ShiftLeft CORE Introduced
April 12, 2021

ShiftLeft introduced ShiftLeft CORE, a unified code security platform.

Powered by ShiftLeft’s Code Property Graph (CPG) engine, the ShiftLeft CORE platform features NextGen Static Analysis (NG SAST), a modern code analysis solution built to support developer workflows; Intelligent Software Composition Analysis (SCA), which scores code vulnerabilities based on whether an attacker can reach it; and ShiftLeft Educate, which delivers contextual security training for developers within the developer workflow.

“With security of the software supply chain currently under close scrutiny, DevSecOps has shifted from a nice-to-have to a need-to-have imperative for organizations and their developers,” said Manish Gupta, CEO, ShiftLeft. “Traditional SAST and DAST tools are built only to meet the security team’s goals – they’re disruptive to developer productivity and aren’t ready for the current pace of organizations’ demanding product delivery cycles. ShiftLeft CORE is designed to bring a comprehensive suite of code security solutions to developers’ fingertips, making it simple and efficient to integrate security into their everyday practices.”

ShiftLeft CORE offers a suite of code security solutions from a single, unified platform. These include:

- NextGen Static Analysis (NG SAST) – NG-SAST is a modern code analysis solution purpose-built for developers, enabling them to find and fix vulnerabilities without ever leaving their development environment. The solution identifies unique code base vulnerabilities before they reach production, addressing hardcoded secrets, data leakage, auth bypass, rootkits, backdoors, and logic bombs. The unmatched speed and accuracy of NG SAST ensures developers stay productive, delivering rapid results while eliminating false positives.

- Intelligent Software Composition Analysis (SCA) – SCA tools identify vulnerable dependencies or libraries in an application, thus creating a large amount of work for the developers. ShiftLeft's Intelligent SCA precisely identifies the vulnerable dependencies that actually make the application vulnerable. By understanding exactly how a dependency is being used in an application, ShiftLeft can identify whether a specific vulnerable dependency is "attacker reachable" and can be exploited. ShiftLeft can even identify when a vulnerable dependency's risk can be mitigated without the need to upgrade the dependency. In early deployments, ShiftLeft customers saw an over 90% reduction in tickets by homing in on real vulnerable dependencies using Intelligent SCA.

- ShiftLeft Educate – A fresh take on security training for developers, ShiftLeft Educate delivers bite-sized, context-sensitive security training for developers when and where they need it the most. Educate highlights specific files and lines of code where a vulnerability occurs and delivers comprehensive, reliable, and relevant guidance on how to remediate the issue without requiring developers to context switch. Administrators are also able to assign specific trainings to certain users, and developers are awarded certifications for completing trainings.

ShiftLeft CORE is powered by ShiftLeft’s unique Code Property Graph (CPG) engine, which combines many representations of source code into a single, queryable graph database. Designed with modern, modular applications in mind, the CPG is able to understand the full flow of information across an application or service, adding valuable context to its code security analysis and recommendations.

“Organizations today don’t have a problem finding vulnerabilities; the challenge is prioritizing and fixing the ones they already have without sacrificing speed in the development process,” said Chetan Conikee, CTO, ShiftLeft. “The groundbreaking features we’re offering in the ShiftLeft CORE platform are designed to address this new dynamic, and turn application security into a business advantage for our customers.”

Share this

Industry News

May 06, 2021

Splunk announced the new Splunk Observability Cloud, the full-stack, analytics-powered and enterprise-grade Observability solution.

May 06, 2021

Gluware unveiled its DevOps for NetOps framework featuring Gluware Lab, its integrated development environment (IDE).

May 06, 2021

Ambassador Labs announced the new Ambassador Developer Control Plane (DCP), whichgives developers the ability to manage the entire modern software development lifecycle for Kubernetes environments using tools and processes that are familiar to them.

May 06, 2021

Code Dx and Secure Code Warrior have teamed up to launch Project Better Code, an initiative to tackle a major challenge facing innovative organizations today – pushing the pace of software development without compromising software security.

May 06, 2021

Pegasystems announced the latest evolution of its Pega Infinity software suite to help speed and simplify digital transformation (DT) initiatives, Pega Infinity version 8.6.

May 06, 2021

Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code (IaC), now integrates with the Argo Project.

May 05, 2021

Amazon Web Services announced the general availability of Amazon DevOps Guru, a fully managed operations service that uses machine learning to make it easier for developers to improve application availability by automatically detecting operational issues and recommending specific actions for remediation.

May 05, 2021

SmartBear has added API testing support for the popular, open source event streaming platform, Apache Kafka.

May 05, 2021

Red Hat unveiled its Developer Sandbox for Red Hat OpenShift, an OpenShift-based development environment designed to enable organizations to accelerate the path from code to production for Kubernetes-based applications.

May 05, 2021

DevOps Institute announced the lineup for SKILup Days in the second quarter of 2021.

May 05, 2021

Idera announced the acquisition of Xblend Software.

May 04, 2021

ThoughtSpot announced the launch of ThoughtSpot Everywhere.

May 04, 2021

Perforce Software announced the availability of virtual devices (Android emulators and iOS simulators) as part of the comprehensive device lab within Perfecto’s Intelligent Test Automation platform.

May 04, 2021

LogiGear announced the newest release of its flagship TestArchitect™ Enterprise product, TestArchitect Enterprise 9.0.

May 04, 2021

Rafay Systems announced new enhancements to its flagship Kubernetes Management Cloud (KMC).