Shiftleft CORE

  On this page:

ShiftLeft CORE can help you identify open source vulnerabilities and prioritize them based on how problematic they may be to your application's security. Currently, ShiftLeft is capable of scanning for open-source vulnerabilities in applications written in C#JavaJavaScriptPython, and Scala. Support for Go is currently in beta, and support for other languages is forthcoming.

Add your review
ShiftLeft CORE can help you identify open source vulnerabilities and prioritize them based on how problematic they may be to your application's security.

Supported languages and package formats

Currently, ShiftLeft is capable of scanning for open-source vulnerabilities in applications written in C#JavaJavaScriptPython, and Scala. Support for Go is currently in beta, and support for other languages is forthcoming.

ShiftLeft supports the following package formats:

LanguagePackage format
C# – .NET Core and .NET Framework.csprojpackages.config
Go (Beta)Gopkg.lockgo.modgo.sum
Java/ScalaMaven (pom.xml), Gradle (build.gradle.kts), Scala (SBT)
JavaScript (Node.js)package-lock.jsonpnpm-lock.yamlyarn.lock, Rush.js
PythonThe Pipfile, requirements.txt, the requirements directory, poetry.lock or setup.py files
How ShiftLeft Can Help?

ShiftLeft seeks to help you answer the following four questions when it comes to any common vulnerability and exposure identified as being present due to the use of an open-source package:

  • Is the package that contains the CVE loaded by the application?
  • Is the package that contains the CVE in use by the application?
  • Is the CVE in the package in an attacker-controlled path? Is it reachable via data flows?
  • What can you do to mitigate the CVE? Typically, you can't fix an issue in an open-source package, but are there options (other than upgrading) available to you?


In short, ShiftLeft will help you identify CVEs and determine if the CVEs are high-priority items. With that information in hand, you should be better informed when it comes time for you to mitigate the open-source vulnerability.

Videos: Shiftleft CORE

User Reviews

0.0 out of 5
0
0
0
0
0
Write a review

There are no reviews yet.

Be the first to review “Shiftleft CORE”

Your email address will not be published.

Shiftleft CORE
Shiftleft CORE

Free!

AppSec Santa