Inserting security in GitLab merge requests!

Inserting security in GitLab merge requests!

Inserting security in Gitlab merge requests!ShiftLeft Inspect introduces an easy way to insert static code analysis in merge requests workflow in GitLab. To know more, read on.GitLab offers merge request workflow in ...
Does my Scala Value Class really not get allocated?

Does my Scala Value Class really not get allocated?

Scala’s Value Classes are a powerful and widely used mechanism for extension methods and additional type safety, both without incurring the runtime overhead of an allocation. ​For example, we can provide additional ...
Accomplishing SOC 2 Type II in the Cloud-Native Kubernetes Era

Accomplishing SOC 2 Type II in the Cloud-Native Kubernetes Era

| | DEVOPS, Kubernetes, security, shiftleft, SOC2
We’re excited to announce that ShiftLeft has achieved Service Organization Control 2 Type II compliance with zero exceptions. We began this compliance effort 10 months ago. Back in May 2019, we achieved ...
Towards a concept of Security Specification for Software Supply Chain

Towards a concept of Security Specification for Software Supply Chain

Credit: AmatechincMany developers dread code reviews, and one reason for this is probably that most reviewers only offer criticism rather than encouragement. Remember as a peer reviewer, you can also reinforce things ...
Automated Sensitive Data Leak Detection

Automated Sensitive Data Leak Detection

The average multinational spends several million dollars a year on compliance, while in highly regulated industries — like financial services and defense — the costs can be in the tens or even hundreds of millions. Despite ...
Finding Account Takeover Vulnerabilities in Finance Apps

What is causing financial institutions to lose $23 billion a year?

Password reuse is the single biggest reason for account takeover (ATO) fraud and financial institutions lost over $23Bn in 2018 to ATO fraud. Changing consumer behavior is difficult and organizations have to ...
Zero-Day Snafus — Hunting Memory Allocation Bugs

Zero-Day Snafus — Hunting Memory Allocation Bugs

Zero-Day Snafus — Hunting Memory Allocation BugsPrefaceLanguages like C/C++ come with the whole “allocation party” of malloc, calloc, zalloc, realloc and their specialized versions kmalloc etc. For example, malloc has a signature void *malloc(size_t ...
Are you ready for the CCPA?

Are you ready for the CCPA?

The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020. Are your web applications ready and compliant with the CCPA?We are giving you free access to the Forrester report ...
Welcome to the future of application security

Welcome to the future of application security

Yesterday’s announcement of the acquisition of Semmle by GitHub (Microsoft) is a ringing endorsement of the need to move security to the left— “shift left”. It is a validation of the growing ...
How ShiftLeft is able to analyze 1 million LoC under 15 minutes?

How ShiftLeft is able to analyze 1 million LoC under 15 minutes?

How ShiftLeft is able to analyze a million lines of code in just under 15 minutes?ShiftLeft code analysis technology uses a singular code representation “code property graph” to perform all types of ...