<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Code Radar Code Security Guides</title>
    <link>https://code-radar.dev/blog/</link>
    <atom:link href="https://code-radar.dev/feed.xml" rel="self" type="application/rss+xml" />
    <description>Local SAST, AI-generated code review, MCP agent context, and GitHub Actions SARIF gates for developer-first security workflows.</description>
    <language>en</language>
    <lastBuildDate>Wed, 01 Jul 2026 00:00:00 GMT</lastBuildDate>
    <item>
      <title>How to review AI-generated code before the PR</title>
      <link>https://code-radar.dev/blog/review-ai-generated-code-before-pr/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/review-ai-generated-code-before-pr/</guid>
      <description>Use a local security scan loop, a finding-first prompt, and a CI gate to keep agent output reviewable.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Local SAST vs cloud SAST</title>
      <link>https://code-radar.dev/blog/local-sast-vs-cloud-sast/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/local-sast-vs-cloud-sast/</guid>
      <description>A practical breakdown of when local-first scanning is enough and when deeper hosted analysis belongs in the pipeline.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Build a GitHub Actions security scanner gate</title>
      <link>https://code-radar.dev/blog/github-actions-security-scanner/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/github-actions-security-scanner/</guid>
      <description>Turn scanner output into PR annotations, SARIF alerts, GitHub code scanning evidence, and deterministic merge thresholds.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>MCP code review workflow for coding agents</title>
      <link>https://code-radar.dev/blog/mcp-code-review-workflow/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/mcp-code-review-workflow/</guid>
      <description>Give agents structured local findings instead of asking them to infer risk from raw terminal output.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>What to look for in a Semgrep alternative</title>
      <link>https://code-radar.dev/blog/semgrep-alternative-local-sast/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/semgrep-alternative-local-sast/</guid>
      <description>Compare local SAST workflow, agent handoff, GitHub Actions SARIF output, reports, and operational surface before choosing a scanner.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>SAST vs SCA: where each scanner belongs</title>
      <link>https://code-radar.dev/blog/sast-vs-sca/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/sast-vs-sca/</guid>
      <description>Compare static application security testing with software composition analysis, and decide which findings should block local review or CI.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>SAST vs code scanning in GitHub workflows</title>
      <link>https://code-radar.dev/blog/sast-vs-code-scanning/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/sast-vs-code-scanning/</guid>
      <description>Understand the difference between scanner engines, SARIF output, GitHub code scanning alerts, and pull-request gates.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>How to add SARIF to GitHub Actions</title>
      <link>https://code-radar.dev/blog/add-sarif-to-github-actions/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/add-sarif-to-github-actions/</guid>
      <description>Generate SARIF from a scanner, upload it in GitHub Actions, and keep pull-request security gates deterministic.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Best SAST tools for developers: what to compare</title>
      <link>https://code-radar.dev/blog/best-sast-tools-for-developers/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/best-sast-tools-for-developers/</guid>
      <description>Evaluate local feedback speed, source-upload boundaries, SARIF support, agent workflow, and PR gates before choosing a developer-first SAST tool.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Best code security tools for startups</title>
      <link>https://code-radar.dev/blog/best-code-security-tools-for-startups/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/best-code-security-tools-for-startups/</guid>
      <description>Compare code security tools by setup cost, local-first scanning, CI evidence, dependency coverage, and whether a small team can operate them.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Best Semgrep alternatives for local review</title>
      <link>https://code-radar.dev/blog/best-semgrep-alternatives/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/best-semgrep-alternatives/</guid>
      <description>Compare Semgrep alternatives by local SAST workflow, SARIF output, MCP agent handoff, dependency checks, and PR gates.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Best SonarQube alternatives for small teams</title>
      <link>https://code-radar.dev/blog/best-sonarqube-alternatives/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/best-sonarqube-alternatives/</guid>
      <description>Compare SonarQube alternatives by local setup, developer feedback, code-health signal, security findings, reports, and CI gates.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>TypeScript security scanner for local review</title>
      <link>https://code-radar.dev/blog/typescript-security-scanner/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/typescript-security-scanner/</guid>
      <description>Use local SAST, secret scanning, dependency checks, and code-health findings to review TypeScript changes before a pull request.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Python security scanner CLI for private repositories</title>
      <link>https://code-radar.dev/blog/python-security-scanner-cli/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/python-security-scanner-cli/</guid>
      <description>Run a local Python security scanner CLI for source findings, dependency risk, secrets, and review evidence without uploading source code.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Go security scanner for local and CI workflows</title>
      <link>https://code-radar.dev/blog/go-security-scanner/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/go-security-scanner/</guid>
      <description>Scan Go repositories locally and in GitHub Actions for source-level risk, dependency advisories, secrets, and code-health findings.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Rust dependency scanner for Cargo.lock review</title>
      <link>https://code-radar.dev/blog/rust-dependency-scanner/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/rust-dependency-scanner/</guid>
      <description>Use Radar to scan Rust lockfiles and surface dependency risk beside local SAST, secrets, and code-health findings.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
    <item>
      <title>JavaScript SAST tool for local code review</title>
      <link>https://code-radar.dev/blog/javascript-sast-tool/</link>
      <guid isPermaLink="true">https://code-radar.dev/blog/javascript-sast-tool/</guid>
      <description>Run JavaScript SAST, secret scanning, dependency checks, and SARIF report generation before generated or risky code reaches review.</description>
      <pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate>
    </item>
  </channel>
</rss>
