See for yourself – run a scan on your code right now

ShiftLeft, Inc., a leader in application security, has released a tool enabling businesses to independently benchmark and validate the accuracy of ShiftLeft CORE using the Open Web Application Security Project (OWASP) Benchmark Project, a Java test suite designed to evaluate the accuracy of vulnerability detection tools.

The OWASP Benchmark test suite is a sample application made up of thousands of actual instances and false positives of vulnerabilities spanning11 categories. Evaluating a tool against the OWASP Benchmark provides a window into that tool’s ability to find vulnerabilities while reducing false-positives.

With a true-positive rate of 100% and a false-positive rate of 25%, ShiftLeft CORE is the best-in-class static application security testing (SAST) tool when it comes to OWASP Benchmark score. To help businesses easily verify these findings, ShiftLeft has built in the OWASP Benchmark as a demo app on its platform, enabling cybersecurity decision-makers to run it in just a few clicks.

“Organizations are overwhelmed with options when evaluating new cybersecurity tools. Even once you’re past initial feature comparisons, it’s time-consuming to build a proper test environment and can be difficult to replicate scores claimed by vendors,” said Alok Shukla, Vice President of Product Management, ShiftLeft. “We truly believe in ShiftLeft CORE’s ability to outperform the competition. That’s why we’re presenting organizations with a way to easily benchmark ShiftLeft independently.”

The ShiftLeft CORE platform is built around ShiftLeft’s NextGen Static Analysis (NG SAST), a modern code analysis solution designed to support developer workflows. Powered by ShiftLeft’s unique Code Property Graph (CPG) engine, ShiftLeft CORE combines many representations of source code into a single, queryable graph database to understand the full flow of information across an application or service. This adds valuable context that accurately reduces false positives while prioritizing vulnerabilities based on reachability.

For more information on ShiftLeft CORE, visit

About ShiftLeft

ShiftLeft builds security software with a developers-first approach. Through industry-leading speed and accuracy, ShiftLeft maximizes developer productivity and efficiency by providing near-instantaneous security feedback on software code during every pull request. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate. The platform is purpose-built to insert security directly into the modern software development lifecycle so developers receive the right vulnerability information at the right time.

Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see

About ShiftLeft

ShiftLeft empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left.

A unified code security platform, ShiftLeft CORE scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use ShiftLeft ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, California. For information, visit:


See for yourself – run a scan on your code right now