ShiftLeft, Inc., an innovator in automated application security testing, today announced 407% year-over-year revenue growth driven by increased customer demand for its cutting edge technologies which radically reduce application attackability by assessing the actual attack pathways and providing remediation steps for the most serious risks. Application security teams and developers using ShiftLeft are able to close more security gaps at a faster pace and spend more time focusing on the issues that matter the most thanks to the combination of lightning speed of analysis and the highest industry accuracy. During the year, the company enjoyed a 143% net customer retention rate driven by strong customer embrace of the product; in Gartner’s PeerInsights platform, ShiftLeft has received exclusively five-star reviews from users.

ShiftLeft’s innovative Code Property Graph combines unique representations of source code into a high-performance graph database that supports a growing suite of novel product capabilities including extensible code analysis and precise data flow analysis. With a startup time of seconds for individual developers and application security teams alike, ShiftLeft drops directly into all major continuous integration tools without requiring any modification in existing code development workflows. In the past year, ShiftLeft added multiple new features delivered for production customers, including:

  • ShiftLeft CORE – A unified code security platform to support DevOps deployment cycles.
  • ShiftLeft Intelligence Software Composition Analysis – Precisely identifies the vulnerable dependencies that make an application vulnerable and scores code vulnerabilities based on whether an attacker can reach them.
  • ShiftLeft Educate – A highly-effective context-sensitive security training for developers within the developer workflow.
  • ShiftLeft Illuminate – A tech-enabled service engagement where ShiftLeft experts identify insider attacks in the software development pipeline.

“ShiftLeft is changing the way companies address their application testing by helping them measurably reduce attackability and surface area through faster identification and remediation of bugs and issues without forcing them to leave their workflow or change their tooling,” said Manish Gupta, ShiftLeft’s Co-Founder & CEO. “As we continue to add new features at an accelerating pace and grow our market penetration across verticals, we are keeping our focus on our North Star — helping customers fix the highest severity vulnerabilities in the shortest time possible and significantly reduce the attack surface.”

Because ShiftLeft is so efficient, accurate, and easy to use, customers are using it more frequently and with better results, providing that modern application security testing services can dramatically improve code security at scale and security posture. In the 2021 AppSec Shift Left Progress Report, customers using ShiftLeft reported that:

  • 91.4% of new issues were fixed in one to two sprints when ShiftLeft was automated in the CI/CD pipeline
  • 92% reduction in SCA tickets by prioritizing open source vulnerabilities based on attacker reachability
  • 86% of fixes were for critical or well-known issue classes
  • Median scan time of 2min and 20 seconds
  • With shorter scan times, 46% of all applications were scanned weekly and 17% scanned daily

During a milestone year of growth, ShiftLeft won public accolades and analyst acclaim. Demonstrating the industry-leading accuracy of its technology ShiftLeft was recognized in this year’s OWASP Benchmark for delivering ‘Industry Best Scores for Finding Vulnerabilities While Reducing False-Positives.’ As part of the report, ShiftLeft set an industry standard with 75% accuracy in its vulnerability detection, exceeding accuracy rates of any other automated application security testing technologies.

In 2021, the company launched its inaugural Shifting Left Conference 1.0 Conference and the follow-up Shifting Left 2.0 Conference. The two events provided the developer and application security communities with newfound and invaluable insights into application security for developers, modern developer workflows, code analysis, and software composition analysis. For 2022, ShiftLeft’s next event in January will provide attendees with educational deep-dives, anecdotal lessons, and peer networking opportunities. The conference unites security teams and developers by giving them new skills to find and quickly fix high-severity vulnerabilities, and, by extension, to build and release safer applications.

According to Gartner’s Critical Capabilities for Application Security Testing report, “Secure software is a foundational element of the modern enterprise and we’re now seeing the application security testing market entering a period of rapid evolution and change. New vendors and capabilities are addressing evolving requirements and application architectures, and the increased pace of development.”

To support its accelerating innovation roadmap and customer growth, ShiftLeft added experienced executive talent including Kit Wetzler as VP of Worldwide Sales, Corinna Krueger as VP of Marketing, and David Walker, Director of Worldwide Channels. Wetzler will expand the global sales and customer footprint. Krueger will grow marketing efforts into new channels and expand product marketing efforts. A noted GTM and business development leader, Walker will work closely to expand current channel programs and to grow business with key business partners.

About ShiftLeft

ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry-leading accuracy, ShiftLeft empowers developers and AppSec teams to find and fix the most serious vulnerabilities faster. Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices, and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.

Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see

About ShiftLeft

ShiftLeft empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left.

A unified code security platform, ShiftLeft CORE scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use ShiftLeft ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, California. For information, visit:


See for yourself – run a scan on your code right now