Safeguard
Tag

static-analysis

Safeguard articles tagged "static-analysis" — guides, analysis, and best practices for software supply chain and application security.

106 articles

AppSec

Finding Vulnerabilities in Source Code: A Practical Method

A concrete, repeatable method for finding vulnerabilities in source code — combining static analysis, dependency scanning, and manual review without drowning your team in false positives.

Mar 14, 20257 min read
AppSec

Code Security Review: Manual vs Automated, and Where They Meet

Code security review works best as a combination, not a choice — here's what automated scanning catches, what still needs a human reviewer, and how to structure both.

Feb 27, 20255 min read
Vulnerability Management

Dataflow Analysis in Modern Codebases

Dataflow analysis is the workhorse behind most vulnerability research. Here's how it adapts to TypeScript, Rust, and the polyglot realities of modern software.

Nov 18, 20248 min read
Product

Reachability Analysis: Cutting Through Vulnerability Noise

Not every vulnerability in your dependencies is exploitable. Safeguard's reachability analysis determines whether vulnerable code paths are actually invoked in your application.

Nov 1, 20246 min read
AppSec

SAST Meaning and Full Form: Static Application Security Testing Explained

SAST stands for Static Application Security Testing — analyzing source code for vulnerabilities without running it. Here is what the term means, how it works, and where it fits alongside DAST and SCA.

Oct 8, 20246 min read
Vulnerability Management

Static Analysis False-Positive Reduction

A technique-by-technique tour of how modern static analyzers cut false positives, from CodeQL's path pruning to Infer's bi-abduction.

Aug 22, 20248 min read
Application Security

SAST Tool Accuracy Benchmarks 2024: What the Data Actually Shows

Static Application Security Testing tools vary dramatically in accuracy. We analyze detection rates, false positive rates, and language coverage across leading SAST tools using standardized benchmarks.

May 5, 20245 min read
Vulnerability Management

Taint Analysis for Zero-Day Discovery: A Primer

A practitioner's walk-through of taint analysis as a zero-day discovery technique, from classic Livshits and Lam foundations to modern flow-sensitive engines.

Apr 22, 20247 min read
AppSec

What Does SAST Stand For, Exactly?

SAST stands for static application security testing — analyzing source code for vulnerabilities without ever running the program, which is what separates it from every dynamic testing approach.

Mar 5, 20245 min read
Tool Comparisons

Semgrep vs CodeQL: Static Analysis for Security Teams

A deep comparison of Semgrep and CodeQL for static application security testing, covering rule writing, performance, language support, and practical deployment considerations.

Feb 18, 20246 min read
Tool Reviews

SonarQube Security Scanning: Code Quality Meets Application Security

A review of SonarQube's security scanning capabilities, examining how its code quality heritage shapes its approach to vulnerability detection and taint analysis.

Nov 15, 20235 min read
DevSecOps

Kotlin detekt Security Rules: Catching Vulnerabilities in Kotlin Code

detekt is Kotlin's primary static analysis tool. Its security-relevant rules catch patterns that lead to vulnerabilities in Android and server-side Kotlin.

Jul 28, 20235 min read
static-analysis (Page 8) — Safeguard Blog