Date: Jun 30, 2020 Author: Christina Cardoza Source: San Diego Times (
click here to go to the source)
ShiftLeft has announced an updated version of its NextGen Static Analysis solution. The release features new workflows designed to help developers improve security and enhance productivity.
According to the company, developer productivity suffers when security isn't automated or integrated into the life cycle. A recent ShiftLeft survey found 96% of developers felt a disconnect between development and security workflows, which impacted productivity. Additionally, respondents revealed developer-friendly security workflows were a higher priority than protecting apps in production environments.
"The only way to deliver security at the pace of modern SDLCs is to create a culture of individual developer accountability for the security of the code they write. However, this demands new AppSec solutions purpose-built for today's requirements," said Manish Gupta, CEO of ShiftLeft. "Based on our new survey, it's clear developers feel ad hoc security processes and the tools they have available to them today aren't helping. We've always put productivity and security at the foundation of our platform, and our customers' results demonstrate that the new workflow is significantly improving their security postures while increasing developer productivity."
The latest release features:
The ability to automate code analysis with every pull/merge request
Immediate security feedback
Ability for developers to fix vulnerabilities within their development environment
Ability to app security teams to write security-focused build rules
Best practices through security insights
Unlimited concurrent scans to eliminate bottlenecks
Ability to scan source code within the organization
Self-service on-boarding
Customizable workflows
"This developer-centric approach to code analysis greatly increases security and productivity by delivering the right vulnerability to the right developer at the right time. Mean time to remediation (MTTR) is reduced because vulnerabilities get fixed while the code is still fresh in the developers' minds, and vulnerable code doesn't become deeply interconnected because security build rules prevent it from entering the master branch," the company wrote in its announcement.