sast
Safeguard articles tagged "sast" — guides, analysis, and best practices for software supply chain and application security.
267 articles
GitHub Advanced Security vs Alternatives, Early 2024
GitHub Advanced Security anchors many AppSec programs in 2024, but Snyk, Semgrep, Endor, and others are credible alternatives. Here is an honest comparison.
Semgrep vs CodeQL: Static Analysis for Security Teams
A deep comparison of Semgrep and CodeQL for static application security testing, covering rule writing, performance, language support, and practical deployment considerations.
What is IAST
IAST instruments a running application from the inside to find vulnerabilities with very low false positives. Here's how it works and how it compares to SAST and DAST.
CWE Full Form: What It Actually Stands For
CWE stands for Common Weakness Enumeration — a community-maintained taxonomy of software and hardware weakness types that CVEs, SAST tools, and OWASP guidance all reference back to.
What is Security Testing
Security testing is how teams find exploitable weaknesses before attackers do. Here's the main types — SAST, DAST, IAST, SCA, fuzzing, pentesting — and how they fit together.
AI Code Review for Security: How Effective Is It Really?
AI-powered code review tools promise to catch vulnerabilities faster than humans. We tested the claims against reality.
SonarQube Security Scanning: Code Quality Meets Application Security
A review of SonarQube's security scanning capabilities, examining how its code quality heritage shapes its approach to vulnerability detection and taint analysis.
Checkmarx SCA: Application Security from a SAST Pioneer
A review of Checkmarx SCA covering its integration with the broader Checkmarx AST platform, vulnerability detection, and exploitability analysis capabilities.
Kotlin detekt Security Rules: Catching Vulnerabilities in Kotlin Code
detekt is Kotlin's primary static analysis tool. Its security-relevant rules catch patterns that lead to vulnerabilities in Android and server-side Kotlin.
GitLab CI Security Scanning Setup
Step-by-step guide to enabling SAST, DAST, dependency scanning, and container scanning in GitLab CI pipelines.
Ruby Brakeman Security Scanner: Rails-Aware Vulnerability Detection
Brakeman understands Rails conventions and catches security issues that generic scanners miss. Here is how to use it effectively.
GitLab Ultimate Security Features: Built-In Security Done Pragmatically
A review of GitLab Ultimate's security scanning features covering SAST, DAST, dependency scanning, container scanning, and how integrated security compares to best-of-breed tools.