ShiftLeft has announced a new version of its ShiftLeft CORE platform with a host of new features that enable security and application development teams to identify and remediate attackable vulnerabilities in the development process.
The new features allow AppSec developers and teams to streamline the triage process and automate security checks. ShiftLeft also announced GA support for Kotlin for mobile, beta support for Golang in the company’s software composition analysis tool I-SCA, and GA support for Python SCA.
Together, Velocity Update features can dramatically improve remediation speed and allow developers and application security teams to scan more frequently while maintaining the same levels of efficiency and accuracy. This allows appsec teams to provide better guidance to developers or allows developers to directly interact with scan results and integrate those results into their workflows for earlier and more frequent remediation. The net result is that fewer serious vulnerabilities pass through the development process and organizations can more effectively shift security to the left.
New features and capabilities in this release include:
- Ability to perform code analysis for Kotlin (mobile) apps. This is an early-stage beta release to support one of the fastest-adopted languages among developer communities.
- Smart SCA for Python and Golang (beta) that allows developers to identify accessible/attackable open source vulnerabilities in their code.
The release also includes several critical workflow improvements to improve the customer experience, such as:
- Improve construction rules that provide the ability to automatically detect and intercept open source vulnerabilities available to attackers with every pull request in a development pipeline
- Interactive correction which provides a shared workflow not available in legacy SAST tools where developers tell the tool to recognize their custom validation and sanitization methods in scan results
- Improved descriptions of vulnerabilities that include a detailed explanation of the root cause of the problem, show developers what not to do, and why incorrect code leads to a vulnerability
- Branch selection to make it easier for developers to focus security and remediation on the branch of code they are working on
- Richer Data Flow Visualizations to allow developers to browse and analyze vulnerabilities by attackable data streams
“Customers are already using ShiftLeft CORE to deliver security patches earlier in the development cycle, where they are less of a burden on developers and result in significantly less security debt for the application. That said, the increased frequency of scans and the increased volume of vulnerability information can create information overload,” said Alok Shukla, VP of Products, ShiftLeft Inc. “ShiftLeft CORE’s ‘Velocity Update’ helps them navigate and easily triage large volumes of attackable data streams and intelligently automate build decisions based on attack exposure in each pull request.”
The Velocity update continues the evolution of ShiftLeft to accelerate application security while making life easier for developers. By improving how teams automate leading application security practices, ShiftLeft enables organizations to ship code faster and with reduced risk.
“ShiftLeft CORE’s ability to see if vulnerabilities are accessible to attackers is a big help when it comes to triaging issues and showing developers the importance of a fix,” says Paolo Del Mundo, Application Security Manager for Motley Fool.
With the addition of Kotlin and Python support in ShiftLeft’s Intelligent-SCA software composition analysis solution, ShiftLeft continues its rapid expansion of language coverage to better meet the needs of polyglot development efforts where multiple languages are now the norm. “We look forward to the expanded language support and improved automation tools to speed up our remediation process even further,” says Del Mundo.
In addition to the above enhancements, the Velocity release includes an updated UI and new telemetry capabilities to customize the integration and metrics of ShiftLeft analytics into their CI/CD pipeline.
The Velocity version is now available for all ShiftLeft users.