Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Application Security

Vulnerability assessment vs. penetration testing

Vulnerability assessment and penetration testing solve different problems. Here's how Safeguard's supply chain approach compares to Checkmarx's AppSec platform.

Jun 28, 20267 min read
Application Security

API security and the rise of shadow/zombie APIs

Shadow and zombie APIs caused breaches at Optus, T-Mobile, and Peloton. Here's why code-scanning tools miss them and what API security best practices actually work.

Jun 26, 20267 min read
DevSecOps

DevSecOps and CI/CD pipeline security

CI/CD pipelines are now a prime attack surface. Here's what Checkmarx's SAST-first approach misses, and how Safeguard secures the full pipeline.

Jun 24, 20267 min read
Application Security

What is Static Application Security Testing (SAST)

SAST scans source code for flaws before deployment. Learn how it works, where Checkmarx-style tools fall short on supply chain risk, and how Safeguard closes the gap.

Jun 23, 20268 min read
Application Security

Interactive Application Security Testing (IAST) explained

IAST tests applications from the inside while they run, catching flaws SAST and DAST miss alone. Here's how it works, how Checkmarx uses it, and where gaps remain.

Jun 23, 20268 min read
Application Security

Web Application Security Standards overview

A breakdown of OWASP, NIST SSDF, and PCI DSS 4.0 web application security standards, where Veracode's scanning model covers them, and where supply-chain gaps remain.

Jun 20, 20267 min read
Application Security

OWASP Testing Tools and Methodology

OWASP testing tools cover the methodology; Veracode wraps part of it commercially. Neither was built for supply chain risk — here's where the gaps are and how to close them.

Jun 20, 20267 min read
Industry Events

Where Defenders Should Be: The H2 2026 Cybersecurity Conference Calendar

A preview of the major H2 2026 security events — Black Hat USA, DEF CON 34, USENIX Security — and the agentic AI security and supply chain themes that will dominate the agendas.

Jun 19, 20267 min read
AI Security

AI Code Security Tools: risks of restricting them

Banning AI coding assistants doesn't remove the risk, it just removes visibility. Here's why restriction backfires and what actually secures AI-generated code.

Jun 19, 20267 min read
Industry Events

Hacker Summer Camp 2026 Survival Guide: OPSEC for Black Hat, DEF CON 34 and BSides

A practical, opinionated field guide to surviving Hacker Summer Camp in Las Vegas this August — device hygiene, network OPSEC, talk selection, and pacing — with a preview of the AI agent and supply chain themes likely to dominate the floor.

Jun 18, 20267 min read
Compliance

FedRAMP Moderate authorization and AppSec controls

Veracode's FedRAMP Moderate authorization is a procurement accelerant, not proof of AppSec efficacy. Here's what the badge covers, what it doesn't, and what federal buyers should verify.

Jun 18, 20267 min read
Industry Events

Black Hat Arsenal 2026 Preview: The Agentic AI and Supply-Chain Tools to Watch

Black Hat USA 2026 runs August 1–6 at Mandalay Bay, with Arsenal August 4–6. Here is an honest preview of the open-source tool categories worth your time — and how to tell signal from demo-day hype.

Jun 17, 20267 min read
software-supply-chain (Page 3) — Safeguard Blog