ShiftLeft, an innovator in automated application security testing, announced an additional $29 million in funding from cybersecurity-focused investor SYN Ventures and Blackstone Innovations Investments with participation from existing investors. The funding will be applied to accelerate product development, marketing and sales efforts. As part of the expansion capital funding, SYN Managing Partner Jay Leek will join the ShiftLeft Board of Directors.
The expansion capital comes at a period of unprecedented growth for the company while earning a Gross Retention Rate of 97% and Net Retention Rate of 143% driven by strong customer embrace of the product. “Our customers are voting with their scans,” says Manish Gupta, CEO and Co-Founder of ShiftLeft. “Most are running three times as many static analysis scans with ShiftLeft as compared to last year. Just as important, we are seeing our footprint rapidly expand inside these organizations as more AppSec and development teams successfully collaborate to shift security left.”
Traditionally, application security and software development teams have struggled to collaborate on security. Developers feel that AppSec teams slow them down with numerous false positives, slow scans, and the burden of multiple siloed scanning solutions including traditional software composition analysis for open source code and legacy static application security testing for first-party code. Unlike other code scanning platforms, ShiftLeft CORE analyzes the application as a whole and mimics how attackers would actually try to break into the application rather than analyzing individual application components in isolation. Scan results are quick and accurate. And developers are provided with detailed guidance on how to fix the vulnerabilities. Statistics from customers – up to 92% of new vulnerabilities fixed in less than 20 days – speak to the advantage of shifting left.
“One of the key things we heard in our due diligence with AppSec leaders who use ShiftLeft is that it was the only application security testing platform that both developers and AppSec teams love. As a former practicing CISO, that caught my attention,” said Jay Leek. “By quickly identifying the most ‘attackable’ vulnerabilities and recommending fixes while also showing developers the vulnerable data path specific to their applications, ShiftLeft not only streamlines security but also teaches developers how to write secure code.”
“We have been using ShiftLeft in our application security process for over two years and it has changed the way we handle application security. ShiftLeft’s scans are fast and provide results with high accuracy,” explains Adam Fletcher, Chief Security Officer at Blackstone. By prioritizing fixes based on attackability, Fletcher has enabled Blackstone’s development teams to tightly focus on the most important risks and dedicate more time to writing application code rather than security remediation. “We are shipping more secure code and our developers are not slowed down by this enhanced level of application security. We look forward to working with ShiftLeft as they continue to enhance their product.”
As part of the expansion round, ShiftLeft will aggressively scale all job functions with new hires across all departments. To lead this rapid talent growth, ShiftLeft has promoted Carl Elsinger to the new VP of Sales, Arun Balakrishnan to VP of Product and Customer Success and Davy Hua to VP of Operations. “Promoting internally is in our DNA and it’s a key part of how we reward high performance,” says Gupta. Alongside these internal hires, Robert Rea joins ShiftLeft as VP of Engineering from Armor Code Cloud Security.
ShiftLeft will also expand its product capabilities to incorporate fast growing cloud native architectures. Enhancing cloud native capabilities will expand the potential customer footprint and allow ShiftLeft to provide application security solutions for organizations running Kubernetes and other container-based application architectures. “When all the market signals are pointing up and to the right, investing in product, sales and marketing can yield outsized dividends,” says Gupta. “We are fortunate to have long-term investors and we look forward to a year of rapid growth and product development.”
ShiftLeft empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left. A unified code security platform, ShiftLeft CORE scans for attack context across APIs, OSS, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use ShiftLeft ship more secure code, faster. Backed by SYN Ventures,, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, California.