• Home
  • Getting started
    • Prerequisites
    • Quickstart
      • Overview
      • Integrating NG SAST into your developer or CI/CD workflow
      • Set up NG SAST on a local workstation
  • CORE
    • NG SAST
      • Analyzing applications
        • C/C++ (Beta)
        • C#
        • Go
        • Java
        • JavaScript/TypeScript
        • Kotlin (Beta)
        • Python
        • Scala
        • Terraform
      • Workflow integrations
        • AWS Code Build
        • Azure DevOps
        • Bamboo
        • Jenkins
        • CircleCI
        • Docker
        • GoCD
        • TeamCity
        • Travis
        • Bitbucket
        • GitHub
        • Gitlab
    • Intelligent SCA
    • Container scans
    • Security insights
    • Secrets
    • Educate
    • Customization
      • Build rules
      • Build rules v2
      • Configuration file
      • Policies
        • About policies
        • Create a custom policy
        • Use the default policy with best practices
        • Run a partial scan
        • Customize the descriptions of findings
        • Add a custom validation function
        • Create business logic-based policies
        • Exclude vulnerabilities with sanitization functions
        • Modify the sensitive data dictionary
    • Dashboard
      • Application overview
      • Organizations
      • Reporting
      • Application details
        • Summary
        • Vulnerabilities
        • OSS vulnerabilities
        • Container
        • Secrets
        • Compare
        • Settings
    • Users
      • Roles-based access control
      • User permissions
      • User and team management
      • Access tokens
    • API
      • Reference ↗
      • Returning scan-related information
      • Working with the ShiftLeft API's tokens endpoints
      • Creating service and CI tokens
    • Deployment
      • Deploying NG SAST to your organization
      • Enterprise deployment
        • Planning for deployment
        • Week 1 plan
        • Week 4 plan
        • Business-as-usual (BaU) plan
        • Reporting and compliance
        • Frequently asked questions
    • Integrations
      • Generating CI access tokens
      • ShiftLeft plugin for Jira
      • SAML integration and SSO
      • ShiftLeft CORE extension for VS Code
      • Using the ShiftLeft app for GitHub
    • Product information
      • Advisories
      • Findings type coverage
      • Migrations
      • Service level agreement (SLA)
      • What is an application?
      • What is a contributing developer?
    • Tutorials
      • Analyzing HelloShiftLeft with NG SAST
      • Scan Multi-Language Repositories in GitHub
      • OWASP Benchmark
      • OWASP Juice Shop
      • Suppressing findings based on defined patterns
      • Modify the severity of findings for Python applications
      • Troubleshooting
      • Using the bestfix script to obtain remediation and scan improvement suggestions
  • CLI
    • Install
    • Reference
      • Overview
      • sl analyze
      • sl auth
      • sl check-analysis
      • sl check-analysis v2
      • sl check-environment
      • sl count-lines
      • sl ngsast
      • sl policy
      • sl remediation
      • sl subscription
      • sl update
  • Ocular
    • Quickstart
    • Install
    • Interactive Shell
    • Ocular Interpreter
    • Top-Level Commands
    • Traversal Basics
    • Common Queries
    • Organizing Projects
    • CPGQL Reference
      • Reference Card
      • Node-Type Steps
      • Filter Steps
      • Core Steps
      • Repeat Steps
      • Complex Steps
      • Execution Directives
      • Augmentation Directives
      • Help Directive
      • Calls
    • Glossary
    • Execute Scripts on Startup
    • Updates
    • Memory Size Recommendations
    • How to Enhance the CPGQL
    • Tutorials
      • Investigate a C Application
      • Identify Memory Allocation Bugs in C
      • Debug Ocular Scripts with jdb
      • Find Deserialization Sinks in a Java Application
      • Check for MISRA C Violations
      • Investigate a Java Server Pages Application
      • Create Code Property Graphs For LLVM Bitcode
      • Investigate an Application with an Objective-C Frontend
      • Solve the iGoat Exercise
      • Extending the Ocular Schema
    • Sample Use Cases
      • How to Uncover the Attack Surface
      • How to Identify Call Chains
      • How to Detect 0-day Vulnerabilities
      • Discovering HTTP Cookie Poisoning
      • How to Track Non Atomic Data Types
    • Jenkins Plugin
    • Language Support
  • Core concepts
    • Code Property Graph
    • Syntax-Tree Queries
    • Policy Language
  • Software updates
    • 2022
    • 2021
    • 2020
Create Free AccountLogin →
  • Create Free Account
  • Login →

Frequently asked questions

Some of the links in this article are located in Zendesk. To access these articles, please sign into Zendesk via the ShiftLeft Dashboard.

Analyzing applications#

  • How do I scan and group multiple Java JAR/WAR files?
  • How do I generate BOM files for an application?
  • How do I generate tokens to use in CICD?

Viewing results#

  • How do I view newly introduced vulnerabilities in a PR?
  • How do I convert NG SAST results to SARIF format?
  • Why do the JavaScript SCA results look different from that of Java?
  • When I export my results, why do I get an OutOfMemory error?

Tuning the analysis engine#

  • How do I view the default sensitive data dictionary?
  • How do I customize the default dictionary?
  • How do I create custom policies?
  • How do I add custom validation functions?

Platform#

  • What languages are supported in NGSAST?
  • What is an application in NGSAST?
  • Who is considered a contributing developer?
  • What types of findings are covered by NGSAST?
  • Does ShiftLeft CORE have any SLAs?

Single sign-on#

  • How do I configure SAML 2.0 for a ShiftLeft Org?
  • How do I enforce SSO-only login for non-admin users?
  • How do I enable service provider (SP) initiated SSO?

Role-based access control (RBAC)#

  • What is the RBAC model within ShiftLeft CORE?
  • Analyzing applications
  • Viewing results
  • Tuning the analysis engine
  • Platform
  • Single sign-on
  • Role-based access control (RBAC)