Chief Scientist Emeritus Fabian Yamaguchi and foundational Code Property Graph technology recognized with IEEE Test of Time Award

pagebanner-qwiet-shape
cookie policy

Reduce scan time
and increase scan
frequency.

Cookie Policy

Revised September 16, 2021
Overview

These Terms and Conditions (“Agreement”), which govern use of the Product (as defined below), are entered into between ShiftLeft, Inc. (“Company”), you, in your individual capacity, and the organization on whose behalf you are accepting this Agreement, registering for use of, or otherwise setting up, accessing or using, the Product (collectively, “Subscriber”), and are effective as of the earlier of Subscriber’s registration or first use of the Product (“Effective Date”). You represent and warrant that you have the full right and authority to bind the Subscriber to this Agreement, and that the Subscriber is fully aware of, understands, and agrees to be bound by all the terms of this Agreement

BY CLICKING “I ACCEPT” OR OTHERWISE ACCESSING OR USING THE PRODUCT, SUBSCRIBER ACKNOWLEDGES THAT SUBSCRIBER HAS READ, UNDERSTANDS, AND AGREES TO ACCEPT AND BE BOUND BY THE TERMS OF THIS AGREEMENT, INCLUDING ANY ADDITIONAL TERMS INCORPORATED BY REFERENCE. THE PRODUCT IS AVAILABLE ONLY TO THOSE WHO CAN FORM LEGALLY BINDING CONTRACTS UNDER APPLICABLE LAW. BY AGREEING TO THIS AGREEMENT, SUBSCRIBER REPRESENTS AND WARRANTS: (I) THAT SUBSCRIBER CAN FORM LEGALLY BINDING CONTRACTS UNDER APPLICABLE LAW; (II) THAT SUBSCRIBER HAS NOT PREVIOUSLY BEEN SUSPENDED OR PROHIBITED FROM USING THE PRODUCT; AND (III) THAT SUBSCRIBER’S REGISTRATION AND USE OF THE PRODUCT IS IN COMPLIANCE WITH ANY AND ALL APPLICABLE LAWS AND REGULATIONS. IF SUBSCRIBER DOES NOT QUALIFY FOR THE PRODUCT OR DOES NOT AGREE TO THIS AGREEMENT, SUBSCRIBER SHOULD NOT AND MAY NOT REGISTER FOR, ACCESS, OR USE THE PRODUCT.

Key Terms

As provided in greater detail in this Agreement (and without limiting the express language of this Agreement), Subscriber acknowledges the following:

The Product licensed, not sold to Subscriber, and Subscriber may use the product only as set forth in this AgreementAs set forth in greater detail in Articles 4 and 5 below, the Product is provided on a no-cost, trial basis for 14 days, and Subscriber has the option to continue using the Product for monthly, annual or multi-year terms thereafter as selected through Company’s website. No Subscriber is eligible to participate in more than one 14-day trial. Once Subscriber pays for the Product, the Agreement may only be terminated under limited circumstances, including either Party’s material breach of the Agreement or if either Party experiences a bankruptcy or similar event. Product subscriptions are non-cancelable and payments are non-refundable.Company provides the Company Materials to you on an “as is” basis without warranties or indemnities of any kind and Company’s liability to you is limited, as set forth in greater detail in Articles 6, 7, and 8.Subject to certain exceptions, disputes between the Parties will be resolved by binding arbitration, as set forth in in greater detail in Section 9(f)(ii) below.Subject to certain exceptions, disputes between the Parties will be resolved by binding arbitration, as set forth in in greater detail in Section 9(f)(ii) below.

Definitions

“Party” means Company or Subscriber, and “Parties” means Company and Subscriber.“Product” means ShiftLeft command line tool named “Ocular” thatGenerates a versatile intermediate graph representation of code called the Code Property Graph (“CPG”),Allows for query of the CPG through an interactive shell that supports a custom query language for code analysis, andAllows for scripts to be executed non-interactively to perform custom scans for patterns indicating vulnerable code.“User” means an individual who is authorized by Subscriber to use the product.

