code-review
Safeguard articles tagged "code-review" — guides, analysis, and best practices for software supply chain and application security.
45 articles
How to configure GitHub branch protection rules
A practical guide to configuring GitHub branch protection rules — required reviews, status checks, and security settings that keep your main branch safe.
Copilot Code Review Security: What It Misses
Copilot's code review is useful. It is also not a security review, and treating it as one is how vulnerabilities ship. Here is what it actually catches.
The Benefits of Using SAST Tools During Code Review
The real benefit of using SAST tools during code review isn't finding more bugs than a human reviewer — it's finding the specific bugs humans consistently miss, before merge.
OWASP Secure Coding Practices: A Working Checklist
OWASP secure coding practices boil down to a handful of checks that catch most real-world vulnerabilities — here's the checklist teams actually use, not the full 200-item reference.
GenAI Code Review Tools: A 2025 Field Test
We field-tested five GenAI code review tools against 240 seeded security defects to see which catch real issues and which hallucinate findings.
How 'Vibe Coding' Culture Is Reshaping Application Securi...
AI-assisted "vibe coding" is reshaping how much code ships and how little of it gets truly reviewed. Here's what the data shows and how AppSec teams should respond.
Do Code Review Practices Need to Change When Half the Cod...
AI now writes up to half of production code. Here is why traditional code review breaks down on AI output, and what teams need to change.
The False Sense of Security Effect in AI-Assisted Develop...
AI coding assistants make developers write faster and trust more — even when the code is less secure. Here's what the data shows, and how to close the gap.
The Generational Divide in Attitudes Toward AI-Assisted C...
Younger developers trust AI-generated code far more than senior engineers do. That gap decides who reviews a PR before a vulnerability ships — and it's already showing up in real breaches.
Applying Git Patches Safely
Knowing how to apply a patch in git without breaking your working tree takes more than running git apply once and hoping for the best.
Secure Code Review: A Practical Checklist
Secure code reviews catch a different category of bug than functional code review, and having a repeatable checklist keeps reviewers from relying on memory for the same handful of recurring flaws.
Finding Vulnerabilities in Source Code: A Practical Method
A concrete, repeatable method for finding vulnerabilities in source code — combining static analysis, dependency scanning, and manual review without drowning your team in false positives.