Safeguard
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

Filtering by tag:#Static Analysis11 articles
All (11)AI Security (384)DevSecOps (197)Best Practices (175)Open Source Security (154)Vulnerability Analysis (117)Incident Analysis (114)Industry Analysis (107)Compliance (100)Application Security (97)Regulatory Compliance (89)Container Security (89)Cloud Security (70)Vulnerability Management (70)Software Supply Chain Security (65)Supply Chain Attacks (54)Threat Intelligence (47)SBOM (41)Product (35)Tools (32)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (24)Infrastructure Security (23)Regulation (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Agent Security (16)Vulnerability Response (16)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Supply Chain (12)Frameworks (12)Data Breach (11)Dependency Security (11)Web Security (11)Open Source (9)Kubernetes Security (9)Company (8)Standards (8)Architecture (8)Industry Insights (7)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Vendor Comparison (6)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Breach Analysis (5)Code Security (5)Cryptocurrency Security (4)Tool Comparison (4)Mobile Security (4)Product Launch (4)Policy (4)Offensive Security (4)Tool Comparisons (4)Healthcare Security (3)Social Engineering (3)Build Security (3)Industry (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Hardware Security (3)Identity Security (2)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)DeFi Security (2)Incident Postmortem (1)Technical (1)Healthcare (1)Events (1)Product Update (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Credential Attacks (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Application Security

SAST Tool Accuracy Benchmarks 2024: What the Data Actually Shows

Static Application Security Testing tools vary dramatically in accuracy. We analyze detection rates, false positive rates, and language coverage across leading SAST tools using standardized benchmarks.

May 5, 20245 min read
DevSecOps

Kotlin detekt Security Rules: Catching Vulnerabilities in Kotlin Code

detekt is Kotlin's primary static analysis tool. Its security-relevant rules catch patterns that lead to vulnerabilities in Android and server-side Kotlin.

Jul 28, 20235 min read
DevSecOps

SpotBugs Security Detectors for Java: A Practical Guide

SpotBugs with Find Security Bugs is the most effective free security analysis tool for Java. Here is how to get real results from it.

Jun 22, 20234 min read
Secure Development

Swift Security Analysis Tools: The Current Landscape

Swift's type safety helps, but it does not eliminate all security bugs. Here is the current tooling landscape for finding vulnerabilities in Swift code.

May 20, 20235 min read
DevSecOps

gosec: Static Analysis for Go Security

gosec is the standard security linter for Go. Here is what it catches, what it misses, and how to integrate it effectively into your workflow.

Feb 18, 20235 min read
DevSecOps

PHPStan Security Analysis: Static Typing as a Security Tool for PHP

PHPStan brings static analysis to PHP. Its type checking catches entire classes of bugs that lead to security vulnerabilities in PHP applications.

Jan 8, 20235 min read
Container Security

Runtime vs Static Container Analysis: Complementary, Not Competing

Static scanning finds known vulnerabilities. Runtime analysis finds actual exploitation. Using only one gives you half the picture.

Nov 12, 20226 min read
DevSecOps

Bandit for Python Security Linting: Getting Real Value From Static Analysis

Bandit scans Python code for security issues. Here is how to configure it so it catches real bugs without burying your team in false positives.

Oct 15, 20225 min read
DevSecOps

GoSec Static Analysis for Go: Practical Security Scanning

GoSec finds security issues in Go source code. Here is how to get the most out of it without fighting false positives all day.

Sep 18, 20225 min read
Page 1 of 2

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard — Software Supply Chain Security Insights