Tag
static-code-analysis
Safeguard articles tagged "static-code-analysis" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Tools
Open Source Static Code Analysis Tools
Open source static code analysis tools like Semgrep, CodeQL, and Bandit catch real bugs -- but miss supply-chain flaws like Log4Shell entirely.
Feb 20, 20268 min read
Application Security
What is Static Code Analysis
Static code analysis scans source code for flaws before it runs. Here's how SAST works, what it catches, and where it falls short without reachability context.
Feb 7, 20266 min read
Supply Chain
SCA vs Static Code Analysis: The Real Difference
Software composition analysis and static code analysis get lumped together constantly, but they read entirely different things and catch entirely different bugs.
Sep 15, 20256 min read