Use of the Product

Use of the Software and Documentation. Subject to the terms of this Agreement, Company grants to Subscriber a limited, non-exclusive, non-sublicensable, non-assignable (subject to Section 9(b)) license during the Term to:install the Product on Subscriber’s IT systems, andUse (A) the Product that Company provides to Subscriber, and (B) any user guide or similar documentation relating to the Product that Company provides to Subscriber, as revised from time to time (the “Documentation”), in each case, solely in connection with internal business operations.Technical Support Services. The Company will provide technical support regarding the Ocular tool according to the level of support subscribed to by Subscriber (the “Support Services”).Use Restrictions. Except as otherwise explicitly provided in this Agreement, Subscriber will not, and will not permit or authorize third parties, including Users, to:Alter, adapt, reproduce, modify, create derivative works based on, reverse engineer, decompile, reverse compile, reverse assemble, translate, or disassemble all or any portion of the Product or the Documentation (collectively, the “Company Materials”),Use the Company Materials to (A) create, market, or distribute any product or service that is competitive with the Company Materials, or (B) act as a service bureau on behalf of, or otherwise provide processing or Product support to, any person or entity,Disclose the results of any benchmarking of the Product, or use such results for its own competing software development activities,Transfer, sell, lease, license, sublicense, distribute, disclose, divulge, or make available the Company Materials to, or permit use of or access to the Company Materials by, any person or entity other than Subscriber and Users,Enter into any agreement with, or make any representation to, any other person or entity that conflicts with, results in any breach of, or constitutes a default under, this Agreement,Remove, alter, or obscure any intellectual property notice or other restrictive notice or legend contained or included in or on any Company Materials, orContest, challenge, or otherwise make any claim or take any action adverse to Company’s ownership of, or interest in, the Company Materials, including the intellectual property rights therein. Notwithstanding anything to the contrary in this Agreement, Subscriber shall not share or disclose the CPG or CPG reports with any third party or use the CPG or CPG reports for any purpose other than Subscriber’s internal business operations.Compliance with Laws. Subscriber will use the Company Materials in compliance with all applicable laws, rules, and regulations.Protection against Unauthorized Use. Subscriber will be responsible for all use of the Company Materials associated with Subscriber, including by Users and unauthorized users who obtained access to the Product directly or indirectly through Subscriber. Subscriber will prevent any unauthorized use of the Company Materials and immediately notify Company in writing of any unauthorized use that comes to Subscriber’s attention. If there is unauthorized use by anyone who obtained access to the Company Materials directly or indirectly through Subscriber, Subscriber will take all steps reasonably necessary to terminate the unauthorized use. Subscriber will cooperate and assist with any actions taken by Company to prevent or terminate unauthorized use of the Company Materials.Reservation of Rights. Except for the rights granted to Subscriber in Section 2(a)),Subscriber will not have any rights in or to the Company Materials andCompany reserves to itself all rights in and to the Company Materials.Feedback. Subscriber hereby grants Company a perpetual, irrevocable, non-exclusive, assignable, worldwide license to use any suggestion or idea for Company’s products or Product that Subscriber communicates to Company (“Feedback”), without compensation, without any obligation to report on such use, and without any other restriction. The foregoing license includes, without limitation, the right to exploit Feedback in any and every way, as well as the right to grant sublicenses and otherwise disclose any such Feedback to the public.Users. Except as otherwise agreed to by Company and Subscriber, Subscriber may authorize up to the number of Users for which Subscriber has purchased a license to use the Product. Subscriber may add additional Users through Company’s website, subject to payment of any additional fees. Subscriber acknowledges that Company may suspend or deny access to the Product to any User if Subscriber determines that that User is in breach of any provision of this Agreement, with reinstatement to occur upon proven compliance with this Agreement.Audit. Upon reasonable notice to Subscriber, Company will be permitted to audit Subscriber’s use of the Company Materials to determine Subscriber’s compliance with this Agreement. Subscriber will reasonably cooperate with Company with respect to its performance of such audit.Assistance. Subscriber shallProvide Company with all necessary cooperation and information needed by Company to provide the Product (including with respect to providing Subscriber’s source code to Company and integrating Subscriber’s software with the Product),Ensure that its hardware, software, communications equipment and lines, and all other information technology and communications equipment, systems, and networks comply with the technical specifications provided by Company to Subscriber from time to time for use of the Product, andBe solely responsible for procuring and maintaining its network connection and telecommunication links from its systems to Company’s systems.Changes to the Product. Company may, from time to time, make changes to the Product that it deems necessary or useful to:Maintain or enhance (A) the quality or delivery of the Product, (B) the competitive strength of or market for the Product, or (C) the Product cost efficiency or performance; orTo comply with applicable laws, rules, and regulations. Company shall use commercially reasonable efforts to ensure that any change will not materially diminish the features or functionality of the Product.Trial Period. Subscriber acknowledges that some features and functionality of the Product may be limited during the Trial Period,

