application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
How Snyk Code models control flow to catch race condition...
A mechanical look at how Snyk Code builds control flow and data flow graphs to trace paths that produce race conditions and null pointer dereferences.
How Snyk Code distinguishes sanitizers from insecure sour...
How Snyk Code's taint-tracking engine tells sanitizers apart from insecure sources and sinks, and where the source-sink-sanitizer model still needs human review.
Why Snyk Code's semantic approach produces fewer false po...
Snyk Code cuts SAST false positives using semantic analysis: AST/data-flow graphs plus ML trained on real code, not regex patterns. Here is how the mechanics work.
How Snyk Code detects SQL injection vulnerabilities step ...
A mechanical, publicly-documented look at how Snyk Code's symbolic analysis and ML model trace source-to-sink data flow to detect SQL injection vulnerabilities.
How Snyk Code detects cross-site scripting (XSS) through ...
How Snyk Code's taint analysis traces untrusted input from source to sink to flag reflected, DOM-based, and stored XSS with fewer false positives.
How Snyk Code identifies hardcoded secrets and credential...
A technical look at how Snyk Code's static analysis engine detects hardcoded API keys, tokens, and credentials in source code — and where source-code scanning alone falls short.
How Snyk Code's security rule sets are structured and ver...
A technical look at how Snyk Code structures, scores, and versions its SAST rules — from the DeepCode AI engine to CWE mapping and custom rule bundles.
How Snyk Code scans multi-language monorepos in a single ...
Snyk Code scans multi-language monorepos in a single pass by parsing source files directly into a shared internal representation, no build step required.
What triggers a Snyk Code scan in the IDE: save, open, an...
A mechanical breakdown of when Snyk Code scans fire in the IDE — on open, on save, and on manual command — and how each trigger affects scan scope and speed.
How Snyk Code's PR and MR checks block merges on newly in...
A mechanical look at how Snyk Code's pull and merge request checks isolate net-new vulnerabilities from pre-existing debt and gate merges on policy.
How Snyk Code visualizes a vulnerability's data-flow path...
A mechanical look at how Snyk Code traces and visualizes a vulnerability's taint path from source to sink, step by step, inside its developer UI.
How Snyk Code differentiates Security issues from Code Qu...
Snyk Code splits every finding into a security vulnerability or a code quality issue. Here's how that classification actually works under the hood, and why the split matters for triage.