appsec
Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.
339 articles
PCI DSS compliance for application security teams
PCI DSS 4.0's software inventory rules are enforced since March 2025. Here's why scanner-only tools like Checkmarx miss Requirements 6.3.2, 6.4.3, and 11.6.1.
Securing AI coding assistants (Claude Code, Copilot, etc.)
AI coding assistants like Claude Code and Copilot introduce new supply chain risks. Here's what's actually going wrong and how to secure your pipeline.
What is AI Code Remediation?
AI code remediation turns vulnerability findings into ready-to-merge patches. Here's how it works, where Veracode's approach falls short, and how Safeguard closes the gap.
OWASP Testing Tools and Methodology
OWASP testing tools cover the methodology; Veracode wraps part of it commercially. Neither was built for supply chain risk — here's where the gaps are and how to close them.
FedRAMP Moderate authorization and AppSec controls
Veracode's FedRAMP Moderate authorization is a procurement accelerant, not proof of AppSec efficacy. Here's what the badge covers, what it doesn't, and what federal buyers should verify.
SOC 2 Type II reporting for AppSec vendors and buyers
A SOC 2 Type II badge isn't enough due diligence for AppSec vendors. Here's what to actually check in the report—scope, exceptions, and subservice carve-outs—before you trust one.
Why a Customer Trust Center matters for vendor risk reviews
Vendor security reviews stall without a live trust center. See what appsec teams check, how Veracode approaches transparency, and how Safeguard's trust center speeds reviews.
Building Securely with AI (secure AI-assisted development)
AI coding assistants ship code fast — Veracode found 45% of AI-generated code contains security flaws. Here's what secure AI-assisted development actually requires.
Static analysis (SAST) tool buyer's guide
A concrete, checkable buyer's guide comparing Safeguard and Black Duck on SAST analysis architecture, taint-tracking depth, reachability-driven triage, and unified findings data models.
Enterprise AppSec risk management at scale
Black Duck built its platform on decades of license-compliance SCA and acquired tools. Safeguard built a unified, reachability-aware supply-chain risk platform from day one.
Introducing Agentic Development Security (ADS)
As AI agents now author up to half of production commits, Safeguard introduces Agentic Development Security (ADS) — a new framework for securing autonomous coding.
Best DAST Tools in 2026: Web, API, and CI/CD Scanning Compared
An honest guide to the best DAST tools in 2026 — from OWASP ZAP and Burp Suite to Invicti, StackHawk, and Escape — with clear guidance on which fits web apps, APIs, and CI/CD-native pipelines, and where DAST stops and supply chain security begins.