2020

March

Highlights: learn how to automate code analysis in your Jenkins build process, see improvements to the UI (including the new Source Code Views) as well as the Applications List performance

What's New

  • Jenkins Plugin for Ocular: This plugin allows you to automate code analysis during the build process using Ocular. With the plugin, you can set Jenkins to run Ocular as a final build step in a Pipeline project.

  • New Dashboard User Interface: The new ShiftLeft Dashboard features an improved user interface designed to make it easier for you to review application information and to find vulnerabilities of interest.

  • Source Code View: You can configure ShiftLeft's ability to automatically link identified vulnerabilities listed in the ShiftLeft Dashboard to the source code where the vulnerability can be found. This makes it easy for you to find the origins of a specific vulnerability.

    • New sl CLI Commands: The sl analyze command comes with two new flags for use with the new Source Code View features: --git-remote-name and --no-vcs-metadata.

Improvements

  • We've improved the Applications List performance; organizations with a large number of applications will see faster vulnerability counts and analysis progress.

January and February

Highlights: learn how to integrate ShiftLeft into your GitHub workflow, create custom build rules, see improvements to the Vulnerabilities API, and tell us your thoughts on where we should go with ShiftLeft

What's New

  • PR Workflow: Learn how you can integrate Inspect directly into your Git workflow so that your code is analyzed whenever you create a new Pull Request

  • Build Rules: We've added support for custom build rules, allowing ShiftLeft to compare the results of its analyses against your build rules to determine if the build should fail or not. You can include your build rules in your app's repository so that you can create custom rules on a per-application basis and keep things updated with version control

  • The sl option: The sl command now comes with the check-analysis option. This allows you to manually trigger a comparison between ShiftLeft's analysis results and the build rules that you can now include with your app

  • Vulnerabilities API: We've updated the Vulnerabilities API and its Dashboard so that you can easily:

    • Filter for vulnerabilities based on the application's branch tag

    • See the application version where a vulnerability was first introduced

  • Ideas Portal: We've opened up the Ideas Portal, where you can request new features for ShiftLeft, see what features others have asked for, and vote on ideas that you like

Bug Fixes

  • We've fixed the Dashboard so that DataFlows information (specifically line numbers, file names, and method names) displays correctly

  • The Dashboard now displays an error if you exceed the 15-minute code analysis timeout for self-serve licenses