https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Fri, 15 May 2026 00:00:00 GMT https://www.youngju.dev/blog/culture/2026-05-15-static-analysis-sast-2026-semgrep-codeql-snyk-sonarqube-aikido-trivy-deep-dive.en https://www.youngju.dev/blog/culture/2026-05-15-static-analysis-sast-2026-semgrep-codeql-snyk-sonarqube-aikido-trivy-deep-dive.en Mapping the 2026 code security tooling landscape — Semgrep (the de facto OSS SAST plus Pro engine and Supply Chain), CodeQL (the heart of GitHub Advanced Security, dataflow king), Snyk Code (SAST+SCA after the DeepCode AI integration), SonarQube 11 (how the classic stays alive), Aikido Security (the all-in-one newcomer with AI Autofix), Cycode and GitGuardian (supply chain + secrets), Trivy/Aqua (containers + dependencies), Checkmarx and Veracode (enterprise stalwarts), OWASP ZAP, Bearer, Endor Labs, Socket.dev. SBOM (SPDX/CycloneDX) maturing, reachability analysis, LLM autofix, EU CRA 2024, and the Korea/Japan landscape with KaibAi and FFRI. Fri, 15 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) securitysaststatic-analysissemgrepcodeqlsnyksonarqubeaikidocycodegitguardiantrivycheckmarxsbomdevsecops2026deep-diveenglish https://www.youngju.dev/blog/culture/2026-05-15-static-analysis-sast-2026-semgrep-codeql-snyk-sonarqube-aikido-trivy-deep-dive.ja https://www.youngju.dev/blog/culture/2026-05-15-static-analysis-sast-2026-semgrep-codeql-snyk-sonarqube-aikido-trivy-deep-dive.ja 2026年のコードセキュリティツール地図を描く — Semgrep(オープンソース SAST のデファクト + Pro engine と Supply Chain)、CodeQL(GitHub Advanced Security の中核、dataflow の王者)、Snyk Code(DeepCode AI 統合後の SAST+SCA)、SonarQube 11(クラシックの生存戦略)、Aikido Security(オールインワン新興 + AI Autofix)、Cycode と GitGuardian(サプライチェーン + シークレット)、Trivy/Aqua(コンテナ + 依存)、Checkmarx と Veracode(エンタープライズ陣営)、OWASP ZAP、Bearer、Endor Labs、Socket.dev。SBOM(SPDX/CycloneDX)成熟、reachability analysis、LLM autofix、EU CRA 2024、そして KaibAi と FFRI など韓国・日本市場まで。 Fri, 15 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) securitysaststatic-analysissemgrepcodeqlsnyksonarqubeaikidocycodegitguardiantrivycheckmarxsbomdevsecops2026deep-dive日本語 https://www.youngju.dev/blog/culture/2026-05-15-static-analysis-sast-2026-semgrep-codeql-snyk-sonarqube-aikido-trivy-deep-dive https://www.youngju.dev/blog/culture/2026-05-15-static-analysis-sast-2026-semgrep-codeql-snyk-sonarqube-aikido-trivy-deep-dive 2026년 코드 보안 도구 지도를 그린다 — Semgrep(오픈소스 SAST의 표준 + Pro engine과 Supply Chain), CodeQL(GitHub Advanced Security의 핵심, dataflow 강자), Snyk Code(DeepCode AI 통합 이후의 SAST+SCA), SonarQube 11(클래식이 살아남는 법), Aikido Security(올인원 신예 + AI Autofix), Cycode·GitGuardian(공급망 + 시크릿), Trivy/Aqua(컨테이너 + 디펜던시), Checkmarx·Veracode(엔터프라이즈 진영), OWASP ZAP·Bearer·Endor Labs·Socket.dev. SBOM(SPDX/CycloneDX) 표준화, reachability analysis, LLM autofix, EU CRA 2024, 그리고 KaibAi·FFRI까지. Fri, 15 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) securitysaststatic-analysissemgrepcodeqlsnyksonarqubeaikidocycodegitguardiantrivycheckmarxsbomdevsecops2026deep-dive