Introducing Qwiet AI AutoFix! Reduce the time to secure code by 95% Read More

ShiftLeft™ Inc., an innovator in automated application security, released a new version of NextGen Static Analysis (NG SAST), including new workflows, purpose-built for developers that significantly improve security, while enhancing productivity. ShiftLeft’s customer data confirms that developer productivity suffers when security isn’t automated and seamlessly integrated into the software development lifecycle (SDLC).

Security productivity challenges are rooted in the disconnect between the modern SDLC and the incremental improvements from legacy application security tools, which were designed for ad hoc scanning in the legacy waterfall mode of software development. With staffing ratios often in excess of 200 developers for every AppSec professional, scaling security to meet the requirements of the agile SDLCs requires increasing both developer engagement and efficiency.

Developers Overwhelmingly Believe Disconnect with Security Inhibits Productivity

In a new survey of over 165 developers, AppSec and DevOps professionals, ShiftLeft found that 96% of developers believe the disconnect between developer and security workflows inhibits developer productivity. Furthermore, when asked to prioritize, AppSec professionals ranked creating developer-friendly security workflows as their top priority, which was even higher than protecting applications in production environments.

“Deprioritization of security has been the most common approach to balancing AppSec with developer productivity because automating security in developer workflows has historically been prohibitively expensive for all but the most elite security organizations,” said Izak Mutlu, former VP of Information Security at Salesforce.com. “ShiftLeft’s NG SAST combines industry-leading scan speed, accuracy and a seamless workflow for rapid collaboration between development and AppSec teams so organizations of all sizes can run their AppSec initiatives at the pace of software development.”

The rise of long-term and permanent remote work has increased the amount of business being done online, therefore increasing the number of web properties and applications that need to be developed and supported. As organizations demand software to be built and delivered at an ever-increasing velocity, enhancing developer productivity while enhancing security is critical. The survey revealed that performing security scans too late in the SDLC (89.7%) and lack of remediation guidance (87.7%) are also significant inhibitors to developer productivity.

ShiftLeft’s New Developer-Driven Workflows Significantly Increase Productivity and Quality of Application Security

To scale security and address developer productivity challenges, ShiftLeft’s new version of NG SAST delivers holistic workflows with developer engagement and productivity as a first principle. The new developer-driven security workflow relies on the git-based process that developers already use to write and update code. This allows organizations to:

  • Automate code analysis with every pull/merge request
  • Deliver immediate and accurate security feedback directly to each developer making the change
  • Enable developers to fix vulnerabilities, in the same way they address bugs, without leaving their development environment
  • Enable AppSec teams to write security-focused build rules that accept or deny merges, thereby allowing AppSec to scale
  • Help developers adopt secure coding best practices through Security Insights
  • Eliminate scanning bottlenecks with unlimited concurrent scans
  • Protect intellectual property by scanning without taking source code outside of their organization
  • Rapidly deploy with self-service on-boarding that doesn’t require network architecture updates, new firewall configurations or expensive professional services
  • Further customize workflows through comprehensive APIs

This developer-centric approach to code analysis greatly increases security and productivity by delivering the right vulnerability to the right developer at the right time. Mean time to remediation (MTTR) is reduced because vulnerabilities get fixed while the code is still fresh in the developers’ minds, and vulnerable code doesn’t become deeply interconnected because security build rules prevent it from entering the master branch.

“ShiftLeft’s NextGen Static Analysis gave us the speed and accuracy that we needed to create security feedback loops for our development team without altering their workflows. By scanning every pull reques