ShiftLeft Inspect is a next-generation static application security testing (SAST) solution, developed to support the speed, accuracy, and scale needs of CI/CD environments and to secure modern applications. Inspect provides a single pane of glass for the exhaustive exploration and analysis of every version of your unique code, including custom code, open source libraries, and commercial SDKs and their unique dependencies. In just minutes, Inspect is able to accurately identify complex vulnerabilities and sensitive data leakage. Inspect easily integrates into DevOps and DevSecOps pipelines and existing tools at pull request, code commit (Git, BitBucket, etc.), and build processes (Jenkins, TravisCI, etc.)
The proliferation of false positives generated by legacy SAST tools is a common problem for DevOps environments. Worse yet is the false negatives that leave organizations open to unknown risks.
The unique investigation algorithms built into Inspect, enable it to accurately detect a wide range of risks and vulnerabilities down to their exact line(s) of code, significantly reducing the generation of false positives, and zeroing in on vulnerabilities that would typically result in false negatives.
The comprehensive analysis and accuracy of Inspect was recently validated against the OWASP Benchmark for Security Automation, where ShiftLeft Inspect set the record with the discovery of 100% of the vulnerabilities that were present, and with an overall Youden score of 75%. Not only was this the highest SAST score ever recorded, but it doubled the score of next closest commercial SAST vendor and nearly triple the commercial average.
Inspect evaluates all the unique elements that make up each version of your application. The in-depth scope of analysis performed by Inspect includes custom code, frameworks, open source libraries, and commercial SDKs and all their dependencies. Through this holistic analysis, Inspect can identify even the most complex vulnerabilities found in modern applications, such as multi-stage deserialization vulnerabilities stemming from the way individual components are able to interact with each other. Inspect supports seamless integration into CI/CD pipelines.
Inspect employs natural language processing (NLP) and machine learning (ML) algorithms to identify all the important variables in code that would contain sensitive information. It then maps the flows of those elements from their source to sink to identify any sources where this data may be “leaking.” This is especially critical for organizations that need to comply with the growing number of privacy compliance standards, such as those required by GDPR. By focusing on variable names and not on pattern matching of values on the network, ShiftLeft provides a much more accurate way to identify data leakage scenarios. Increasingly, applications are handling data such as usernames, passwords, and credentials that have high entropy and therefore can’t be detected by looking for patterns on the network.