, dpkg, and rpm databases inside image layers to detect OS package vulnerabilities without ever running the container.

Sep 4, 20257 min read
SecOps

Vulnerability Scanning: A Quick Reference

A fast reference for what a vuln scan actually checks, the different scan types, and how often each should run — for engineers who need the answer, not the textbook.

Aug 19, 20255 min read
Product

How Snyk's GitHub Actions integration scans pull requests...

A mechanical breakdown of how Snyk's GitHub Actions integration scans pull requests: triggers, SARIF uploads, severity thresholds, and what the checks can't see.

Aug 16, 20257 min read
Open Source Security

Why Transitive Dependencies Are the Blind Spot in Most Vu...

Most vulnerability scans stop at direct dependencies, missing the 70-80% of your codebase that arrives transitively — where Log4Shell and other major CVEs actually hid.

Aug 13, 20257 min read
Container Security

Why Ephemeral Infrastructure Makes Traditional Vulnerabil...

Containers now live for minutes, not months. Here's why periodic vulnerability scanning can't see ephemeral infrastructure — and what actually closes the gap.

Aug 4, 20257 min read
AppSec

Scanning a Website for Vulnerabilities, Step by Step

A practical walkthrough of how to scan a website for vulnerabilities — from picking a scan target and authentication mode to reading the results without drowning in false positives.

Jun 11, 20256 min read
AppSec

Free Web Security Scanners: What to Expect From the Free Tier

What a free web security scanner will and won't catch, how the free tiers of popular tools are actually limited, and when you need to pay for real coverage.

May 2, 20255 min read
SecOps

Vulnerability Scanner Software: Categories and How to Choose

Network scanners, DAST, SCA, SAST, container and cloud scanners all claim the same job. Here is what each category actually finds and how to assemble coverage without buying six consoles.

Apr 22, 20255 min read
Vulnerability Management

How to Run Grype in Offline/Airgap Environments

A hands-on tutorial for running Grype vulnerability scans in offline and airgapped environments, including vulnerability database hosting and CI integration.

Jan 28, 20255 min read
Vulnerability Management

bundler-audit Production Setup

A practical guide to running bundler-audit in production CI pipelines, including advisory database updates, exception handling, and integration with remediation workflows.

Jul 2, 20247 min read
Comparisons

SCA vs SAST vs DAST: Which Do You Actually Need First

Three scanner acronyms, one budget. A spec-level comparison of SCA, SAST, and DAST — what each catches, what each costs to run, and the order that pays off fastest.

Jul 2, 20246 min read
Product

Safeguard SCA: Vulnerability Scanning Built for the Supply Chain

Safeguard SCA goes beyond basic CVE matching with multi-source intelligence, version-range precision, and exploitability context that cuts through vulnerability noise.

Jul 1, 20247 min read
vulnerability-scanning (Page 6) — Safeguard Blog