Overview

Protect is designed to prevent the exploitation of vulnerabilities present in your application. Because each application (and each iteration of an application) can vary, Protect gathers information specific to your application in its runtime environment from its sister product, Inspect, to customize the running of the Microagent that monitors your software.

At a high level, the Protect process is as follows:

  1. Analyze your code using ShiftLeft's Inspect solution

  2. Provide the shiftleft.json file generated by Inspect to Protect's Microagent; the JSON file includes the information Protect needs to obtain the Security Profile for Runtime (SPR) from ShiftLeft. The SPR contains information about the vulnerabilities that Inspect has detected to be present in your application.

  3. If desired, you can also configure the Microagent using Java System Properties or process environment variables.

  4. ‚ÄčRun Protect to secure your application; as it monitors your application, Protect will send events and metrics to your ShiftLeft Dashboard

The Microagent

Protect's Microagent is a lightweight agent that is deployed and is run in-memory with the applications you want to secure. The Microagent is customized to your application's design and the vulnerabilities identified by Inspect.

Configuring the Microagent

After Inspect analyzes your application, it generates a JSON file named shiftleft.json.

The shiftleft.json file contains information that Protect's Microagent uses to obtain the information it needs to customize the monitoring and securing of your application. More specifically, the Microagent obtains what is called the Security Profile for Runtime (SPR) from ShiftLeft. The SPR is generated with information gathered from Inspect to provide details regarding the vulnerabilities present in your code that Protect should monitor and secure against exploitation.

You can find the shiftleft.json file in the directory from which you run Inspect.

Though you are welcome to run the Microagent using its default settings, you can modify its behavior for use specifically in your environment.