DEVOPSdigest

ShiftLeft launched a new version of its Inspect static application security testing (SAST) solution, designed specifically for developers.

Available for free, the new version of ShiftLeft Inspect provides developers with the fastest and most accurate SAST solution combined with key workflow integrations such as code repositories, build and bug-tracking tools to insert security into the earliest stages of the software development lifecycle (SDLC).

“It is now well-accepted that security needs to be shifted as far left as possible, but the lack of developer-friendly code analysis tools is a key inhibitor,” said Manish Gupta, CEO of ShiftLeft. “ShiftLeft Inspect is designed to give developers the speed, accuracy and seamless CI/CD pipeline integration they need. Yet, developers are the ultimate ‘try before you buy’ consumers so we’re now offering security to them through a truly usable, self-service and free version so they can see exactly what Inspect can do for them.”

ShiftLeft Inspect delivers SAST capabilities, including the ability to insert security directly into developer pull requests through a recently announced partnership with CircleCI. By leveraging ShiftLeft Inspect, developers can scan code and automate acceptance decisions based on security criteria. This ensures the right developers get the right vulnerability information at the right time, which leads to more efficient mean time to remediation (MTTR) and ultimately getting applications to production faster, without sacrificing security.

The new free version of ShiftLeft Inspect permits up to five users to perform 300 scans annually on 200,000 lines of code or less, which is significant given the fact that the average application has 7,200 lines of code (Based on Java applications in GitHub as of December 2019).

The offering supports applications written in Java, C#, Golang and Scala. It also allows developers to run two scans concurrently and analyze an infinite number of dependencies and frameworks. Additionally, ShiftLeft Inspect integrates with tools needed to streamline application security workflows, including bug-tracking tools, build tools, deployment tools, code repositories and security information and event management tools (SIEMs).