ShiftLeft "AppSec Shift Left Progress Report" Finds Enterprises Fix 91.4% of Vulnerabilities by Integrating Security Scans with Their CI/CD Pipelines
ShiftLeft, Inc., a leader in application security, today released its inaugural AppSec Shift Left Progress Report. Leveraging insight from ShiftLeft's CORE platform and customer application scanning patterns over a 12-month period, the report revealed that next-generation static application security testing (SAST) and intelligent software composition analysis (SCA) can increase the speed of vulnerability scans and narrow their scope to highlight reachable issues. This ultimately leads to measurably better outcomes: more frequent scans, fix rates earlier in the CI/CD pipeline that prevent security debt from accruing, and more security fixes overall.
"SaaS (News - Alert) developers must move quickly to keep their businesses competitive in today's market. As a result, building security into the DevOps process has traditionally been a burden," said Vibhuti Sinha, Chief Product Officer at Saviynt. "Faster scan times and increased scan frequency allows us to adopt the shift left philosophy and dramatically increase the number of critical, reachable vulnerabilities our team can address while also preventing the accrual of unnecessary security debt."
As enterprises continue to accelerate digital transformation initiatives to support remote work and digital business, developers continuously bring software to market at record velocities. Additionally, as cyber-attacks and supply chain attacks grow in scale and frequency, enterprises are placing heightened awareness on code security. The AppSec Shift Left Progress Report reveals that tightly integrating security testing with the CI/CD pipeline results in better outcomes that will be critical as the world continues to rely on digital services and enterprises accelerate security transformation.
Key findings from the report include:
Application security is still commonly performed with outdated SAST technology that takes hours or days to execute. While SCA tools may find risk in OS libraries, they often fall short of determining whether vulnerabilities are actually reachable. In today's modern, digital business era, enterprises require a combination of intelligent, prioritized SCA and SAST tools to manage risk at the speed of DevOps.
"For the first time, ShiftLeft is enabling AppSec and development teams to release secure code at scale. ShiftLeft provides its customers with a developer-centric approach to application security, enabling them to compare custom code within their production environments, narrowing the scope of only 'reachable' vulnerabilities," said Manish Gupta (News - Alert), CEO of ShiftLeft. "Our new report demonstrates that with ShiftLeft CORE, enterprises are executing scans in minutes and fixing 91.4% of new vulnerabilities, eliminating security debt and enabling teams to focus more time and resources on preventing vulnerabilities of certain types and severities from ever merging with their main branch. I am proud that ShiftLeft is helping its customers to embrace cloud while reducing security risk."
Learn more and read the full report here.
For more information on ShiftLeft CORE, visit https://www.shiftleft.io/.
ShiftLeft builds security software with a developers-first approach. Through industry-leading speed and accuracy, ShiftLeft maximizes developer productivity and efficiency by providing near-instantaneous security feedback on software code during every pull request. ShiftLeft CORE, a unified code security platform, combines the company's flagship NextGen (News - Alert) Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate. The platform is purpose-built to insert security directly into the modern software development lifecycle so developers receive the right vulnerability information at the right time.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA (News - Alert). To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.
Mistakes VARs Can't Afford to Make in the Cannabis Market
LoRaWAN: Rapid Deployment Meets Rapid Adoption
IoT Evolution Expo #TECHSUPERSHOW Expo Hall Open