software-supply-chain-security
Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
494 articles
Application Security: The Complete Guide
What is application security? A concrete guide covering AppSec fundamentals, OWASP Top 10 risks, supply chain threats, and how Safeguard fills the gaps legacy tools like Veracode leave open.
What is AI Code Remediation?
AI code remediation turns vulnerability findings into ready-to-merge patches. Here's how it works, where Veracode's approach falls short, and how Safeguard closes the gap.
What is Vibe Coding (and its security risk)?
Vibe coding lets AI write your app while you skip the review. Veracode found 45% of AI-generated code is vulnerable. Here's the risk, and how Safeguard closes the gap.
Application Security Compliance overview (PCI DSS, HIPAA,...
PCI DSS 4.0, GDPR, FedRAMP, SOC 2, ISO 27001, NIST 800-53, and DORA now demand application-layer evidence. Here is what each requires and where scanner-only tools fall short.
Achieving PCI DSS compliance through AppSec testing
PCI DSS 4.0 made application security testing mandatory, not optional. Here's what auditors check, where scanner-only programs fail, and how to close the gaps.
DORA (Digital Operational Resilience Act) and code-level ...
DORA turns code-level and open-source risk into a regulatory obligation. Here's what dora compliance software security actually requires, and where tools like Veracode fall short.
ISO 27001/27002 mapping for application security controls
ISO 27001:2022 maps 10+ Annex A controls directly to secure development. Here's how to evidence them, and where SAST-only tools like Veracode fall short.
Breaking free from alert fatigue in AppSec
Veracode-style scanners flood AppSec teams with thousands of unranked alerts. Here's why appsec alert fatigue happens, what it costs, and how reachability-based triage fixes it.
The hidden cost of surface-level code security
Legacy SAST/SCA scanning piles up findings without context, quietly building code security debt whose hidden cost shows up in engineering hours, audits, and breaches.
Slopsquatting: When AI Hallucinates Package Names
LLMs invent plausible package names; attackers register them and wait. How slopsquatting works, why hallucinations repeat predictably, and the gates that stop it.
Securing LangChain and LlamaIndex Applications in Production
Agent frameworks ship fast and patch fast. The CVE history, the dangerous defaults, and a production hardening baseline for LangChain and LlamaIndex apps.
DAST tool buyer's guide
How Safeguard's unified, defensive-only DAST compares to Black Duck's WhiteHat-derived module on correlation, safety controls, and deployment for regulated teams.