Safeguard
Tag

vulnerability-scanning

Safeguard articles tagged "vulnerability-scanning" — guides, analysis, and best practices for software supply chain and application security.

82 articles

Best Practices

How Often Should You Scan for Vulnerabilities?

Finding the right vulnerability scanning frequency for your organization. Too often wastes resources, too rarely leaves gaps. Here is how to calibrate.

Apr 8, 20246 min read
Tool Reviews

JFrog Xray: Vulnerability Scanning Built Into Your Artifact Pipeline

A review of JFrog Xray for vulnerability scanning and license compliance, covering its deep integration with Artifactory, impact analysis, and binary-level scanning.

Jun 12, 20235 min read
Container Security

Container Vulnerability Scanning: Comparing the Top Tools in 2023

Not all container scanners are equal. We compared Trivy, Grype, Snyk Container, and others on accuracy, speed, and coverage.

May 10, 20236 min read
Tool Comparisons

Snyk vs Sonatype: A Head-to-Head SCA Comparison

We break down the real differences between Snyk and Sonatype for software composition analysis, covering vulnerability detection, developer experience, and pricing.

May 10, 20236 min read
Container Security

Runtime vs Static Container Analysis: Complementary, Not Competing

Static scanning finds known vulnerabilities. Runtime analysis finds actual exploitation. Using only one gives you half the picture.

Nov 12, 20226 min read
Tool Comparisons

Trivy vs Grype: Open Source Vulnerability Scanners Compared

A practical comparison of Trivy and Grype for vulnerability scanning, covering detection accuracy, performance, SBOM support, and real-world usage patterns.

Sep 15, 20225 min read
Container Security

Docker Image Layer Security Analysis: What Lurks Beneath Your Containers

Every Docker image is a stack of layers, and each one can introduce vulnerabilities. Learn how to dissect image layers for security risks and what tools actually help.

Aug 12, 20227 min read
SBOM

Trivy for SBOM Generation and Vulnerability Scanning

Trivy combines SBOM generation with vulnerability scanning in a single tool. Here's how to use both capabilities effectively.

Aug 12, 20226 min read
Container Security

Docker Scout for Container Security Analysis: A Practical Guide

Docker Scout brings vulnerability scanning directly into the Docker CLI. Here is what it actually catches, where it falls short, and how to integrate it into your workflow.

Jul 5, 20226 min read
Tools & Techniques

Software Composition Analysis: The 2021 Buyer's Guide

SCA tools have exploded in number and capability. Here's how to evaluate them without getting lost in vendor marketing.

Nov 20, 20218 min read
vulnerability-scanning (Page 7) — Safeguard Blog