Safeguard
Tag

software-supply-chain-security

Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

494 articles

Application Security

Application Security: The Complete Guide

What is application security? A concrete guide covering AppSec fundamentals, OWASP Top 10 risks, supply chain threats, and how Safeguard fills the gaps legacy tools like Veracode leave open.

Jun 21, 202612 min read
AI Security

What is AI Code Remediation?

AI code remediation turns vulnerability findings into ready-to-merge patches. Here's how it works, where Veracode's approach falls short, and how Safeguard closes the gap.

Jun 21, 20267 min read
AI Security

What is Vibe Coding (and its security risk)?

Vibe coding lets AI write your app while you skip the review. Veracode found 45% of AI-generated code is vulnerable. Here's the risk, and how Safeguard closes the gap.

Jun 21, 20267 min read
Compliance

Application Security Compliance overview (PCI DSS, HIPAA,...

PCI DSS 4.0, GDPR, FedRAMP, SOC 2, ISO 27001, NIST 800-53, and DORA now demand application-layer evidence. Here is what each requires and where scanner-only tools fall short.

Jun 19, 20268 min read
Compliance

Achieving PCI DSS compliance through AppSec testing

PCI DSS 4.0 made application security testing mandatory, not optional. Here's what auditors check, where scanner-only programs fail, and how to close the gaps.

Jun 18, 20267 min read
Compliance

DORA (Digital Operational Resilience Act) and code-level ...

DORA turns code-level and open-source risk into a regulatory obligation. Here's what dora compliance software security actually requires, and where tools like Veracode fall short.

Jun 18, 20267 min read
Compliance

ISO 27001/27002 mapping for application security controls

ISO 27001:2022 maps 10+ Annex A controls directly to secure development. Here's how to evidence them, and where SAST-only tools like Veracode fall short.

Jun 17, 20267 min read
Application Security

Breaking free from alert fatigue in AppSec

Veracode-style scanners flood AppSec teams with thousands of unranked alerts. Here's why appsec alert fatigue happens, what it costs, and how reachability-based triage fixes it.

Jun 16, 20268 min read
Industry Analysis

The hidden cost of surface-level code security

Legacy SAST/SCA scanning piles up findings without context, quietly building code security debt whose hidden cost shows up in engineering hours, audits, and breaches.

Jun 16, 20267 min read
AI Security

Slopsquatting: When AI Hallucinates Package Names

LLMs invent plausible package names; attackers register them and wait. How slopsquatting works, why hallucinations repeat predictably, and the gates that stop it.

Jun 14, 20266 min read
AI Security

Securing LangChain and LlamaIndex Applications in Production

Agent frameworks ship fast and patch fast. The CVE history, the dangerous defaults, and a production hardening baseline for LangChain and LlamaIndex apps.

Jun 14, 20266 min read
Buyer's Guides

DAST tool buyer's guide

How Safeguard's unified, defensive-only DAST compares to Black Duck's WhiteHat-derived module on correlation, safety controls, and deployment for regulated teams.

Jun 14, 20268 min read
software-supply-chain-security (Page 7) — Safeguard Blog