ShiftLeft announced a new release of its ShiftLeft CORE platform with a host of new features that enable application security and development teams to identify and remediate attackable vulnerabilities in the development process.
The new features empower developers and AppSec teams to streamline the triage process and automate security controls. ShiftLeft also announced GA support for Kotlin for Mobile, Beta support for Golang in the company’s I-SCA software composition analysis tool and GA support for Python SCA.
Taken together, the Velocity Update features can dramatically improve the speed of remediation and enable developers and application security teams to scan more frequently while maintaining the same levels of efficiency and accuracy. This enables appsec teams to provide better guidance to developers or allows developers to interact directly with scanning results and integrate those results into their workflows for earlier and more frequent remediation. The net result is fewer serious vulnerabilities get through the development process and organizations can more effectively shift security left.
New features and capabilities in this release include:
- Ability to perform code analysis for Kotlin (mobile) apps. This is an early stage beta release to support one of the fastest adopted languages amongst developer communities.
- Intelligent SCA for Python and Golang (beta) that allows developers to identify reachable/attackable open source vulnerabilities in their code.
The release also includes multiple critical workflow enhancements to improve customer experience such as:
- Improve build rules which provide the ability to automatically detect and intercept attacker reachable open-source vulnerabilities at every pull request in a development pipeline
- Interactive remediation which provides a shared workflow not available in legacy SAST tools where developers tell the tool to recognize their custom validation and sanitization methods in scan results
- Enhanced vulnerability descriptions that include a detailed explanation of the root cause of the issue, show developers what not to do, and why improper code leads to a vulnerability
- Branch selection to enable developers to more easily focus security and remediation on the code branch they are working on
- Richer data flow visualizations to enable developers to browse and analyze vulnerabilities by attackable dataflows
“Customers are already using ShiftLeft CORE to make security fixes earlier in the development cycle where they are less painful for devs and result in significantly less security debt for the application. That said, the increased frequency of scans and greater volume of vulnerability information can create information overload,” says Alok Shukla, VP Products, ShiftLeft Inc. “The ‘Velocity Update’ to ShiftLeft CORE helps them easily browse and triage high volumes of attackable dataflows and intelligently automate build decisions based on attackability exposure in each pull request.”
The Velocity Update continues ShiftLeft’s evolution towards making application security faster while making developer’s lives easier. By improving the way teams automate cutting edge application security practices, ShiftLeft is enabling organizations to ship code faster and with reduced risk.
“ShiftLeft CORE’s ability to see if vulnerabilities are attacker reachable is a huge help when it comes to triaging issues and showing developers the importance of a fix,” says Paolo Del Mundo, Head of Application Security for Motley Fool.
Through the addition of Kotlin and Python support in ShiftLeft’s Intelligent-SCA software composition analysis solution, ShiftLeft is continuing its rapid language coverage expansion to better meet the needs of polyglot development efforts where multiple languages are now the norm. “We look forward to the expanded language support and improved automation tools to speed up our remediation process even further,” says Del Mundo.
In addition to the above enhancements, the Velocity Release includes an updated User Interface to and new telemetry capabilities to customize integration and flags of ShiftLeft scans into their CI/CD pipeline.
The Velocity Release is available now to all ShiftLeft users.