2021

1 September

Highlights: SCA for JavaScript, sending build rule notifications to Jira, and the org owner role

What's New

  • SCA for JavaScript: We're pleased to announce that ShiftLeft now identifies open-source vulnerabilities when scanning JavaScript applications.

  • Send build rule information to Jira: The check-analysis command now accepts the --create-jira-issues flag. When using this flag, ShiftLeft will send findings that fail your build rules to Jira, where Jira will create issues for those findings.

  • Org Owner role: We've added the org owner role to ShiftLeft. The org owner is presumed to be the person creating the ShiftLeft org, but you can change this if desired. Org owners are automatically assigned super user privileges.

15 August

Highlights: RBAC and C# updates

What's New

C#: We’re pleased to announce that our C# analysis engine now supports the use of lambda and local functions.

RBAC: We’ve added detailed tables to our RBAC documentation that clarify the specific rights and privileges granted to each of the roles available.

31 July

Highlights: C# 9/.NET 5, access tokens for CI integrations

What's New

15 July

Highlights: role-based access control (RBAC), updated C# support

What's New

  • Role-Based Access Control (RBAC): ShiftLeft now features role-based access control, which allows you to assign permissions to users based on their role within an organization or a team, instead of individually. This approach is more straightforward and less error-prone.

  • C# Applications Support: We have updated ShiftLeft to support more recent versions of the .NET Framework and .NET Core in your runtime and build environments.

28 May

Highlights: new Python deep analyzer in NG SAST and addition of the ShiftLeft plugin for Jira to the Atlassian Marketplace

What's New

  • Python deep analyzer for NG SAST: We’ve updated NG SAST to use the CPG deep analyzer to analyze applications written in Python. See our blog announcement for under-the-hood information, and review our documentation on scanning your Python applications.

  • ShiftLeft Plugin for Jira: Our plugin, which allows you to use Jira to help manage vulnerabilities identified, is now available on the Atlassian Marketplace.

15 April

Highlights: ShiftLeft CORE (including Intelligent SCA and developer education tools), added support for apps using Vue.js, and GitLab tutorial updates

What's New

  • ShiftLeft CORE: You’ll notice a bit of new terminology on our website, specifically ShiftLeft CORE, which is our code security platform leveraging our Code Property Graph to offer you next-generation SAST, secrets detection, insights, Intelligent SCA, and developer education! Read more about each aspect of our platform on our blog.

  • Intelligent SCA: We’ve released Intelligent SCA, which allows you to identify vulnerabilities introduced into your application via third-party libraries, SDKs, APIs, and so on, then prioritize them based on whether they can be easily exploited or not.

  • Developer Education: We are pleased to announce two new learning resources. The first is ShiftLeft Learn, where you can go to learn about OWASP vulnerabilities and how you can go about mitigating them using NG SAST. In addition to free learning modules, you’ll find tips and tricks for managing your AppSec process, an invitation to our Discord community, and webinars (both recorded and live) focusing on advanced concepts.

    The second is a built-in Security Training feature, where you can access a training module. Whenever you open up the Vulnerability Detail panel, you’ll see a link that takes you to a tutorial that’s relevant to the finding (for example, the command injection vulnerability leads you to a module on what a command injection is and how you might handle this type of vulnerability).

  • Vue.js Support: We have added full support for the Vue.js framework, and we offer a sample application featuring this framework for your review.

  • GitLab Tutorial Update: We’ve updated and simplified the configuration files required to integrate NG SAST into your GitLab integration.

1 March

Highlights: Updates to the ShiftLeft CLI tool, new documentation, and security tutorials fresh on the blog

What’s New

  • We’ve added two commands to the ShiftLeft CLI tool:

    • The sl subscription command allows you to return information about your ShiftLeft subscriptions, including when they’re valid, as well as what your current usage and maximum usage levels are

    • The sl count-lines command command allows you to count the number of lines in a directory, which helps you determine if the workstation on which you’re running NG SAST has sufficient resources to support the scan

  • We’ve made a series of updates to our Documentation that you may find helpful:

    • Policies are powerful tools that allow you to describe the data and methods in your application, as well as how they relate to each other. This information enhances the code property graph generated, which is helpful to NG SAST for returning higher-level conclusions and relevant security findings. To help you get started, we have added several tutorials on working with custom policies.

    • We’ve added a troubleshooting guide that you may find helpful if you ever run into any issues working with NG SAST.