Tool Reviews
In-depth guides and analysis on tool reviews from the Safeguard engineering team.
16 articles
Prisma Cloud Container Security: Palo Alto's Cloud Native Play
A review of Prisma Cloud's container and cloud workload security features, covering image scanning, runtime protection, compliance, and the Twistlock heritage.
Endor Labs SCA Review: Reachability Analysis Changes the Game
A review of Endor Labs and its reachability-based approach to software composition analysis, examining how call graph analysis reduces vulnerability noise.
Veracode SCA: Mature Application Security Meets Dependency Scanning
An overview of Veracode's SCA capabilities within their broader application security platform, covering vulnerability prioritization, agent-based scanning, and enterprise features.
SonarQube Security Scanning: Code Quality Meets Application Security
A review of SonarQube's security scanning capabilities, examining how its code quality heritage shapes its approach to vulnerability detection and taint analysis.
Wiz Cloud Security Platform: Agentless Done at Scale
An overview of Wiz's cloud security platform, covering its agentless architecture, graph-based risk analysis, and how it changed expectations for cloud security tooling.
Checkmarx SCA: Application Security from a SAST Pioneer
A review of Checkmarx SCA covering its integration with the broader Checkmarx AST platform, vulnerability detection, and exploitability analysis capabilities.
Socket.dev: Detecting Supply Chain Attacks Before They Hit
A review of Socket.dev's approach to supply chain security, focusing on behavior analysis of npm packages, install script detection, and typosquatting prevention.
Aqua Security Platform Review: Cloud Native Security Done Right
An in-depth review of the Aqua Security platform covering container security, runtime protection, Kubernetes scanning, and how it fits into a modern DevSecOps workflow.
GitHub Advanced Security: CodeQL, Dependabot, and Secret Scanning in Practice
A review of GitHub Advanced Security covering CodeQL SAST, Dependabot SCA, secret scanning, and how the integrated security experience works for development teams.
JFrog Xray: Vulnerability Scanning Built Into Your Artifact Pipeline
A review of JFrog Xray for vulnerability scanning and license compliance, covering its deep integration with Artifactory, impact analysis, and binary-level scanning.
Anchore Syft: The Go-To Open Source SBOM Generator
A thorough review of Anchore's Syft SBOM generation tool, covering supported formats, language ecosystems, container scanning, and integration patterns.
Black Duck SCA: The Enterprise Stalwart of Open Source Security
A review of Synopsys Black Duck for software composition analysis, covering its strengths in license compliance, vulnerability detection, and enterprise governance.