application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
How Snyk Code suppressions and in-file ignore annotations...
How Snyk Code's in-file ignore annotations and UI-based suppressions work mechanically, from fingerprinting to Consistent Ignores, and where governance gaps appear.
How Snyk Code's incremental scanning speeds up repeated s...
Snyk Code speeds up repeat SAST scans on large codebases by re-analyzing only changed files instead of the whole repository each time.
How Snyk Agent Fix uses dynamic few-shot prompting to gen...
How Snyk Agent Fix uses dynamic few-shot prompting and a 35,000-example database to generate, validate, and iteratively repair AI-generated code fixes.
Why Snyk Agent Fix scopes fixes to a single file, and wha...
Snyk Agent Fix patches one file per finding. Here's why that scope exists, which vulnerability classes need multi-file fixes, and how to catch what a single-file patch leaves behind.
Reading a SAST Report: Findings, Traces, and Triage
A SAST report is a list of claims, not a list of bugs. How to read data-flow traces, judge severity honestly, and run a triage workflow that keeps the queue moving.
How Snyk Code's detection differs across Java, JavaScript...
Snyk Code applies one hybrid AI-plus-symbolic engine to ten languages, but rule depth, autofix coverage, and taint tracking vary widely by language.
How Snyk Code integrates with GitHub Advanced Security th...
A technical walkthrough of how Snyk Code's SARIF output is generated, uploaded, and deduplicated inside GitHub Advanced Security's code scanning pipeline.
How Snyk Code's confidence scoring separates high-confide...
How Snyk Code's confidence scoring works under the hood, and why "high confidence" and "severity" are not the same axis for triage.
How Snyk Code analyzes API usage patterns to catch insecu...
A technical look at how Snyk Code's symbolic engine and taint tracking flag insecure API calls like weak crypto, XXE, and SSRF before code ships.
How Snyk Code detects path traversal vulnerabilities thro...
How Snyk Code uses interprocedural data-flow tracing—not regex matching—to catch path traversal (CWE-22) by connecting tainted sources to file-system sinks.
How Snyk Code's duplicate and similar-code detection supp...
Snyk Code once shipped duplicate and similar-code detection under its Code Quality rules. Here's how it worked, and what its 2025 retirement means for teams.
How 'Vibe Coding' Culture Is Reshaping Application Securi...
AI-assisted "vibe coding" is reshaping how much code ships and how little of it gets truly reviewed. Here's what the data shows and how AppSec teams should respond.