Confidential Information

Definition. As used in this Agreement, “Confidential Information” means all confidential information disclosed by a Party (“Disclosing Party”) to the other Party (“Receiving Party”) that is either marked in writing as “confidential” or by a similar designation or that should be considered confidential given the nature of the information and the circumstances of disclosure. Without limiting the foregoing, Company’s Confidential Information includes the Company Materials (and all methodologies, features, and functions embodied in and/or used by the Product) and Subscriber’s Confidential Information includes any Subscriber Materials. Confidential Information will not include any information thatIs or becomes generally known to the public without breach of any obligation owed to the Disclosing Party;Was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party;Is received from a third party without breach of any obligation owed to the Disclosing Party; orWas independently developed by the Receiving Party.Protection of Confidential Information. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care). The Receiving Party may only use Confidential Information of the Disclosing Party to perform its obligations or exercise its rights under this Agreement. The Receiving Party may not disclose any Confidential Information of the Disclosing Party to any third party without the Receiving Party’s prior express written consent (except to its employees and subcontractors with a legitimate need to know such information who agree in writing to comply with this Agreement). The Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, on condition that the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure.

Term and Termination

Term. This Agreement is effective as of the Effective Date and continues in effect for:A trial period of 14 days (the “Trial Period”), andIf Subscriber, during the Trial Period, provides billing information or otherwise notifies Company of its election to continue using the Product, for the length of the subscription term Subscriber selects (e.g., one month, one year or multi-year) following the end of the Trial Period (the “Initial Term”). For the avoidance of doubt, if Subscriber does not provide billing information or otherwise notify Company of its election to continue using the Product, this Agreement will terminate automatically at the end of the Trial Period, and after expiration or termination of the Trial Period Subscriber will not be eligible to sign up for another Trial Period at any time thereafter. After the Initial Term, this Agreement will automatically renew for additional successive one-year terms (each, a “Renewal Term” and the period in which this Agreement is in effect, the “Term”) unless at least 30 days before the end of the Initial Term or then-current Renewal Term either Party provides written notice to the other Party that it does not want to renew. Notwithstanding the foregoing, if Subscriber has previously executed this Agreement and used the Product on a trial basis or otherwise, then Subscriber is not eligible for a Trial Period, but may nonetheless subscribe to the Product; and in such a case, the Initial Term will commence on the Effective Date.Termination for Material Breach. Either Party may terminate this Agreement if the other Party does not cure its material breach of this Agreement within 30 days of receiving written notice of the material breach from the non-breaching Party. Termination in accordance with this Section 4(b) will take effect when the breaching Party receives written notice of termination from the non-breaching Party, which notice must not be delivered until the breaching Party has failed to cure its material breach during the 30-day cure period. If Subscriber fails to timely pay any amount due, Company may, without limitation to any of its other rights or remedies, suspend performance of the Product until it receives all amounts due.Termination for Bankruptcy. A Party may terminate this Agreement at any time by providing notice of termination to the other Party if that other PartyBecomes insolvent or unable to pay its debts as they mature,Makes an assignment for the benefit of its creditors,Is dissolved or liquidated, or takes any corporate action for those purposes,Has a receiver, trustee, custodian or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business, orSeeks relief or if proceedings are commenced against that other Party, or on its behalf, under any bankruptcy, insolvency or debtors’ relief law and those proceedings have not been fully stayed within seven days or vacated or set aside within 30 days after the commencement of those proceedings.Post-Termination Obligations. Upon any termination of this Agreement,Subscriber shall cease using the Company Materials,Subscriber shall return or destroy all Company Materials in its possession or control,Company shall return or destroy all Subscriber Materials in its possession or control,Subscriber will pay to Company any Fees or other amounts that have accrued prior to the effective date of the termination, andAny and all liabilities accrued prior to the effective date of the termination will survive.Survival. Sections 2(c), 2(f), 2(g), 2(i), 4(d), and 4(e), and Articles 1, 3, and 5-9 survive any termination of this Agreement.

