Safeguard
Topic

Application Security

In-depth guides and analysis on application security from the Safeguard engineering team.

480 articles

Application Security

How Snyk Code identifies hardcoded secrets and credential...

A technical look at how Snyk Code's static analysis engine detects hardcoded API keys, tokens, and credentials in source code — and where source-code scanning alone falls short.

Sep 12, 20257 min read
Application Security

How Snyk Code's security rule sets are structured and ver...

A technical look at how Snyk Code structures, scores, and versions its SAST rules — from the DeepCode AI engine to CWE mapping and custom rule bundles.

Sep 12, 20258 min read
Application Security

How Snyk Code scans multi-language monorepos in a single ...

Snyk Code scans multi-language monorepos in a single pass by parsing source files directly into a shared internal representation, no build step required.

Sep 12, 20258 min read
Application Security

What triggers a Snyk Code scan in the IDE: save, open, an...

A mechanical breakdown of when Snyk Code scans fire in the IDE — on open, on save, and on manual command — and how each trigger affects scan scope and speed.

Sep 11, 20258 min read
Application Security

How Snyk Code's PR and MR checks block merges on newly in...

A mechanical look at how Snyk Code's pull and merge request checks isolate net-new vulnerabilities from pre-existing debt and gate merges on policy.

Sep 11, 20257 min read
Application Security

How Snyk Code visualizes a vulnerability's data-flow path...

A mechanical look at how Snyk Code traces and visualizes a vulnerability's taint path from source to sink, step by step, inside its developer UI.

Sep 11, 20258 min read
Application Security

How Snyk Code differentiates Security issues from Code Qu...

Snyk Code splits every finding into a security vulnerability or a code quality issue. Here's how that classification actually works under the hood, and why the split matters for triage.

Sep 11, 20257 min read
Application Security

How Snyk Code suppressions and in-file ignore annotations...

How Snyk Code's in-file ignore annotations and UI-based suppressions work mechanically, from fingerprinting to Consistent Ignores, and where governance gaps appear.

Sep 10, 20257 min read
Application Security

How Snyk Code's incremental scanning speeds up repeated s...

Snyk Code speeds up repeat SAST scans on large codebases by re-analyzing only changed files instead of the whole repository each time.

Sep 10, 20257 min read
Application Security

How Snyk Agent Fix uses dynamic few-shot prompting to gen...

How Snyk Agent Fix uses dynamic few-shot prompting and a 35,000-example database to generate, validate, and iteratively repair AI-generated code fixes.

Sep 10, 20257 min read
Application Security

Why Snyk Agent Fix scopes fixes to a single file, and wha...

Snyk Agent Fix patches one file per finding. Here's why that scope exists, which vulnerability classes need multi-file fixes, and how to catch what a single-file patch leaves behind.

Sep 9, 20257 min read
Application Security

How Snyk Code's detection differs across Java, JavaScript...

Snyk Code applies one hybrid AI-plus-symbolic engine to ten languages, but rule depth, autofix coverage, and taint tracking vary widely by language.

Sep 9, 20258 min read
Application Security (Page 33) — Supply Chain Security Blog | Safeguard