Security Compliance Reports with ShiftLeft ScanThis blog was originally published at https://blog.shiftleft.io.9:00 am9:00 am — Start of your dayPicture this scenario. You are a Lead DevOps at your company with programming skills. Your new Head of Information Security just walked in and wants a quick catch up with your team. Before everyone ... Read More

IntroductionThe 2020 edition of Verizon Data Breach Investigations Report (DBIR) is out now. This edition is based on 32,000 incidents and 4,000 data breaches across sixteen industries. For the first time, DBIR uses the standard controls from CIS and MITRE ATT&CK frameworks making this report quite special for InfoSec professionals ... Read More

TL;DR - Yes, we are getting there, and we ❤️ them already!IntroductionWeb-based IDEs such as GitHub & Visual Studio Codespaces (originally Visual Studio Online), Gitpod based on Eclipse Theia are now offering a desktop-quality development environment entirely in a web browser. Developers and Security analysts can now work with different ... Read More

ShiftLeft Scan ❤️ GitHubIt gives us great pleasure to announce that ShiftLeft Scan is now natively integrated with GitHub Code Scanning to help developers and teams keep their applications secure without slowing down their productivity. Scan can be effortlessly added to the GitHub action workflow and configured as per the ... Read More

Dev + Sec + Ops ! = DevSecOpsDevSecOps formulaHistorically, security vendors and code scientists around the world have been looking for a single universal formula to represent the notion of DevSecOps.In my previous posts, I had introduced ShiftLeft Scan and written about the cultural and process changes involved in transitioning ... Read More

When does a DevOps team or a person become DevSecOps? Is it after they start using one or two security tools as part of their workflow? Or is it after they hire or work with a security engineer/analyst to get their work reviewed frequently? The answers to these questions often ... Read More

Announcing ShiftLeft Scan — An integrated scanner for modern DevOpsIt gives us great pleasure to announce Scan — a free and open-source security product from the ShiftLeft Incubator. Scan is built specifically for the needs of modern DevOps teams and requires no training or user manuals to get started or to integrate into your ... Read More

As a passionate DevSecOps personnel, I wanted to build a portfolio of security tools that both the DevOps and the security community would love to use. The security tools marketplace is quite messy — people are forced to use, work and integrate with security products that are unfit for the purpose — often by ... Read More