Safeguard
Tag

static-analysis

Safeguard articles tagged "static-analysis" — guides, analysis, and best practices for software supply chain and application security.

106 articles

Application Security

How Snyk Code performs interprocedural data-flow analysis...

How Snyk Code tracks tainted data across function and file boundaries using call-graph summaries, taint propagation, and hybrid symbolic AI rules.

Sep 14, 20258 min read
Application Security

How Snyk Code models control flow to catch race condition...

A mechanical look at how Snyk Code builds control flow and data flow graphs to trace paths that produce race conditions and null pointer dereferences.

Sep 13, 20257 min read
Application Security

How Snyk Code distinguishes sanitizers from insecure sour...

How Snyk Code's taint-tracking engine tells sanitizers apart from insecure sources and sinks, and where the source-sink-sanitizer model still needs human review.

Sep 13, 20258 min read
Application Security

Why Snyk Code's semantic approach produces fewer false po...

Snyk Code cuts SAST false positives using semantic analysis: AST/data-flow graphs plus ML trained on real code, not regex patterns. Here is how the mechanics work.

Sep 13, 20257 min read
Application Security

How Snyk Code detects SQL injection vulnerabilities step ...

A mechanical, publicly-documented look at how Snyk Code's symbolic analysis and ML model trace source-to-sink data flow to detect SQL injection vulnerabilities.

Sep 13, 20258 min read
Application Security

How Snyk Code detects cross-site scripting (XSS) through ...

How Snyk Code's taint analysis traces untrusted input from source to sink to flag reflected, DOM-based, and stored XSS with fewer false positives.

Sep 12, 20257 min read
Application Security

How Snyk Code identifies hardcoded secrets and credential...

A technical look at how Snyk Code's static analysis engine detects hardcoded API keys, tokens, and credentials in source code — and where source-code scanning alone falls short.

Sep 12, 20257 min read
Application Security

How Snyk Code's security rule sets are structured and ver...

A technical look at how Snyk Code structures, scores, and versions its SAST rules — from the DeepCode AI engine to CWE mapping and custom rule bundles.

Sep 12, 20258 min read
Application Security

How Snyk Code scans multi-language monorepos in a single ...

Snyk Code scans multi-language monorepos in a single pass by parsing source files directly into a shared internal representation, no build step required.

Sep 12, 20258 min read
Application Security

How Snyk Code visualizes a vulnerability's data-flow path...

A mechanical look at how Snyk Code traces and visualizes a vulnerability's taint path from source to sink, step by step, inside its developer UI.

Sep 11, 20258 min read
AppSec

Reading a SAST Report: Findings, Traces, and Triage

A SAST report is a list of claims, not a list of bugs. How to read data-flow traces, judge severity honestly, and run a triage workflow that keeps the queue moving.

Sep 9, 20256 min read
Application Security

How Snyk Code's detection differs across Java, JavaScript...

Snyk Code applies one hybrid AI-plus-symbolic engine to ten languages, but rule depth, autofix coverage, and taint tracking vary widely by language.

Sep 9, 20258 min read
static-analysis (Page 6) — Safeguard Blog