code-review
Safeguard articles tagged "code-review" — guides, analysis, and best practices for software supply chain and application security.
45 articles
LLM-Augmented Bug Discovery Methodology
A practitioner's methodology for using LLMs to augment — not replace — traditional bug discovery workflows, with patterns that hold up under real review load.
Auditing Rust unsafe Code at Scale
How to actually audit unsafe blocks across a large Rust dependency graph without drowning in false positives or miss real issues.
Types of Security Audits, Explained
There isn't one kind of security audit — compliance audits, penetration tests, code audits, and architecture reviews all answer different questions and require different evidence.
Open-Source Contribution Security Guide
How to contribute to open-source projects without introducing security vulnerabilities, and how to evaluate the security posture of projects you contribute to.
Auditing AI-Generated Code: A Practical Security Guide
AI code generation tools are producing millions of lines of code daily. Here is a practical framework for auditing AI-generated code for security vulnerabilities and supply chain risks.
How to Security Audit an Open Source Project Before Adoption
Adopting an open source dependency is a trust decision. This guide provides a structured methodology for evaluating the security posture of open source projects before adding them to your supply chain.
AI Code Review for Security: How Effective Is It Really?
AI-powered code review tools promise to catch vulnerabilities faster than humans. We tested the claims against reality.
Security Code Review Best Practices
How to make code reviews an effective security checkpoint without turning every PR into a week-long security audit.
Malicious GitHub Commits: The Overlooked Supply Chain Attack Vector
Attackers can impersonate any committer on GitHub, inject malicious code through PRs, and exploit lax review processes. Here's the risk.