Frequently asked questions

Some of the links in this article are located in Zendesk. To access these articles, please sign into Zendesk via the ShiftLeft Dashboard.

Analyzing applications

• How do I scan and group multiple Java JAR/WAR files?
• How do I generate BOM files for an application?
• How do I generate tokens to use in CICD?

Viewing results

• How do I view newly introduced vulnerabilities in a PR?
• How do I convert NG SAST results to SARIF format?
• Why do the JavaScript SCA results look different from that of Java?
• When I export my results, why do I get an OutOfMemory error?

Tuning the analysis engine

• How do I view the default sensitive data dictionary?
• How do I customize the default dictionary?
• How do I create custom policies?
• How do I add custom validation functions?

Platform

• What languages are supported in NGSAST?
• What is an application in NGSAST?
• Who is considered a contributing developer?
• What types of findings are covered by NGSAST?
• Does ShiftLeft CORE have any SLAs?

Single sign-on

• How do I configure SAML 2.0 for a ShiftLeft Org?
• How do I enforce SSO-only login for non-admin users?
• How do I enable service provider (SP) initiated SSO?

Role-based access control (RBAC)

• What is the RBAC model within ShiftLeft CORE?