DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Leadership Suite
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Latest News Releases » ShiftLeft and CircleCI Strengthen DevOps Security by Inserting Code Analysis as Far Left as Developer Pull Requests

ShiftLeft and CircleCI Strengthen DevOps Security by Inserting Code Analysis as Far Left as Developer Pull Requests

By: Deborah Schalm on December 4, 2019 2 Comments

New Partnership and Product Integration Delivers the Industry’s Fastest and Most Accurate Vulnerability Scanning at One of the Earliest Stages in the CI/CD Pipeline

Recent Posts By Deborah Schalm
  • Exabeam Reinvents Security Analytics with Fusion XDR and Fusion SIEM Cloud Products to Address Security Needs at Scale
  • New Study Reveals Importance of Optimized Strategy for the Selection, Support, and Maintenance of Open Source Software
  • Applitools Integrates With Rally for Fast and Automated Bug Management
More from Deborah Schalm
Related Posts
  • ShiftLeft and CircleCI Strengthen DevOps Security by Inserting Code Analysis as Far Left as Developer Pull Requests
  • ShiftLeft Announces Strategic Investment from and Go-to-Market Partnership with Wipro
  • ShiftLeft Report Reveals State of Application Security
    Related Categories
  • Latest News Releases
    Related Topics
  • circleCI
  • ShiftLeft
Show more
Show less

SANTA CLARA, Calif., Dec 04, 2019

ShiftLeft Inc., an innovator in automated application security, today announced a partnership and deep integration with CircleCI that enables organizations to insert security directly into developer pull requests from code repositories. ShiftLeft Inspect is the first static application security testing (SAST) vendor to partner with CircleCI to provide these capabilities.

DevOps Connect:DevSecOps @ RSAC 2022

Today’s organizations are working to insert security as far left in their DevOps process as possible, but many struggle to achieve the speed and accuracy necessary to automate security quality decisions. To date, the only tools that can run in the build phase take hours or days to scan, dramatically reducing developer velocity. These tools are also known to produce a large number of false positives, which means organizations aren’t willing to automatically fail builds without manually triaging results, which adds further delay.

Pull requests represent a critical phase for developers, as it is the phase in which new individual developer code is integrated into the overall codebase. By enabling SAST at pull requests, the right developer gets the right vulnerability information at the right time. Developers can more efficiently address vulnerabilities in their respective code, improving the overall security of the final build.

The partnership and integration enables CircleCI users to run ShiftLeft Inspect on CircleCI builds and pull requests from any code repository integrated with CircleCI. Pull requests and builds can then automatically be escalated, alerted upon or failed based on security criteria. Hence, CircleCI users can mirror their DevOps initiatives with DevSecOps goals.

“As a technology company with multiple products available on many platforms, we are always looking for the best ways to ensure our code is the highest quality and the most secure. We are excited to be working with ShiftLeft and in partnership with CircleCI to ensure our code pipeline produces secure code. The time and resources we save working with this product allows us to be more agile and more productive.” Rick Bohm, Vice President, Information Security, HomeAdvisor.

As part of the partnership, ShiftLeft Inspect will be free to CircleCI users for an unlimited number of applications and frameworks, totaling no more than 200,000 lines of code and 300 scans per year. The free license will include one programming language and enable CircleCI users to scan up to two applications concurrently.

“Today’s developers are building and delivering software at incredibly high velocity, which is required to meet the demands of organizations and customers,” said Tom Trahan, Vice President of Business Development, CircleCI. “Historically, security has been viewed as a step that slows down that velocity. CircleCI is excited to partner with ShiftLeft to enable developers to insert security further left in the CI/CD pipeline, for accurate vulnerability scanning.”

“When it comes to source code analysis, most of what’s being delivered today in application security is automation for automation’s sake. The tools on the market today aren’t actually enabling organizations to make the right decisions automatically,” said Alok Shukla, Vice President of Product Management, ShiftLeft. “With ShiftLeft and CircleCI, organizations and developers are able to make accurate, fast decisions when it comes to their release quality, further left in the development lifecycle than ever before. By inserting security as far left as the pull requests, we’re delivering industry-first SAST capabilities that will help our customers harness the benefits modern CI/CD pipelines without leaving security behind.”

The integration is immediately available to ShiftLeft customers and CircleCI users via CircleCI Orb that can be found at https://circleci.com/integrations/.

About ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle. It combines next-generation static code analysis (to quickly and accurately identify vulnerabilities) with application instrumentation (to protect the application) in an automated workflow. This combination of runtime-informed code analysis and code-informed runtime protection delivers the most accurate, automated, and comprehensive application security solution. To learn how ShiftLeft keeps application security in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.

Filed Under: Latest News Releases Tagged With: circleCI, ShiftLeft

Sponsored Content
Featured eBook
The State of Open Source Vulnerabilities 2020

The State of Open Source Vulnerabilities 2020

Open source components have become an integral part of today’s software applications — it’s impossible to keep up with the hectic pace of release cycles without them. As open source usage continues to grow, so does the number of eyes focused on open source security research, resulting in a record-breaking ... Read More
« AWS Applies Machine Learning to Optimize Cloud Deployments
LogicMonitor Embraces AIOps »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Continuous Deployment
Monday, July 11, 2022 - 1:00 pm EDT
Using External Tables to Store and Query Data on MinIO With SQL Server 2022
Tuesday, July 12, 2022 - 11:00 am EDT
Goldilocks and the 3 Levels of Cardinality: Getting it Just Right
Tuesday, July 12, 2022 - 1:00 pm EDT

Latest from DevOps.com

Rust in Linux 5.20 | Deepfake Hiring Fraud | IBM WFH ‘New Normal’
June 30, 2022 | Richi Jennings
Moving From Lift-and-Shift to Cloud-Native
June 30, 2022 | Alexander Gallagher
The Two Types of Code Vulnerabilities
June 30, 2022 | Casey Bisson
Common RDS Misconfigurations DevSecOps Teams Should Know
June 29, 2022 | Gad Rosenthal
Quick! Define DevSecOps: Let’s Call it Development Security
June 29, 2022 | Don Macvittie

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

DevOps: Mastering the Human Element
DevOps: Mastering the Human Element

Most Read on DevOps.com

What Is User Acceptance Testing and Why Is it so Important?
June 27, 2022 | Ron Stefanski
Rust in Linux 5.20 | Deepfake Hiring Fraud | IBM WFH ‘New No...
June 30, 2022 | Richi Jennings
Chip-to-Cloud IoT: A Step Toward Web3
June 28, 2022 | Nahla Davies
DevOps Connect: DevSecOps — Building a Modern Cybersecurity ...
June 27, 2022 | Veronica Haggar
The Two Types of Code Vulnerabilities
June 30, 2022 | Casey Bisson

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.