ShiftLeft is a cloud-based security service that identifies application vulnerabilities and reports exposure of sensitive data by generating a comprehensive security profile for each version of your application. The ShiftLeft Microagent is instrumented with the security profile and alerts you of policy violations that are detected when the application is running in production.
ShiftLeft Security Service
ShiftLeft code analysis involves a series of operations resulting in a comprehensive security profile of the application. Code analysis is initiated by integrating the ShiftLeft CLI with your build environment for automated, continuous application security.
The security profile is presented at the ShiftLeft Dashboard for viewing and alerting. A runtime edition of the security profile (SPR) is used to instrument the ShiftLeft Microagent for monitoring the application in production and alerting when policy violations occur.
ShiftLeft provides a microagent-based architecture for runtime monitoring and metrics, giving you real time visibility into the production security of your applications.
The ShiftLeft Microagent collects and reports data to the ShiftLeft service as the application runs, including both method execution and flow (succession of method calls), as well as throughput metrics in the form of calls per minute.
The Security DNA of an application is derived from code analysis and runtime metrics, informed by policy. The Security DNA of an app is presented for viewing at the ShiftLeft Dashboard.
Static code analysis detects data flows and variable names. Runtime provides metrics such as throughput and the number of method invocations. Policy leverages both to identify whitelisted methods, I/O endpoints, security violations in the code, and runtime incidents.
ShiftLeft Security DNA