Safeguard
Topic

Application Security

In-depth guides and analysis on application security from the Safeguard engineering team.

480 articles

Application Security

How Snyk Code integrates with GitHub Advanced Security th...

A technical walkthrough of how Snyk Code's SARIF output is generated, uploaded, and deduplicated inside GitHub Advanced Security's code scanning pipeline.

Sep 9, 20257 min read
Application Security

How Snyk Code's confidence scoring separates high-confide...

How Snyk Code's confidence scoring works under the hood, and why "high confidence" and "severity" are not the same axis for triage.

Sep 9, 20257 min read
Application Security

How Snyk Code analyzes API usage patterns to catch insecu...

A technical look at how Snyk Code's symbolic engine and taint tracking flag insecure API calls like weak crypto, XXE, and SSRF before code ships.

Sep 8, 20257 min read
Application Security

How Snyk Code detects path traversal vulnerabilities thro...

How Snyk Code uses interprocedural data-flow tracing—not regex matching—to catch path traversal (CWE-22) by connecting tainted sources to file-system sinks.

Sep 8, 20258 min read
Application Security

How Snyk Code's duplicate and similar-code detection supp...

Snyk Code once shipped duplicate and similar-code detection under its Code Quality rules. Here's how it worked, and what its 2025 retirement means for teams.

Sep 8, 20257 min read
Application Security

How 'Vibe Coding' Culture Is Reshaping Application Securi...

AI-assisted "vibe coding" is reshaping how much code ships and how little of it gets truly reviewed. Here's what the data shows and how AppSec teams should respond.

Aug 8, 20257 min read
Application Security

Reachability Analysis in 2025: Separating Exploitable Vulnerabilities from Noise

Reachability analysis determines whether a vulnerable function is actually called by your application. The technology has matured from research concept to production tool. Here is how it works and where it falls short.

Jul 28, 20258 min read
Application Security

Why Alert Fatigue, Not Tool Gaps, Is the Real AppSec Bott...

AppSec teams don't fail from missing tools, they fail from thousands of unprioritized alerts. Here's why alert fatigue is the real AppSec bottleneck.

Jul 25, 20257 min read
Application Security

Consolidation Wave: Why AppSec Vendors Are Buying Runtime...

CrowdStrike, Cisco, Tenable, and others have spent three years buying runtime-visibility startups. Here's why AppSec vendors need runtime context to fix alert overload.

Jul 24, 20258 min read
Application Security

eBPF and OpenTelemetry: The New Instrumentation Layer for...

eBPF and OpenTelemetry are becoming AppSec's new runtime instrumentation layer, catching supply chain attacks like the xz backdoor that static scanners miss entirely.

Jul 23, 20257 min read
Application Security

Why Every AppSec Vendor Suddenly Has an 'AI Trust' Product

AppSec vendors are rebranding as "AI Trust" platforms. We look at the standards, M&A, and real incidents driving the shift — and why it's a supply chain problem at its core.

Jul 16, 20257 min read
Application Security

The Acquisition Pattern Behind AppSec's Runtime Visibilit...

From Cider Security to the $32B Google-Wiz deal, AppSec acquirers keep paying for one thing: runtime visibility into what code actually does in production.

Jul 16, 20257 min read
Application Security (Page 34) — Supply Chain Security Blog | Safeguard