May 2019

  • Support for Java 11. All ShiftLeft products now support Java 11.

ShiftLeft Ocular

  • Windows Operating System Support. ShiftLeft Ocular now supports the Windows operating system.

  • Added JSP Support. You can now use ShiftLeft Ocular to examine the software elements and flows in your JSP to identify complex business logic vulnerabilities that can't be scanned for automatically. Note that this support does not include JSP Expression Language.

  • Support for MISRA C. MISRA C is now supported by ShiftLeft Ocular. MISRA C is a set of software development guidelines for the C programming language developed by the Motor Industry Software Reliability Association (MISRA). Its aims are to facilitate code safety, security, portability and reliability in the context of embedded systems.

  • New Control Dependence Graph. A new Control Dependence Graph has been added to the Code Property Graph (CPG). This graph is used to check for validation criteria in data flows. It enables the filtering of data flows based on control flow influence from certain sources.

  • New Tutorial on using ShiftLeft Ocular with JavaServer Pages (JSP). The ShiftLeft Ocular documentation now includes a tutorial on using ShiftLeft Ocular to examine the software elements and flows in your JSP to identify complex business logic vulnerabilities that can't be scanned for automatically.

ShiftLeft Inspect and ShiftLeft Protect

  • SOC 2 Type 1 Compliance. ShiftLeft Inspect now analyzes, and ShiftLeft Protect secures, data through SOC 2 compliance. By providing specific visibility into how you are handling data, your customers have additional assurance that you have the right controls in place to protect against the exploitation of vulnerabilities. The Type 1 report assesses the design of security processes at a specific point in time.

  • Universal Access Token for ShiftLeft Inspect and ShiftLeft Protect The uploadToken and license properties have been deprecated as a non-breaking change. These two properties are replaced by a single property that can be used for both uploading a token and licensing, thereby simplifying integration in CI/CD and runtime environments. The single property is accessToken in shiftleft.json and SHIFTLEFT_ACCESS_TOKEN in environment variables.

  • Custom Policies Available with ShiftLeft Inspect. ShiftLeft provides a database of default Policies. You can also create your own custom Policy for ShiftLeft Inspect. Documentation explains how to create and use a custom Policy, illustrated by the common use case of providing application- or organization-specific rules that more accurately reflect the state of sensitive data variables.

  • New Vulnerability API for ShiftLeft Inspect. The new ShiftLeft Inspect Vulnerability API is used to analyze your organization’s applications to identify and provide data on the code's vulnerabilities. The API returns a list of vulnerabilities with all the necessary information for you to take action on a code exploitable area. See the Vulnerability API documentation for specifics.

  • ShiftLeft Protect Improved .Net Installer. The installer for ShiftLeft Protect has been improved so that all dependencies are now bundled into a single downloadable file. This improvement enables the installer to run offline (without connecting to the Internet).

  • JSP Support Added for ShiftLeft Protect. You can now use ShiftLeft Protect to secure your JSP pages for vulnerabilities and data leakage. Note that this support does not include JSP Expression Language.