Checking code into the master branch is a security check-point in the software development life cycle (SDLC). NG SAST automatically runs full scans of the entire codebase with every pull/merge request, ensuring the right developer gets the right vulnerabilities at the right time. This allows vulnerabilities to be fixed even before they become part of the main branch. And given the vulnerabilities are discovered and fixed in the feature branch, they never become part of bug tracking systems or skew engineering metrics.
96% of developers say that disconnects between security and development workflows inhibit their productivity. ShiftLeft’s NG-SAST conducts security scanning and presents results in the same git-based development environments (GitHub, GitLab, Bitbucket, Azure Repos, etc.) that developers are accustomed to. Thus, there is virtually no learning curve and time-to-value is near-instantaneous.
NG SAST customers typically increase scanning frequency by 110X over legacy SAST tools. Some legacy code analysis tools even require on-premises hardware and additional licenses for concurrency that create severe bottlenecks when attempting to scale security testing to the needs of DevOps.
Typical Developer:AppSec ratio in the industry is 200:1. AppSec needs to leverage automation very much like Developers have become agile using the modern CI/CD pipeline. With NG SAST, Security teams can easily write or update build rules to accept or deny new code into the master branch. Updates are as simple as editing a human-readable text file and can be made in a matter of seconds. This allows AppSec teams to insert their domain knowledge into the developer workflow, achieving unprecedented automation.
Developers get immediate security feedback on every pull request. Since developers fix vulnerabilities while the code is still fresh in their minds, mean-time-to-remediation (MTTR) typically goes down by 5X. ShiftLeft’s customers are fixing over 70% of the new vulnerabilities in a typical sprint before they ever make it into production.
By delivering immediate and accurate security feedback with every pull request, developers learn secure coding practices. NG SAST’s Security Insights also provide developers with best practices for their specific programming languages and frameworks, allowing them to leverage the community’s best practices.
Up to 40X faster than traditional code analysis tools, NG SAST enables developers to secure every pull request without slowing it down. Unlike traditional tools that analyze source code graphs consecutively, NG SAST leverages the Code Property Graph (CPG) to run its analyses concurrently in a single graph of graphs.Watch Video
NG SAST is the most accurate static code analysis solution, by a factor of nearly 3X. Powered by the CPG, NG SAST posted the highest ever SAST score on the OWASP Benchmark. NG SAST’s 75% score is more than 2X the next highest competitor and nearly 3X the commercial average. Furthermore, unlike traditional tools, users have easy access to editable policies to reduce false positives from custom sanitization steps.