14 March 2022

We're in the process of migrating the ShiftLeft application domain from to The ShiftLeft website, however, will remain at

With this change, we will be able to provide you with increased security and performance.

You can begin using today. We will support the use of both domains through 1 August 2022; at that point, you must use for ShiftLeft CORE.

What this change means for ShiftLeft users

Due to the updated domain name, you may need to make the following changes:

  • Update any old sl binaries that might be using
  • Update your firewalls; see our updated list of URLs that you should allowlist
  • Update any scripts calling ShiftLeft URLs (e.g., scripts calling the ShiftLeft API, any Terraform modules you use to deploy ShiftLeft CORE)
  • Update your SAML/SSO configuration

Please ensure that you've updated the domain name by 1 August 2022. We recommend that you implement any necessary changes and test before the changeover date.

25 October 2021

Our research team has learned that the ua-parser-js package has been compromised with malicious code by threat actors. The versions affected include:

  • pkg:npm/ua-parser-js@0.7.29
  • pkg:npm/ua-parser-js@0.8.0
  • pkg:npm/ua-parser-js@1.0.0

You can read more of our research in this article.

As of 25 October 2021, a review of dependencies used by active I-SCA customers shows that none of the applications scanned by ShiftLeft CORE are using affected versions of ua-parser-js.


  • Avoid upgrading or rolling back to the affected versions of ua-parser-js.
  • Scan your applications to generate a new SBoM and check for the versions listed above.