static-analysis
Safeguard articles tagged "static-analysis" — guides, analysis, and best practices for software supply chain and application security.
106 articles
What is Semantic Code Analysis
Semantic code analysis traces how data actually flows through code to find real vulnerabilities — cutting false positives that plague pattern-matching SAST tools.
Auditing Elixir and Phoenix apps with mix_audit and Sobelow
A hands-on mix_audit Sobelow tutorial for scanning Elixir and Phoenix apps: dependency audits, static analysis, CI wiring, and triage tips.
What is the CERT Secure Coding Standard
CERT secure coding standards give C, C++, and Java developers rule-by-rule guidance — with IDs, risk scores, and fix patterns — for avoiding exploitable bugs.
Swift Static Analysis Tools for Security 2026
A 2026 survey of static analysis tools for Swift focused on security findings: what works, what does not, and where the iOS and server-side gaps remain.
Inside Safeguard's Reachability Engine
A deep look at how Safeguard's reachability engine combines call graph construction, symbolic analysis, and runtime evidence to reduce vulnerability noise by an order of magnitude.
SAST Tools: A Shortlist Worth Evaluating
A working sast tools list should separate what free sast tools handle well from what only becomes worthwhile once you're paying for language coverage, tuning, and CI/CD depth.
Best SAST tools for enterprise applications
A practical buyer's guide comparing top SAST tools for enterprise apps -- strengths, limitations, and how Safeguard unifies findings across your pipeline.
The Benefits of Using SAST Tools During Code Review
The real benefit of using SAST tools during code review isn't finding more bugs than a human reviewer — it's finding the specific bugs humans consistently miss, before merge.
Fortify Scan vs Modern SAST Tools: What Changed
A Fortify scan still catches classic code-level flaws well, but the SAST category has moved toward faster feedback and reachability-aware prioritization since Fortify's architecture was designed.
Source Code Analysis Tools: SAST, Linters, and Semantic Engines
Not all source code analysis tools do the same job. Linters, pattern-based SAST, and semantic dataflow engines catch different bug classes, and mixing them up wastes budget.
How Snyk Code's semantic analysis engine builds a code mo...
A mechanical look at how Snyk Code's semantic analysis engine parses source into a code model, tracks data flow across files, and prioritizes vulnerability findings.
How taint analysis works in Snyk Code: tracking data from...
Snyk Code traces untrusted data from source to sink using interprocedural static analysis and ML ranking. Here's how the taint-tracking mechanics work.