Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Ruby reachability under metaprogramming, Rails autoloading, and Bundler groups. What bundler-audit and modern tools handle, and where they punt to over-approximation.
Java reachability under classpath reality: reflection, Spring autowiring, shaded JARs, Log4Shell, and what modern tools actually resolve versus over-approximate.
LLM02 on the OWASP LLM Top 10 keeps quietly producing incidents because downstream systems trust model outputs they should not. Concrete patterns that hold up.
GitLab bundles SAST, SCA, container scanning, and DAST into the Ultimate tier. Is the integrated story worth the premium over best-of-breed tools? An honest review.
JetBrains IDEs have a smaller plugin ecosystem than VS Code, but the security model is similar and the risks rhyme. Here is what to watch in 2026.
A practical guide to when IAST adds value over SAST in 2026, with the workload characteristics that justify the operational cost of runtime instrumentation.
Python reachability is hard but useful: dynamic dispatch, monkey-patching, optional extras, and how modern tools handle real Django and FastAPI services.
A practical head-to-head between CodeQL and Semgrep in 2026: query power, performance, rule authoring, and where each tool earns its place in a modern SAST program.
VS Code extensions run with full editor privileges and broad filesystem access. A look at the real attacks, the marketplace's blind spots, and how to harden the workstation.
Weekly insights on software supply chain security, delivered to your inbox.