Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Application Security

How GitHub used secret scanning to reach 'inbox zero' on ...

GitHub spent nine months clearing 20,000+ secret scanning alerts across 15,000 repos, finding 90% were noise. Here's how they beat alert fatigue, and how Safeguard automates it.

Jul 1, 20267 min read
Application Security

Reducing false positives in secret scanning with context-...

Regex-based secret scanners like GitHub Advanced Security flood teams with false positives. Here's how context-aware LLM reasoning cuts the noise without missing real leaked credentials.

Jul 1, 20267 min read
Product

GitHub Advanced Security for Azure DevOps: general availa...

GitHub Advanced Security for Azure DevOps hit GA on June 1, 2023 at $49/committer/month. Here's what it covers, what it misses, and how Safeguard fills the gaps.

Jun 30, 20267 min read
Application Security

DAST vs SAST vs IAST: choosing the right testing method

SAST, DAST, and IAST each test different things. Here's how Checkmarx positions its platform, and where Safeguard's supply chain approach fits alongside it.

Jun 28, 20268 min read
Application Security

False positives vs. false negatives in security scanning

False positives waste engineering time; false negatives cause breaches. A verifiable, metrics-based look at how Safeguard and Checkmarx approach scan accuracy.

Jun 28, 20267 min read
Application Security

Vulnerability assessment vs. penetration testing

Vulnerability assessment and penetration testing solve different problems. Here's how Safeguard's supply chain approach compares to Checkmarx's AppSec platform.

Jun 28, 20267 min read
Application Security

API security and the rise of shadow/zombie APIs

Shadow and zombie APIs caused breaches at Optus, T-Mobile, and Peloton. Here's why code-scanning tools miss them and what API security best practices actually work.

Jun 26, 20267 min read
Application Security

Secrets detection and remediation best practices

Leaked API keys still cause breaches within minutes. Here's how secrets detection and remediation should work in practice, and where scanner-only tools fall short.

Jun 26, 20268 min read
Compliance

HIPAA requirements and application security

HIPAA's Security Rule ties ePHI protection to application security, but scanner tools like Checkmarx rarely map findings to 45 CFR safeguards. Here's what compliance teams actually need.

Jun 25, 20267 min read
DevSecOps

Reducing developer friction in AppSec adoption

Why traditional SAST tooling like Checkmarx creates developer friction, what it costs engineering teams, and how to build developer experience application security that ships.

Jun 24, 20268 min read
Application Security

What is Static Application Security Testing (SAST)

SAST scans source code for flaws before deployment. Learn how it works, where Checkmarx-style tools fall short on supply chain risk, and how Safeguard closes the gap.

Jun 23, 20268 min read
Application Security

Interactive Application Security Testing (IAST) explained

IAST tests applications from the inside while they run, catching flaws SAST and DAST miss alone. Here's how it works, how Checkmarx uses it, and where gaps remain.

Jun 23, 20268 min read
application-security (Page 16) — Safeguard Blog