Fees and Payment

Fees and Authorization. Subscriber hereby authorizes Company to charge all amounts for the Product and Support Services as established by Company (the “Fees”), to the payment method specified by Subscriber. During the Initial Term and any Renewal Term, Subscriber hereby authorizes Company to charge, on a monthly or annual basis as selected by Subscriber, the monthly or annual Fees. Company will charge the monthly (or annual) Fee on the first day of the Initial Term and on each monthly (or annual) anniversary thereof. For the avoidance of doubt, no Fees are due during the Trial Period.Taxes. Other than net income taxes imposed on Company, Subscriber will bear all taxes, duties, and other governmental charges resulting from this Agreement.

Warranties and Disclaimer

Mutual Warranties. Each Party represents and warrants to the other that:This Agreement has been duly executed and delivered and constitutes a valid and binding agreement enforceable against such Party in accordance with its terms; andNo authorization or approval from any third party is required in connection with such Party’s execution, delivery, or performance of this Agreement.Disclaimer. EXCEPT FOR THE EXPRESS REPRESENTATIONS AND WARRANTIES STATED IN SECTION 6(A), COMPANY MAKES NO ADDITIONAL REPRESENTATION OR WARRANTY OF ANY KIND WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, AS TO ANY MATTER WHATSOEVER. COMPANY EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY, ACCURACY, TITLE, AND NON-INFRINGEMENT. COMPANY DOES NOT WARRANT AGAINST INTERFERENCE WITH THE ENJOYMENT OF THE PRODUCT. COMPANY DOES NOT WARRANTTHAT THE PRODUCT WILL IDENTIFY ANY OR ALL SECURITY VULNERABILITIES OR ARE ERROR-FREE,THAT OPERATION OF THE PRODUCT WILL BE SECURE OR UNINTERRUPTED,THAT ANY INFORMATION PROVIDED THROUGH THE PRODUCT IS ACCURATE OR COMPLETE, ORTHAT ANY INFORMATION PROVIDED THROUGH THE PRODUCT WILL ALWAYS BE AVAILABLE. COMPANY EXPRESSLY DISCLAIMS ANY LIABILITY ARISING OUT OF OR BASED UPON THE RESULTS OF SUBSCRIBER’S, INCLUDING USERS’, USE OF THE PRODUCT.

