sast
Safeguard articles tagged "sast" — guides, analysis, and best practices for software supply chain and application security.
267 articles
Source Code Security Scanning Programs That Scale
A source code security scanning program that works for 20 repos usually breaks at 200 — here's how to design one that scales with the number of teams, not just the number of scans.
How Snyk approaches securing AI-generated code from codin...
A technical look at how Snyk's DeepCode AI engine, Agent Fix, and Snyk Studio MCP server scan and govern code from AI coding assistants like Claude Code and Cursor.
How Snyk's JetBrains plugin family supports IntelliJ, PyC...
A mechanical look at how Snyk ships one JetBrains plugin across IntelliJ, PyCharm, WebStorm, GoLand, and Rider using a shared platform and backend scan engine.
How Snyk's Eclipse plugin integrates open source and code...
A mechanical look at how Snyk's Eclipse plugin surfaces open source and code scan findings as native markers in the IDE's Problems view.
How the Snyk CLI generates SARIF output for GitHub code s...
A technical walkthrough of how the Snyk CLI serializes scan results into SARIF 2.1.0 and how GitHub code scanning ingests them into Security tab alerts.
The Hidden Risk of Copy-Pasted Code Snippets from Forums ...
Copy-pasted code from Stack Overflow and AI chats often ships with hidden vulnerabilities. Here's the data behind the risk, real breaches it caused, and how to catch it.
Model Training Data and the Propagation of Insecure Codin...
LLM coding assistants inherit insecure patterns from their training data — from SQLi-prone snippets to hallucinated packages attackers exploit. Here's how the risk propagates.
Static vs Dynamic Code Analysis: The Real Tradeoffs
Static analysis reads code without running it; dynamic analysis watches an application behave — the real question isn't which is better, it's which gap each one leaves open.
The Quiet Consolidation of SCA, SAST, and Container Scann...
A wave of PE buyouts and platform acquisitions is quietly folding SCA, SAST, and container scanning into fewer, bigger AppSec platforms. Here's what's driving it.
Application Vulnerability Assessment: Scope, Method, and Reporting
Most assessment reports die unread because scope was fuzzy and findings were not verified. A working method for assessments that end in shipped fixes.
Code Scanning Tools: SAST, Secrets, and Linters Compared
SAST tools, secret scanners, and linters all read your source code but catch entirely different classes of problems — here's how to tell them apart and stack them correctly.
Application Security Testing Tools: SAST, DAST, IAST, and SCA Compared
Four scanner families see four different slices of your risk. What SAST, DAST, IAST, and SCA each catch and miss, and how to sequence them in CI without drowning developers.