Highlights: learn how to automate code analysis in your Jenkins build process, see improvements to the UI (including the new Source Code Views) as well as the Applications List performance
Jenkins Plugin for Ocular: This plugin allows you to automate code analysis during the build process using Ocular. With the plugin, you can set Jenkins to run Ocular as a final build step in a Pipeline project.
New Dashboard User Interface: The new ShiftLeft Dashboard features an improved user interface designed to make it easier for you to review application information and to find vulnerabilities of interest.
Source Code View: You can configure ShiftLeft's ability to automatically link identified vulnerabilities listed in the ShiftLeft Dashboard to the source code where the vulnerability can be found. This makes it easy for you to find the origins of a specific vulnerability.
sl CLI Commands: The
sl analyze command comes with two new flags for use with the new Source Code View features:
We've improved the Applications List performance; organizations with a large number of applications will see faster vulnerability counts and analysis progress.
Highlights: learn how to integrate ShiftLeft into your GitHub workflow, create custom build rules, see improvements to the Vulnerabilities API, and tell us your thoughts on where we should go with ShiftLeft
PR Workflow: Learn how you can integrate Inspect directly into your Git workflow so that your code is analyzed whenever you create a new Pull Request
Build Rules: We've added support for custom build rules, allowing ShiftLeft to compare the results of its analyses against your build rules to determine if the build should fail or not. You can include your build rules in your app's repository so that you can create custom rules on a per-application basis and keep things updated with version control
Vulnerabilities API: We've updated the Vulnerabilities API and its Dashboard so that you can easily:
Filter for vulnerabilities based on the application's branch tag
See the application version where a vulnerability was first introduced
Ideas Portal: We've opened up the Ideas Portal, where you can request new features for ShiftLeft, see what features others have asked for, and vote on ideas that you like
We've fixed the Dashboard so that DataFlows information (specifically line numbers, file names, and method names) displays correctly
The Dashboard now displays an error if you exceed the 15-minute code analysis timeout for self-serve licenses