Security

4 guides covering security tools

Semgrep: Find Real Bugs with Pattern-Based Static Analysis

2026-03-04 · 4 min semgrep static-analysis security code-quality ci-cd devsecops

Semgrep is a fast, open-source static analysis tool that finds security vulnerabilities and bugs using code patterns. Write rules in YAML that match syntax, not just strings.
Developer Security Essentials: From OWASP to Supply Chain Safety

2026-02-09 · 8 min security owasp dependency-scanning secrets-management sast dast supply-chain

A hands-on guide to application security for developers -- OWASP Top 10, dependency scanning, secrets management, SAST/DAST tools, and building security into your development workflow.
Static Analysis Beyond Linting: CodeQL, Semgrep, SonarQube, and Snyk Code

2026-02-09 · 6 min static-analysis codeql semgrep sonarqube security

A practical guide to static analysis tools that find security vulnerabilities, logic bugs, and code quality issues that linters miss -- with setup, custom rules, and CI integration.
Container Security Scanning: Trivy, Grype, Snyk, and Docker Scout

2026-02-09 · 7 min docker containers security scanning vulnerabilities

A practical comparison of container vulnerability scanners covering Trivy, Grype, Snyk Container, and Docker Scout -- with CLI examples, CI integration, and honest trade-offs on speed, coverage, and false positives.

Semgrep: Find Real Bugs with Pattern-Based Static Analysis