ShiftLeft CORE Platform Debuts
April 12, 2021
CORE is a unified code security
platform. Powered by ShiftLeft’s
Code Property Graph (CPG) engine,
the ShiftLeft CORE platform features
NextGen Static Analysis (NG SAST), a
modern code analysis solution built
to support developer workflows;
Intelligent Software Composition
Analysis (SCA), which scores code
vulnerabilities based on whether an
attacker can reach it; and ShiftLeft
Educate, which delivers contextual
security training for developers
within the developer workflow.
Intelligent Software Composition Analysis (SCA) – SCA tools identify vulnerable dependencies or libraries in an application, thus creating a large amount of work for the developers. ShiftLeft's Intelligent SCA precisely identifies the vulnerable dependencies that actually make the application vulnerable. By understanding exactly how a dependency is being used in an application, ShiftLeft can identify whether a specific vulnerable dependency is "attacker reachable" and can be exploited. ShiftLeft can even identify when a vulnerable dependency's risk can be mitigated without the need to upgrade the dependency. In early deployments, ShiftLeft customers saw an over 90% reduction in tickets by homing in on real vulnerable dependencies using Intelligent SCA.
ShiftLeft Educate – A fresh take on security training for developers, ShiftLeft Educate delivers bite-sized, context-sensitive security training for developers when and where they need it the most. Educate highlights specific files and lines of code where a vulnerability occurs and delivers comprehensive, reliable, and relevant guidance on how to remediate the issue without requiring developers to context switch. Administrators are also able to assign specific trainings to certain users, and developers are awarded certifications for completing trainings.
CORE has helped our team more
effectively prioritize Software
Composition Analysis (SCA)
findings,” said Rick Bohm, SVP of
IT, Information Security and
Compliance, Angi. “Their product is
unique in its ability to
differentiate between general and
actionable vulnerabilities, which
has helped greatly reduce security
tickets. With this product, we are
confident we are prioritizing on any
higher-risk issues and keeping our
users’ data safe."