Safeguard
Tag

static-analysis

Safeguard articles tagged "static-analysis" — guides, analysis, and best practices for software supply chain and application security.

106 articles

DevSecOps

SpotBugs Security Detectors for Java: A Practical Guide

SpotBugs with Find Security Bugs is the most effective free security analysis tool for Java. Here is how to get real results from it.

Jun 22, 20234 min read
Secure Development

Swift Security Analysis Tools: The Current Landscape

Swift's type safety helps, but it does not eliminate all security bugs. Here is the current tooling landscape for finding vulnerabilities in Swift code.

May 20, 20235 min read
DevSecOps

gosec: Static Analysis for Go Security

gosec is the standard security linter for Go. Here is what it catches, what it misses, and how to integrate it effectively into your workflow.

Feb 18, 20235 min read
DevSecOps

PHPStan Security Analysis: Static Typing as a Security Tool for PHP

PHPStan brings static analysis to PHP. Its type checking catches entire classes of bugs that lead to security vulnerabilities in PHP applications.

Jan 8, 20235 min read
Container Security

Runtime vs Static Container Analysis: Complementary, Not Competing

Static scanning finds known vulnerabilities. Runtime analysis finds actual exploitation. Using only one gives you half the picture.

Nov 12, 20226 min read
Application Security

Taming Static Analysis: A Practical Guide to False Positive Reduction

False positives kill SAST adoption faster than anything else. Here is how to cut through the noise without missing real vulnerabilities.

Nov 12, 20227 min read
DevSecOps

Bandit for Python Security Linting: Getting Real Value From Static Analysis

Bandit scans Python code for security issues. Here is how to configure it so it catches real bugs without burying your team in false positives.

Oct 15, 20225 min read
DevSecOps

GoSec Static Analysis for Go: Practical Security Scanning

GoSec finds security issues in Go source code. Here is how to get the most out of it without fighting false positives all day.

Sep 18, 20225 min read
Secure Development

Clippy Rust Security Lints: Catching What the Borrow Checker Misses

Rust's compiler catches memory safety bugs. Clippy catches everything else -- including security anti-patterns the borrow checker does not care about.

Jul 22, 20225 min read
DevSecOps

ESLint Security Rules Configuration: A Practical Guide

ESLint can catch security issues before they reach production. Here is how to configure security-focused rules that actually help without drowning you in noise.

Jun 20, 20225 min read
static-analysis (Page 9) — Safeguard Blog