Introducing ShiftLeft

Modernizing workload security for the cloud

ShiftLeft is a cloud-based security service that identifies application vulnerabilities and reports exposure of sensitive data by generating a comprehensive security profile for each version of your application. The ShiftLeft Microagent is instrumented with the security profile and alerts you of policy violations that are detected when the application is running in production.

ShiftLeft Security Service

ShiftLeft Security Service

Code Analysis

ShiftLeft code analysis involves a series of operations resulting in a comprehensive security profile of the application. Code analysis is initiated by integrating the ShiftLeft CLI with your build environment for automated, continuous application security.

The security profile is presented at the ShiftLeft Dashboard for viewing and alerting. A runtime edition of the security profile (SPR) is used to instrument the ShiftLeft Microagent for monitoring the application in production and alerting when policy violations occur.

ShiftLeft Pipeline

ShiftLeft Pipeline

Runtime Monitoring

ShiftLeft provides a microagent-based architecture for runtime monitoring and metrics, giving you real time visibility into the production security of your applications.

The ShiftLeft Microagent collects and reports data to the ShiftLeft service as the application runs, including both method execution and flow (succession of method calls), as well as throughput metrics in the form of calls per minute.

Security DNA

The Security DNA of an application is derived from code analysis and runtime metrics, informed by policy. The Security DNA of an app is presented for viewing at the ShiftLeft Dashboard.

Static code analysis detects data flows and variable names. Runtime provides metrics such as throughput and the number of method invocations. Policy leverages both to identify whitelisted methods, I/O endpoints, security violations in the code, and runtime incidents.

ShiftLeft Security DNA

ShiftLeft Security DNA

Introducing ShiftLeft

Modernizing workload security for the cloud