Tools
In-depth guides and analysis on tools from the Safeguard engineering team.
50 articles
Best SBOM Generators Ranked by Accuracy 2026
Syft, Trivy, cdxgen, and Microsoft sbom-tool measured against known dependency ground truth across four ecosystems. The accuracy spread is wider than you think.
Best Kubernetes Admission Controllers for Supply Chain Security
Kyverno, OPA Gatekeeper, Sigstore policy-controller, Ratify, or plain CEL? A field guide to admission controllers that actually block unsigned and vulnerable images.
GitHub Advanced Security vs Snyk vs Safeguard 2026
A side-by-side evaluation of GHAS, Snyk, and Safeguard across SCA depth, reachability, SBOM, policy gating, and the operational realities of running each at scale.
Renovate 2026: Security-Only Mode and OSV Alerts Tested
Renovate's 2026 security presets, OSV-based vulnerability alerts, and 14-day minimum release age combine into a defensible auto-update posture. We tested it on a 240-repo org.
Swift Static Analysis Tools for Security 2026
A 2026 survey of static analysis tools for Swift focused on security findings: what works, what does not, and where the iOS and server-side gaps remain.
Snyk vs Veracode 2026 Buyer Guide
A hands-on comparison of Snyk and Veracode in 2026: developer experience, scan accuracy, SCA depth, SAST tradeoffs, and where each tool actually earns its license cost.
Best Free Security Tools for Bootstrapped Startups in 2026
A zero-budget security stack that actually covers the top risks: SCA, secrets scanning, SAST, container scanning, and DAST — plus what each free tool won't do.
Grype v0.108 Release Notes Walkthrough
Anchore's Grype shipped v0.108.0 in late 2025 with the new vulnerability database v6 schema, distroless support fixes, and a tightened CPE matcher.
How deepfake fraud detection tools identify synthetic med...
A buyer's guide to real-time deepfake fraud detection tools: evaluation criteria, an honest comparison of six named vendors, and where Safeguard fits in.
Trivy v0.69 Release Deep Dive
Aqua's Trivy hit v0.69 in late 2025 with VEX-by-default scanning, ArtifactID/ReportID provenance fields, and faster misconfig scanning. We test the upgrade on a 1.2GB image.
Semgrep Community Fall 2025: Native Windows and 3x Multicore
Semgrep's Fall 2025 Community Edition ships native Windows binaries, a memory-efficient multicore engine, and up to 3x scan speedups. We benchmarked it.
Cosign v2.6: New Bundle Format and Trusted Root
Sigstore's Cosign v2.6 unlocks offline verification, in-toto statement signing, and trusted-root portability. We walk through the new --new-bundle-format flag end-to-end.