Safeguard
Tag

static-analysis

Safeguard articles tagged "static-analysis" — guides, analysis, and best practices for software supply chain and application security.

106 articles

Application Security

How Snyk Code's confidence scoring separates high-confide...

How Snyk Code's confidence scoring works under the hood, and why "high confidence" and "severity" are not the same axis for triage.

Sep 9, 20257 min read
Application Security

How Snyk Code analyzes API usage patterns to catch insecu...

A technical look at how Snyk Code's symbolic engine and taint tracking flag insecure API calls like weak crypto, XXE, and SSRF before code ships.

Sep 8, 20257 min read
Application Security

How Snyk Code detects path traversal vulnerabilities thro...

How Snyk Code uses interprocedural data-flow tracing—not regex matching—to catch path traversal (CWE-22) by connecting tainted sources to file-system sinks.

Sep 8, 20258 min read
Application Security

How Snyk Code's duplicate and similar-code detection supp...

Snyk Code once shipped duplicate and similar-code detection under its Code Quality rules. Here's how it worked, and what its 2025 retirement means for teams.

Sep 8, 20257 min read
Container Security

How Snyk Container's static filesystem analysis avoids th...

How Snyk Container inspects image layers, package databases, and lockfiles without ever running the container — and where static filesystem analysis hits its limits.

Sep 6, 20258 min read
Cloud Security

How Snyk IaC's static analysis engine parses Terraform HC...

A technical walkthrough of how Snyk IaC parses Terraform HCL into JSON, evaluates it with OPA/Rego policies, and maps violations back to source lines.

Sep 3, 20257 min read
Comparisons

A Checkmarx Scan: What It Actually Analyzes

A breakdown of what a Checkmarx scan actually analyzes under the hood, what its static analysis engine catches well, and where teams typically add another tool alongside it.

Aug 27, 20255 min read
Industry Analysis

Why Scanning AI-Generated Code Requires Different Heurist...

AI coding assistants write fast but fail differently than humans do. Learn why scanning AI-generated code needs new heuristics for hallucinated dependencies.

Aug 9, 20258 min read
Application Security

Reachability Analysis in 2025: Separating Exploitable Vulnerabilities from Noise

Reachability analysis determines whether a vulnerable function is actually called by your application. The technology has matured from research concept to production tool. Here is how it works and where it falls short.

Jul 28, 20258 min read
AI Security

Why Traditional SAST Tools Struggle to Analyze Agentic Co...

Agentic codebases build call graphs at runtime, defeating static analysis. Here's why SAST tools miss prompt injection and tool-schema risks—and how Safeguard closes the gap.

Jul 19, 20257 min read
Comparisons

What Is Checkmarx? A Plain-English Overview

Checkmarx is one of the oldest names in static analysis, built for large enterprises with dedicated security teams. Here's what it actually does and how it stacks up.

May 27, 20254 min read
AppSec

Open Source SAST Tools Worth Evaluating

A rundown of the open source SAST tools engineering teams actually use in production, and where each one runs out of road.

May 14, 20255 min read
static-analysis (Page 7) — Safeguard Blog