Safeguard
Topic

Tool Reviews

In-depth guides and analysis on tool reviews from the Safeguard engineering team.

16 articles

Tool Reviews

Prisma Cloud Container Security: Palo Alto's Cloud Native Play

A review of Prisma Cloud's container and cloud workload security features, covering image scanning, runtime protection, compliance, and the Twistlock heritage.

Mar 20, 20245 min read
Tool Reviews

Endor Labs SCA Review: Reachability Analysis Changes the Game

A review of Endor Labs and its reachability-based approach to software composition analysis, examining how call graph analysis reduces vulnerability noise.

Mar 12, 20246 min read
Tool Reviews

Veracode SCA: Mature Application Security Meets Dependency Scanning

An overview of Veracode's SCA capabilities within their broader application security platform, covering vulnerability prioritization, agent-based scanning, and enterprise features.

Jan 18, 20245 min read
Tool Reviews

SonarQube Security Scanning: Code Quality Meets Application Security

A review of SonarQube's security scanning capabilities, examining how its code quality heritage shapes its approach to vulnerability detection and taint analysis.

Nov 15, 20235 min read
Tool Reviews

Wiz Cloud Security Platform: Agentless Done at Scale

An overview of Wiz's cloud security platform, covering its agentless architecture, graph-based risk analysis, and how it changed expectations for cloud security tooling.

Nov 5, 20236 min read
Tool Reviews

Checkmarx SCA: Application Security from a SAST Pioneer

A review of Checkmarx SCA covering its integration with the broader Checkmarx AST platform, vulnerability detection, and exploitability analysis capabilities.

Sep 28, 20235 min read
Tool Reviews

Socket.dev: Detecting Supply Chain Attacks Before They Hit

A review of Socket.dev's approach to supply chain security, focusing on behavior analysis of npm packages, install script detection, and typosquatting prevention.

Aug 22, 20235 min read
Tool Reviews

Aqua Security Platform Review: Cloud Native Security Done Right

An in-depth review of the Aqua Security platform covering container security, runtime protection, Kubernetes scanning, and how it fits into a modern DevSecOps workflow.

Jul 20, 20235 min read
Tool Reviews

GitHub Advanced Security: CodeQL, Dependabot, and Secret Scanning in Practice

A review of GitHub Advanced Security covering CodeQL SAST, Dependabot SCA, secret scanning, and how the integrated security experience works for development teams.

Jul 8, 20236 min read
Tool Reviews

JFrog Xray: Vulnerability Scanning Built Into Your Artifact Pipeline

A review of JFrog Xray for vulnerability scanning and license compliance, covering its deep integration with Artifactory, impact analysis, and binary-level scanning.

Jun 12, 20235 min read
Tool Reviews

Anchore Syft: The Go-To Open Source SBOM Generator

A thorough review of Anchore's Syft SBOM generation tool, covering supported formats, language ecosystems, container scanning, and integration patterns.

Jun 8, 20236 min read
Tool Reviews

Black Duck SCA: The Enterprise Stalwart of Open Source Security

A review of Synopsys Black Duck for software composition analysis, covering its strengths in license compliance, vulnerability detection, and enterprise governance.

Apr 15, 20235 min read
Tool Reviews — Supply Chain Security Blog | Safeguard