ShiftLeft is a cloud-based security service that helps protect your applications by creating a comprehensive security profile and enforcing that profile at runtime using a lightweight agent.
ShiftLeft code analysis involves a series of operations resulting in a detailed security profile (SP) of the application. Code analysis is initiated by integrating the ShiftLeft CLI with your build environment.
The security profile is presented at the ShiftLeft Dashboard for viewing and alerting, and downloaded by the ShiftLeft Microagent for runtime monitoring and protection (SPR).
ShiftLeft provides a microagent-based architecture for runtime monitoring and metrics, giving you real time visibility into, and policy-based control over, the production security of your app.
The ShiftLeft Microagent collects and reports data to the ShiftLeft service as the app runs, including both method execution and flow (succession of method calls), as well as throughput metrics in the form of calls per minute.
The Security DNA of an application is derived from code analysis and runtime metrics, informed by policy. The Security DNA of an app is the visual presentation of the security profile at the ShiftLeft Security DNA Dashboard.
Static code analysis detects data flows and variable names. Runtime provides metrics such as throughput and the number of method invocations. Policy leverages both to identify whitelisted methods, I/O endpoints, security violations in the code, and runtime incidents.
ShiftLeft Security DNA