Indemnification

Defense. Subscriber will defend Company from any actual or threatened third-party claim arising out of or based upon Subscriber’s, including Users’, use of the Product or Subscriber’s breach of any of the provisions of this Agreement, except to the extent the claim arises out of or is based on Company’s negligence or willful misconduct. Company willGive Subscriber prompt written notice of the claim,Grant Subscriber full and complete control over the defense and settlement of the claim, andProvide assistance in connection with the defense and settlement of the claim as Subscriber may reasonably request. Company will have the right to participate in the defense of the claim at its own expense and with counsel of its own choosing.Indemnification. Subscriber will indemnify Company from and payAll damages, costs, and attorneys’ fees awarded against Company in any claim under Section7(a),All costs (including attorneys’ fees) reasonably incurred by Company in connection with the defense of a claim under Section7(a), andAAll amounts that Subscriber agrees to pay to any third party to settle any claim under Section 7(a).

Limitations Of Liability

Disclaimer of Indirect Damages. TO THE FULLEST EXTENT PERMITTED BY LAW, NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS AGREEMENT, COMPANY WILL NOT, UNDER ANY CIRCUMSTANCES, BE LIABLE TO SUBSCRIBER FOR CONSEQUENTIAL, INCIDENTAL, SPECIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO LOST PROFITS OR LOSS OF BUSINESS, EVEN IF COMPANY IS APPRISED OF THE LIKELIHOOD OF SUCH DAMAGES OCCURRING.Cap on Liability. TO THE FULLEST EXTENT PERMITTED BY LAW, UNDER NO CIRCUMSTANCES WILL COMPANY’S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER BASED ON CONTRACT, TORT, OR OTHERWISE, EXCEED THE TOTAL AMOUNT PAID BY SUBSCRIBER TO COMPANY DURING THE 12 MONTHS IMMEDIATELY PRECEDING THE CLAIM.Independent Allocations of Risk. EACH PROVISION OF THIS AGREEMENT THAT PROVIDES FOR A LIMITATION OF LIABILITY DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES IS TO ALLOCATE THE RISKS OF THIS AGREEMENT BETWEEN THE PARTIES. THIS ALLOCATION IS REFLECTED IN THE PRICING OFFERED BY COMPANY TO SUBSCRIBER AND IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. EACH OF THESE PROVISIONS IS SEVERABLE AND INDEPENDENT OF ALL OTHER PROVISIONS OF THIS AGREEMENT. THE LIMITATIONS IN THIS ARTICLE 8 WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY IN THIS AGREEMENT.

