Developer-Centric Solution

Shifting security left works best when security is baked into developer processes and workflows.

Seamlessly integrated with with developer tools

Reshift makes it easy to add security to development and operations, early on and continuously.

IDE Integrations

Developers are 4x more likely to fix issues at compile time, which is why we believe security starts where software is created, in the IDE. Developers can detect, learn about, and fix security bugs early on before making it to the CI/CD pipeline.

Git Integrations

Reshift integrates with GitHub, GitLab, and Bitbucket so developers can find and fix vulnerabilities in their environment without slowing them down. Tight integration with git allows for single sign on, saves developers time not having to switch contexts, and seamlessly adds a layer of security on native git operations.

CI/CD Integrations

Reshift lives in the developer’s CI pipeline so development and security teams can work together on security checks to deploy secure software. Reshift can be integrated with GitHub Actions, Travis CI, Circle CI, Jenkins, and more.

IntelliJ-reshift

Security features, made for developers

A developer-first static analysis security tool to detect security bugs, and save time fixing them.

One-Click Autofix

With autofix, we reduce the time to fix. Developers with little security training can quickly remediate found bugs with a simple pull or merge request. One-Click AutoFix allows developers to fix security bugs with a click of a button, allowing developers with little or no security training to quickly remediate security bugs.

Differential Scans

Differential Scans allows developers to focus on issues they've added, giving them the focus they need to deliver secure code as fast as possible.

DevSec Coach

Empower your developers to action security bugs quicker. DevSec Coach gives developers the information they need to evaluate and fix each security bug quicker.

Watch reshift in action

See how reshift can integrate with your modern software development pipeline to help you find and fix vulnerabilities.

Frequently Asked Questions

How secure is my source code?

Your source code never leaves the build machine. The metadata generated from your source is encrypted both in transit and at rest. Transparency is very important to us. 

What kind of support do I have?

Join our Slack Channel, have your questions answered and be apart of the reshift community. We will also make ourselves available to you via email.

Is reshift a security scanner?

reshift is a static code analysis tool, but it goes beyond a ‘one-time’ scan tool, and offers features to help reduce the effort required to categorize and assess vulnerabilities.

What framework does reshift support?

Build plugins for Maven and Gradle are supported.

Is it going to slow down the performance of my build?

Build times will increase 5-10% based upon the added computation to scan the code and generate code graphs. 

How do you create a confidence score for each issue?

We generate code graphs that represent your software code base. We use the code graphs to feed the graph neural network with issue predictions on how true or false each issue is. This helps prioritize and triage security violations. Our machine learning algorithm is constantly evolving as you label security violations. You can find more details about how we do it within the documentation section.

How does reshift help find vulnerabilities faster?

reshift eliminates the noise associated with static analysis.  If an issue is not a valid security threat, it can be labelled as such and will reduce the probability of similar issues showing up in future scans.

Read to get started?

A light-weight code security tool built for developers to code securely, fix quickly, and deploy fast.