Safeguard
Tag

static-analysis

Safeguard articles tagged "static-analysis" — guides, analysis, and best practices for software supply chain and application security.

106 articles

Application Security

What is Semantic Code Analysis

Semantic code analysis traces how data actually flows through code to find real vulnerabilities — cutting false positives that plague pattern-matching SAST tools.

Feb 2, 20265 min read
Open Source Security

Auditing Elixir and Phoenix apps with mix_audit and Sobelow

A hands-on mix_audit Sobelow tutorial for scanning Elixir and Phoenix apps: dependency audits, static analysis, CI wiring, and triage tips.

Feb 1, 20267 min read
Application Security

What is the CERT Secure Coding Standard

CERT secure coding standards give C, C++, and Java developers rule-by-rule guidance — with IDs, risk scores, and fix patterns — for avoiding exploitable bugs.

Jan 29, 20261 min read
Tools

Swift Static Analysis Tools for Security 2026

A 2026 survey of static analysis tools for Swift focused on security findings: what works, what does not, and where the iOS and server-side gaps remain.

Jan 22, 20265 min read
Architecture

Inside Safeguard's Reachability Engine

A deep look at how Safeguard's reachability engine combines call graph construction, symbolic analysis, and runtime evidence to reduce vulnerability noise by an order of magnitude.

Jan 18, 20268 min read
AppSec

SAST Tools: A Shortlist Worth Evaluating

A working sast tools list should separate what free sast tools handle well from what only becomes worthwhile once you're paying for language coverage, tuning, and CI/CD depth.

Jan 14, 20265 min read
Buyer's Guides

Best SAST tools for enterprise applications

A practical buyer's guide comparing top SAST tools for enterprise apps -- strengths, limitations, and how Safeguard unifies findings across your pipeline.

Nov 17, 20258 min read
AppSec

The Benefits of Using SAST Tools During Code Review

The real benefit of using SAST tools during code review isn't finding more bugs than a human reviewer — it's finding the specific bugs humans consistently miss, before merge.

Nov 12, 20256 min read
Comparisons

Fortify Scan vs Modern SAST Tools: What Changed

A Fortify scan still catches classic code-level flaws well, but the SAST category has moved toward faster feedback and reachability-aware prioritization since Fortify's architecture was designed.

Nov 4, 20255 min read
AppSec

Source Code Analysis Tools: SAST, Linters, and Semantic Engines

Not all source code analysis tools do the same job. Linters, pattern-based SAST, and semantic dataflow engines catch different bug classes, and mixing them up wastes budget.

Sep 16, 20256 min read
Application Security

How Snyk Code's semantic analysis engine builds a code mo...

A mechanical look at how Snyk Code's semantic analysis engine parses source into a code model, tracks data flow across files, and prioritizes vulnerability findings.

Sep 14, 20257 min read
Application Security

How taint analysis works in Snyk Code: tracking data from...

Snyk Code traces untrusted data from source to sink using interprocedural static analysis and ML ranking. Here's how the taint-tracking mechanics work.

Sep 14, 20258 min read
static-analysis (Page 5) — Safeguard Blog