General

Relationship. Company will be and act as an independent contractor (and not as the agent or representative of Subscriber) in the performance of this Agreement.Assignability. Subscriber shall not assign its right, duties, or obligations under this Agreement without Company’s prior written consent and any attempted assignment will be void. Company may freely assign this Agreement. This Agreement is binding upon and inures to the benefit of the Parties hereto and their respective permitted successors and assigns.Publicity. Company may list Subscriber as a customer of Company and use Subscriber’s name and logo for marketing or promotional purposes and in other communication with existing or potential Company customers. Subscriber may revoke this consent at any time by sending an email to [email protected]. Company may utilize a subcontractor or other third party to perform its duties under this Agreement so long as Company remains responsible for all of its obligations under this Agreement.Force Majeure. Company will not be liable for, or be considered to be in breach of or default under this Agreement on account of, any delay or failure to perform as required by this Agreement as a result of any cause or condition beyond its reasonable control.Governing Law and Dispute Resolution.Governing Law. This Agreement (including this Section), any dispute, claim, or controversy between the Parties arising out of or relating to this Agreement or the performance of the Product, whether in contract, tort, or otherwise (each, a “Disputed Matter”), and the Parties’ rights, remedies, and obligations under this Agreement, are to be construed in accordance with and governed by the laws of the State of California applicable to agreements made and to be wholly performed in that state by persons or entities residing or having their principal places of business therein, without giving effect to the State of California’s conflict of laws rules to the extent those rules would require applying another jurisdiction’s laws and not including the provisions of the 1980 U.N. Convention on Contracts for the International Sale of Goods. Subject to 9(f)(ii), the Parties may commence an action, suit or proceeding arising out of or relating to this Agreement or the performance of the Product only in, and hereby consent to the exclusive jurisdiction of, the federal and state courts located in the City of San Francisco within the State of California.Dispute Resolution. The Parties shall resolve Disputed Matters in accordance with the following procedures:Exceptions. Solely for purposes of this Section 9(f)(ii), “Disputed Matters” excludes claims (x) for indemnification under Article 7, (y) that a Party has breached Article 3, and (z) that a Party has infringed, misappropriated, or otherwise violated the other Party’s intellectual property rights.Cooperation. The Parties shall cooperate in good faith to resolve any Disputed Matter within 30 days after a Party notifies the other Party of the Disputed Matter (the “Resolution Period”). The Parties acknowledge that their discussions and efforts during the Resolution Period to resolve a Disputed Matter are settlement discussions under applicable rules of evidence and without prejudice to either Party’s legal position.Arbitration. At a Party’s request, the Parties shall submit any Disputed Matter unresolved as of the end of the applicable Resolution Period to binding arbitration (each, an “Arbitration Proceeding”). Arbitration Proceedings must be conducted in the city of San Francisco within the State of California in accordance with the Commercial Arbitration Rules of the American Arbitration Association. The arbitration panel for each such Arbitration Proceeding must be comprised of three arbitrators, and the chairperson of the panel must be an attorney. Judgment upon the award rendered by the arbitrator in any such Arbitration Proceeding may be entered in any court having jurisdiction over the enforcement of that award. Issues relating to whether a particular claim is subject to arbitration shall be decided by a court of competent jurisdiction in accordance with Section 9(f)(i) and not by the arbitrators.Waiver. The waiver by either Party of any breach of any provision of this Agreement does not waive any other breach. The failure of any Party to insist on strict performance of any covenant or obligation in accordance with this Agreement will not be a waiver of such Party’s right to demand strict compliance in the future, nor will the same be construed as a novation of this Agreement.Severability. If any part of this Agreement is found to be illegal, unenforceable, or invalid, the remaining portions of this Agreement will remain in full force and effect. If any material limitation or restriction on the use of the Product under this Agreement is found to be illegal, unenforceable, or invalid, Subscriber’s right to use the Product will immediately terminate.Notices. All notices, requests, claims, and other communications between the Parties described in or otherwise regarding this Agreement must be in writing and be given or made (and will be effective on receipt) by delivery in person, by nationally recognized overnight courier service (with signature required and all fees prepaid), by facsimile (with confirmation of transmission), by e-mail (with telephone confirmation or confirmation by another method set forth in this Section) or by registered or certified mail (postage prepaid, return receipt requested) to a Party.Entire Agreement. This Agreement is the final and complete expression of the agreement between the Parties regarding Subscriber’s use of the Product. This Agreement supersedes, and the terms of this Agreement govern, all previous oral and written communications regarding these matters, all of which are merged into this Agreement. No employee, agent, or other representative of Company has any authority to bind Company with respect to any statement, representation, warranty, or other expression unless the same is specifically set forth in this Agreement. No usage of trade or other regular practice or method of dealing between the Parties will be used to modify, interpret, supplement, or alter the terms of this Agreement. This Agreement may be changed only by a written agreement signed by an authorized agent of the Party against whom enforcement is sought. Company will not be bound by, and specifically objects to, any term, condition, or other provision that is different from or in addition to this Agreement (whether or not it would materially alter this Agreement) that is proffered by Subscriber in any receipt, acceptance, confirmation, correspondence, or otherwise, unless Company specifically agrees to such provision in a writing that is signed by an authorized agent of Company.

See for yourself – run a scan on your code right now

About ShiftLeft

ShiftLeft empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left.

A unified code security platform, ShiftLeft CORE scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use ShiftLeft ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, California. For information, visit: www.shiftleft.io.

Share

See for yourself – run a scan on your code right now