vulnerability-scanning
Safeguard articles tagged "vulnerability-scanning" — guides, analysis, and best practices for software supply chain and application security.
82 articles
How Often Should You Scan for Vulnerabilities?
Finding the right vulnerability scanning frequency for your organization. Too often wastes resources, too rarely leaves gaps. Here is how to calibrate.
JFrog Xray: Vulnerability Scanning Built Into Your Artifact Pipeline
A review of JFrog Xray for vulnerability scanning and license compliance, covering its deep integration with Artifactory, impact analysis, and binary-level scanning.
Container Vulnerability Scanning: Comparing the Top Tools in 2023
Not all container scanners are equal. We compared Trivy, Grype, Snyk Container, and others on accuracy, speed, and coverage.
Snyk vs Sonatype: A Head-to-Head SCA Comparison
We break down the real differences between Snyk and Sonatype for software composition analysis, covering vulnerability detection, developer experience, and pricing.
Runtime vs Static Container Analysis: Complementary, Not Competing
Static scanning finds known vulnerabilities. Runtime analysis finds actual exploitation. Using only one gives you half the picture.
Trivy vs Grype: Open Source Vulnerability Scanners Compared
A practical comparison of Trivy and Grype for vulnerability scanning, covering detection accuracy, performance, SBOM support, and real-world usage patterns.
Docker Image Layer Security Analysis: What Lurks Beneath Your Containers
Every Docker image is a stack of layers, and each one can introduce vulnerabilities. Learn how to dissect image layers for security risks and what tools actually help.
Trivy for SBOM Generation and Vulnerability Scanning
Trivy combines SBOM generation with vulnerability scanning in a single tool. Here's how to use both capabilities effectively.
Docker Scout for Container Security Analysis: A Practical Guide
Docker Scout brings vulnerability scanning directly into the Docker CLI. Here is what it actually catches, where it falls short, and how to integrate it into your workflow.
Software Composition Analysis: The 2021 Buyer's Guide
SCA tools have exploded in number and capability. Here's how to evaluate them without getting lost in vendor marketing.