developer-tools
Safeguard articles tagged "developer-tools" — guides, analysis, and best practices for software supply chain and application security.
16 articles
AI Developer Tools: Weighing Productivity Against Security and IP Exposure
NYU found 40% of Copilot-generated code contained exploitable flaws; Samsung banned ChatGPT after three leaks in under 20 days. The productivity math still isn't simple.
Griffin AI vs Gemini On-Device: Developer Tools
Gemini on-device models are fast and cheap. For the developer-tool layer, they're useful. For the engine-plus-LLM layer, on-device is not the right fit.
Cursor Enterprise Security Buyer Review 2026
An honest security buyer's review of Cursor Enterprise for 2026: data handling, model isolation, audit posture, and the gaps to negotiate before signing.
VS Code Marketplace Malware Campaigns in 2025
A senior engineer's review of the 2025 VS Code Marketplace malware wave, including typosquats, trojanized themes, and extensions that stole npm tokens at scale.
Getting Started with Safeguard IDE Extension (VS Code)
A step-by-step walkthrough for installing, configuring, and using the Safeguard VS Code extension to catch supply chain issues before you commit.
Safeguard CLI v5: Faster, Smarter, More Extensible
Safeguard CLI v5 brings a rewritten scanning engine, plugin architecture, and native CI/CD integration. Here is what is new and how to upgrade.
Safeguard Desktop App: Supply Chain Security Without the Browser Tab
Announcing the Safeguard Desktop App -- a native application for macOS, Windows, and Linux that brings SBOM management, vulnerability tracking, and policy gates to your desktop.
MCP Inspector CVE-2025-49596: Anatomy of a 9.4 RCE in Anthropic's Reference Tool
A missing auth check in MCP Inspector versions below 0.14.1 let any website pop a shell on a developer's machine. Here is the full chain and what to fix.
Safeguard IDE Extension v5: Security Feedback Where Developers Actually Work
The Safeguard IDE Extension v5 brings SBOM generation, vulnerability alerts, and policy checks directly into VS Code and JetBrains IDEs. A deep dive into what changed and why it matters.
How to Pronounce Snyk (and Other Security Tool Names People Get Wrong)
The correct answer to how to pronounce Snyk, plus a rundown of the other AppSec tool names — Nginx, Kubernetes, Grype — that trip people up in meetings.
DevEx Meets DevSecOps: Why Developer Experience Determines Security Outcomes
Security tools that developers hate get bypassed. The organizations with the best security outcomes are the ones that treat developer experience as a security requirement.
Safeguard IDE Extension: Supply Chain Intelligence in Your Editor
The Safeguard VS Code extension surfaces vulnerability data, dependency health, and policy violations directly in your editor as you write code.