See for yourself – run a scan on your code right now

ShiftLeft™ Inc., an innovator in automated application security testing, today announced that ShiftLeft CORE is now available on the Palo Alto Networks Cortex XSOAR Marketplace, the industry’s largest and most comprehensive security orchestration marketplace. The ShiftLeft content pack on Cortex XSOAR’s Marketplace adds automation to code security scans that enables SOC teams to plan preemptive mitigation for critical vulnerabilities and leaked secrets before they are deployed in live applications.

With ShiftLeft CORE and Cortex XSOAR, Application Security engineers can gather application threat intelligence and help prioritize bug fixes, identify and create incidents to rotate secrets discovered in code and proactively monitor applications for critical attacker-reachable vulnerabilities that enter production.

“A robust, open ecosystem is at the heart of Cortex XSOAR,” said Rishi Bhargava, VP of Product Strategy for Cortex XSOAR at Palo Alto Networks. “We are proud to welcome ShiftLeft and its innovative application security technology to the Cortex XSOAR Marketplace ecosystem, which has 750+ integrations that enable our customers to connect disparate security tools and data sources to enable maximum efficiency in the SOC.”

“Security teams using ShiftLeft CORE can see attacker reachable vulnerabilities in an application update before it enters the code base. By using the content pack for Cortex XSOAR, SOC teams can respond to un-remediated and attacker reachable open source risks that will appear in deployed applications before attackers can see them,” said Alok Shukla, VP Product at ShiftLeft. “The convenience and accuracy of ShiftLeft CORE makes it a tool that is used daily by our customers.”

We are excited to join the Palo Alto Networks ecosystem to connect to other security services and enable our shared customers to simplify the developer workflows to make it easier to quickly identify and fix vulnerabilities.”

To learn more about the ShiftLeft CORE content pack, visit

About Cortex XSOAR

As the market-leading extended security orchestration, automation, and response (SOAR) platform, Cortex XSOAR is designed to simplify and automate complex security workflows across your security stack. It is the only platform that offers more than 750 content packs and comprehensive playbooks, incident War Room, case management, team chat, mobile app, native threat intelligence management, and a built-in marketplace. Now, your team can reduce manual cycles, manage alerts across any source, standardize processes with playbooks, enrich incidents with threat intelligence, and automate response for any security use case.

To discover new SOAR content, visit

About ShiftLeft

ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry leading accuracy, ShiftLeft empowers developers and appsec team to find and fix the most serious vulnerabilities faster. Using its patented graph analysis that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.

About ShiftLeft

ShiftLeft empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left.

A unified code security platform, ShiftLeft CORE scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use ShiftLeft ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, California. For information, visit:


See for yourself – run a scan on your code right now