Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A review of Prisma Cloud's container and cloud workload security features, covering image scanning, runtime protection, compliance, and the Twistlock heritage.
A review of Endor Labs and its reachability-based approach to software composition analysis, examining how call graph analysis reduces vulnerability noise.
An overview of Veracode's SCA capabilities within their broader application security platform, covering vulnerability prioritization, agent-based scanning, and enterprise features.
A review of SonarQube's security scanning capabilities, examining how its code quality heritage shapes its approach to vulnerability detection and taint analysis.
An overview of Wiz's cloud security platform, covering its agentless architecture, graph-based risk analysis, and how it changed expectations for cloud security tooling.
A review of Checkmarx SCA covering its integration with the broader Checkmarx AST platform, vulnerability detection, and exploitability analysis capabilities.
A review of Socket.dev's approach to supply chain security, focusing on behavior analysis of npm packages, install script detection, and typosquatting prevention.
An in-depth review of the Aqua Security platform covering container security, runtime protection, Kubernetes scanning, and how it fits into a modern DevSecOps workflow.
A review of GitHub Advanced Security covering CodeQL SAST, Dependabot SCA, secret scanning, and how the integrated security experience works for development teams.
Weekly insights on software supply chain security, delivered to your inbox.