Safeguard
Tag

code-review

Safeguard articles tagged "code-review" — guides, analysis, and best practices for software supply chain and application security.

45 articles

AI Security

LLM-Augmented Bug Discovery Methodology

A practitioner's methodology for using LLMs to augment — not replace — traditional bug discovery workflows, with patterns that hold up under real review load.

Feb 25, 20259 min read
Open Source Security

Auditing Rust unsafe Code at Scale

How to actually audit unsafe blocks across a large Rust dependency graph without drowning in false positives or miss real issues.

Nov 18, 20247 min read
Compliance

Types of Security Audits, Explained

There isn't one kind of security audit — compliance audits, penetration tests, code audits, and architecture reviews all answer different questions and require different evidence.

May 14, 20245 min read
Organizational Security

Open-Source Contribution Security Guide

How to contribute to open-source projects without introducing security vulnerabilities, and how to evaluate the security posture of projects you contribute to.

Apr 12, 20247 min read
AppSec

Auditing AI-Generated Code: A Practical Security Guide

AI code generation tools are producing millions of lines of code daily. Here is a practical framework for auditing AI-generated code for security vulnerabilities and supply chain risks.

Jan 25, 20246 min read
Software Supply Chain Security

How to Security Audit an Open Source Project Before Adoption

Adopting an open source dependency is a trust decision. This guide provides a structured methodology for evaluating the security posture of open source projects before adding them to your supply chain.

Jan 15, 20246 min read
AI Security

AI Code Review for Security: How Effective Is It Really?

AI-powered code review tools promise to catch vulnerabilities faster than humans. We tested the claims against reality.

Jan 5, 20246 min read
Best Practices

Security Code Review Best Practices

How to make code reviews an effective security checkpoint without turning every PR into a week-long security audit.

Mar 10, 20236 min read
Supply Chain Attacks

Malicious GitHub Commits: The Overlooked Supply Chain Attack Vector

Attackers can impersonate any committer on GitHub, inject malicious code through PRs, and exploit lax review processes. Here's the risk.

Aug 20, 20227 min read
code-review (Page 4) — Safeguard Blog