Use the default policy with best practices
ShiftLeft offers a variation of the default policy with sensitive data dictionary that includes best practices. With this policy, ShiftLeft will show findings that are violations of best practices violations and attacker-reachable findings.
For example, one such finding might be a SQL injection vulnerability involving a string append operation that isn't attacker reachable. Another might involve code that dynamically generates SQL statements. These finding would be shown in the ShiftLeft Dashboard and flagged as info
.
Usage
To use this policy, modify your invocation of sl analyze
to include the --policy
flag and the name of the policy as follows:
The use of this policy will likely increase the number of findings for your app, and it may slow down the speed of analysis.