Safeguard
Tag

appsec

Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.

339 articles

Compliance

PCI DSS compliance for application security teams

PCI DSS 4.0's software inventory rules are enforced since March 2025. Here's why scanner-only tools like Checkmarx miss Requirements 6.3.2, 6.4.3, and 11.6.1.

Jun 25, 20267 min read
AI Security

Securing AI coding assistants (Claude Code, Copilot, etc.)

AI coding assistants like Claude Code and Copilot introduce new supply chain risks. Here's what's actually going wrong and how to secure your pipeline.

Jun 24, 20267 min read
AI Security

What is AI Code Remediation?

AI code remediation turns vulnerability findings into ready-to-merge patches. Here's how it works, where Veracode's approach falls short, and how Safeguard closes the gap.

Jun 21, 20267 min read
Application Security

OWASP Testing Tools and Methodology

OWASP testing tools cover the methodology; Veracode wraps part of it commercially. Neither was built for supply chain risk — here's where the gaps are and how to close them.

Jun 20, 20267 min read
Compliance

FedRAMP Moderate authorization and AppSec controls

Veracode's FedRAMP Moderate authorization is a procurement accelerant, not proof of AppSec efficacy. Here's what the badge covers, what it doesn't, and what federal buyers should verify.

Jun 18, 20267 min read
Compliance

SOC 2 Type II reporting for AppSec vendors and buyers

A SOC 2 Type II badge isn't enough due diligence for AppSec vendors. Here's what to actually check in the report—scope, exceptions, and subservice carve-outs—before you trust one.

Jun 17, 20268 min read
Compliance

Why a Customer Trust Center matters for vendor risk reviews

Vendor security reviews stall without a live trust center. See what appsec teams check, how Veracode approaches transparency, and how Safeguard's trust center speeds reviews.

Jun 17, 20267 min read
AI Security

Building Securely with AI (secure AI-assisted development)

AI coding assistants ship code fast — Veracode found 45% of AI-generated code contains security flaws. Here's what secure AI-assisted development actually requires.

Jun 16, 20267 min read
Buyer's Guides

Static analysis (SAST) tool buyer's guide

A concrete, checkable buyer's guide comparing Safeguard and Black Duck on SAST analysis architecture, taint-tracking depth, reachability-driven triage, and unified findings data models.

Jun 14, 20268 min read
Application Security

Enterprise AppSec risk management at scale

Black Duck built its platform on decades of license-compliance SCA and acquired tools. Safeguard built a unified, reachability-aware supply-chain risk platform from day one.

Jun 13, 20267 min read
AI Security

Introducing Agentic Development Security (ADS)

As AI agents now author up to half of production commits, Safeguard introduces Agentic Development Security (ADS) — a new framework for securing autonomous coding.

Jun 10, 20267 min read
Buyer's Guides

Best DAST Tools in 2026: Web, API, and CI/CD Scanning Compared

An honest guide to the best DAST tools in 2026 — from OWASP ZAP and Burp Suite to Invicti, StackHawk, and Escape — with clear guidance on which fits web apps, APIs, and CI/CD-native pipelines, and where DAST stops and supply chain security begins.

Jun 6, 20268 min read
appsec (Page 8) — Safeguard Blog