Safeguard
Tag

sast

Safeguard articles tagged "sast" — guides, analysis, and best practices for software supply chain and application security.

267 articles

Application Security

How Snyk Code detects SQL injection vulnerabilities step ...

A mechanical, publicly-documented look at how Snyk Code's symbolic analysis and ML model trace source-to-sink data flow to detect SQL injection vulnerabilities.

Sep 13, 20258 min read
Application Security

How Snyk Code detects cross-site scripting (XSS) through ...

How Snyk Code's taint analysis traces untrusted input from source to sink to flag reflected, DOM-based, and stored XSS with fewer false positives.

Sep 12, 20257 min read
Application Security

How Snyk Code identifies hardcoded secrets and credential...

A technical look at how Snyk Code's static analysis engine detects hardcoded API keys, tokens, and credentials in source code — and where source-code scanning alone falls short.

Sep 12, 20257 min read
Application Security

How Snyk Code's security rule sets are structured and ver...

A technical look at how Snyk Code structures, scores, and versions its SAST rules — from the DeepCode AI engine to CWE mapping and custom rule bundles.

Sep 12, 20258 min read
Application Security

How Snyk Code scans multi-language monorepos in a single ...

Snyk Code scans multi-language monorepos in a single pass by parsing source files directly into a shared internal representation, no build step required.

Sep 12, 20258 min read
Application Security

What triggers a Snyk Code scan in the IDE: save, open, an...

A mechanical breakdown of when Snyk Code scans fire in the IDE — on open, on save, and on manual command — and how each trigger affects scan scope and speed.

Sep 11, 20258 min read
Application Security

How Snyk Code's PR and MR checks block merges on newly in...

A mechanical look at how Snyk Code's pull and merge request checks isolate net-new vulnerabilities from pre-existing debt and gate merges on policy.

Sep 11, 20257 min read
Application Security

How Snyk Code visualizes a vulnerability's data-flow path...

A mechanical look at how Snyk Code traces and visualizes a vulnerability's taint path from source to sink, step by step, inside its developer UI.

Sep 11, 20258 min read
Application Security

How Snyk Code differentiates Security issues from Code Qu...

Snyk Code splits every finding into a security vulnerability or a code quality issue. Here's how that classification actually works under the hood, and why the split matters for triage.

Sep 11, 20257 min read
Application Security

How Snyk Code suppressions and in-file ignore annotations...

How Snyk Code's in-file ignore annotations and UI-based suppressions work mechanically, from fingerprinting to Consistent Ignores, and where governance gaps appear.

Sep 10, 20257 min read
Application Security

How Snyk Code's incremental scanning speeds up repeated s...

Snyk Code speeds up repeat SAST scans on large codebases by re-analyzing only changed files instead of the whole repository each time.

Sep 10, 20257 min read
Application Security

How Snyk Agent Fix uses dynamic few-shot prompting to gen...

How Snyk Agent Fix uses dynamic few-shot prompting and a 35,000-example database to generate, validate, and iteratively repair AI-generated code fixes.

Sep 10, 20257 min read
sast (Page 17) — Safeguard Blog