ShiftLeft, Inc., an innovator in automated application security testing, today announced a new release of its ShiftLeft CORE platform with a host of new features that enable application security and development teams to identify and remediate attackable vulnerabilities faster and earlier in the development process. The new features empower developers and AppSec teams to streamline the triage process and automate security controls. ShiftLeft also announced GA support for Kotlin for Mobile, Beta support for Golang in the company’s I-SCA software composition analysis tool and GA support for Python SCA.
Taken together, the Velocity Update features can dramatically improve the speed of remediation and enable developers and application security teams to scan more frequently while maintaining the same levels of efficiency and accuracy. This enables appsec teams to provide better guidance to developers or allows developers to interact directly with scanning results and integrate those results into their workflows for earlier and more frequent remediation. The net result is fewer serious vulnerabilities get through the development process and organizations can more effectively shift security left.
New features and capabilities in this release include:
- Ability to perform code analysis for Kotlin (mobile) apps. This is an early stage beta release to support one of the fastest adopted languages amongst developer communities.
- Intelligent SCA for Python and Golang (beta) that allows developers to identify reachable/attackable open source vulnerabilities in their code.
The release also includes multiple critical workflow enhancements to improve customer experience such as:
- Improve build rules which provide the ability to automatically detect and intercept attacker reachable open-source vulnerabilities at every pull request in a development pipeline
- Interactive remediation which provides a shared workflow not available in legacy SAST tools where developers tell the tool to recognize their custom validation and sanitization methods in scan results
- Enhanced vulnerability descriptions that include a detailed explanation of the root cause of the issue, show developers what not to do, and why improper code leads to a vulnerability
- Branch selection to enable developers to more easily focus security and remediation on the code branch they are working on
- Richer data flow visualizations to enable developers to browse and analyze vulnerabilities by attackable dataflows
“Customers are already using ShiftLeft CORE to make security fixes earlier in the development cycle where they are less painful for devs and result in significantly less security debt for the application. That said, the increased frequency of scans and greater volume of vulnerability information can create information overload,” says Alok Shukla, VP Products, ShiftLeft Inc. “The “Velocity Update” to ShiftLeft CORE helps them easily browse and triage high volumes of attackable dataflows and intelligently automate build decisions based on attackability exposure in each pull request.”
The Velocity Update continues ShiftLeft’s evolution towards making application security faster while making developer’s lives easier. By improving the way teams automate cutting edge application security practices, ShiftLeft is enabling organizations to ship code faster and with reduced risk.
“ShiftLeft CORE’s ability to see if vulnerabilities are attacker reachable is a huge help when it comes to triaging issues and showing developers the importance of a fix,” says Paolo Del Mundo, Head of Application Security for Motley Fool.
Through the addition of Kotlin and Python support in ShiftLeft’s Intelligent-SCA software composition analysis solution, ShiftLeft is continuing its rapid language coverage expansion to better meet the needs of polyglot development efforts where multiple languages are now the norm. “We look forward to the expanded language support and improved automation tools to speed up our remediation process even further,” says Del Mundo.
In addition to the above enhancements, the Velocity Release includes an updated User Interface to and new telemetry capabilities to customize integration and flags of ShiftLeft scans into their CI/CD pipeline.
The Velocity Release is available now to all ShiftLeft users.
ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry-leading accuracy, ShiftLeft empowers developers and AppSec teams to find and fix the most serious vulnerabilities faster. Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices, and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, California.