Upwind launches Shift Left to enhance build-time security

Upwind has announced the launch of its new Shift Left capability, designed to integrate runtime context into CI/CD pipelines.

By incorporating cloud runtime context directly into build-time security assessments, Upwind's Shift Left allows development teams to identify and prioritise vulnerabilities during the build process. This integration aims to reduce risks before software enters production while minimising unnecessary work for developers.

Unlike traditional tools, which can produce excessive alerts without prioritisation, Upwind Shift Left focuses on the real-world impact of vulnerabilities. It considers elements such as application usage patterns, internet exposure, port usage, API exposure, the presence of sensitive data, and indications of exploitation.

This approach provides developers with three recommendations for each new build based on runtime context: proceed with deployment, proceed with caution, or halt deployment for critical fixes.

The capability seamlessly integrates with popular build pipelines such as Jenkins, CircleCI, and GitHub Actions, offering developers a streamlined workflow where only high-risk issues are prioritised, thus avoiding unnecessary delays.

"Upwind Shift Left builds on our runtime foundations," stated Amiram Shachar, Co-founder and CEO of Upwind. "By integrating runtime context from APIs and real exposure analysis into development pipelines, we're enabling developers to move faster while powering security teams to minimise the risk of critical vulnerabilities making it to production."

Joshua Burgin, Chief Product Officer at Upwind, added, "At Upwind, we believe in tackling the real-world pain points that our customers face. With Upwind Shift Left, we're not just adding another layer of data - we're providing actionable insights, powered by runtime context, that enable teams to make smarter decisions at the speed of development. This capability is a true step forward in security, ensuring that the risks that matter most are prioritised, not just analysed. It's about delivering value, not just information."

Upwind Shift Left extends the company's comprehensive cloud security platform, which includes functionalities such as Cloud Security Posture Management, Cloud Workload Protection, Cloud Detection and Response, vulnerability management, identity security, and container security. Upwind's platform uniquely incorporates API security and deep application runtime context.

Upwind is the next-generation cloud security platform focused on helping organisations run faster and more securely. Upwind combines the power of cloud security posture with runtime context and real-time protection, enabling security teams to prioritise critical risks and fix them faster, the company states. 

The company was founded by Amiram Shachar and his founding partners from Spot.io (which was sold to NetApp for $450 million) and is backed by top cybersecurity investors Greylock, Cyberstarts, Leaders Fund, Craft Ventures, Cerca Partners, and Sheva, a VC fund founded by former NBA player Omri Casspi. The company has secured $180 million in funding since its founding in 2022.