14 March 2022
We're in the process of migrating the ShiftLeft application domain from
https://app.shiftleft.io. The ShiftLeft website, however, will remain at
With this change, we will be able to provide you with increased security and performance.
You can begin using
https://app.shiftleft.io today. We will support the use of both domains through 1 August 2022; at that point, you must use
https://app.shiftleft.io for ShiftLeft CORE.
What this change means for ShiftLeft users
Due to the updated domain name, you may need to make the following changes:
- Update any old
slbinaries that might be using
- Update your firewalls; see our updated list of URLs that you should allowlist
- Update any scripts calling ShiftLeft URLs (e.g., scripts calling the ShiftLeft API, any Terraform modules you use to deploy ShiftLeft CORE)
- Update your SAML/SSO configuration
Please ensure that you've updated the domain name by 1 August 2022. We recommend that you implement any necessary changes and test before the changeover date.
25 October 2021
Our research team has learned that the
ua-parser-js package has been compromised with malicious code by threat actors. The versions affected include:
You can read more of our research in this article.
As of 25 October 2021, a review of dependencies used by active I-SCA customers shows that none of the applications scanned by ShiftLeft CORE are using affected versions of
- Avoid upgrading or rolling back to the affected versions of
- Scan your applications to generate a new SBoM and check for the versions listed above.