ShiftLeft is a cloud-based security service that helps protect your applications by creating a comprehensive security profile and enforcing that profile at runtime using a lightweight agent.
ShiftLeft Security Service
ShiftLeft code analysis involves a series of operations resulting in a detailed security profile (SP) of the application. Code analysis is initiated by uploading an app to the service using the ShiftLeft CLI or Plugin.
The security profile is presented at the ShiftLeft Dashboard for analysis and alerting, and downloaded by the ShiftLeft Microagent for runtime monitoring and protection (SPR).
ShiftLeft Code Analysis
The Security DNA of an application is derived from code analysis and runtime metrics, informed by policy. The Security DNA of an app is the visual presentation of the security profile at the dashboard.
Static code analysis detects data flows and variable names. Runtime provides metrics such as throughput and number of method invocations. Policy leverages both to identify whitelisted methods, I/O endpoints, security violations in the code, and runtime incidents.
ShiftLeft Security DNA
ShiftLeft provides a microagent-based architecture for runtime monitoring and metrics, giving you real time visibility into, and policy-based control over, the runtime security of your app.
The ShiftLeft Microagent collects and reports data to the ShiftLeft service as the app runs, including both method execution and flow (succession of method calls), as well as throughput metrics in the form of calls per minute.
Preload HelloShiftLeft and use the dashboard to view the results of static code analysis and the security profile.
HelloShiftLeft is a Spring-based Java web app with HTTP handlers that a user can trigger from outside. These handlers provide the ability to create new objects, save them to a database, and retrieve them.
HelloShiftLeft exposes three top-level endpoints:
HelloShiftLeft Sample App
HelloShiftLeft transports data across various interfaces and channels, including HTTP/TCP, DB, S3, and makes use of various secrets, including credentials for AWS, MySQL, and Salesforce. In addition, HelloShiftLeft processes sensitive information, including:
- Customer data: PII such as DOB, SSN, TIN, phone, address
- Account data: Financial records, such as routing number, account number, balance
- Health data: PHI such as patient ID, name, vitals, height, weight, DOB
Requests can be sent to HelloShiftLeft by any client application. For example:
See the Reference section for other types of requests you can make to the HelloShiftLeft API.