Application security firm ShiftLeft on Tuesday announced that it raised $20 million in a Series B funding round, which brings the total raised by the company to nearly $30 million.
The funding round was led by Thomvest Ventures, with participation from new investor SineWave Ventures and existing investors Bain Capital Ventures and Mayfield.
ShiftLeft says it plans on using the newly obtained funds to drive broader adoption of its solutions by expanding its product portfolio, application coverage, and sales and marketing initiatives.
ShiftLeft, which emerged from stealth mode in October 2017 with $9 million in funding, provides solutions designed to help developers identify vulnerabilities in their code and protect their applications.
The company’s products are powered by its Code Property Graph (CPG), a technology designed for quickly analyzing high volumes of source code in search of vulnerabilities. Its Inspect service provides static application security testing capabilities, while its flagship product, ShiftLeft Protect, combines source code analysis during development with protection against threats at runtime.
For code auditors, ShiftLeft has developed Ocular, which uses the CPG for custom queries that can help identify vulnerabilities while minimizing the possibility of false positives.
ShiftLeft also announced that it has created an advisory board of several prominent experts on security and development. The company has also appointed Jim Sortino, who previously held executive roles at Trend Micro and Dome9, as vice president of worldwide sales.
“I’ve seen organizations struggle through a reactive, threat-focused security posture, resulting in overworked security teams and frequent breaches,” said Enrique Salem, partner at Bain Capital Ventures and former CEO of Symantec. “Yet ShiftLeft gets at the root problem – vulnerable software – by automating the process of accurately and rapidly analyzing and plugging vulnerabilities in the applications themselves. It’s exciting to be an investor in a company that is meaningfully helping security teams by reducing the overall attack surface and providing direct root-cause insight for developers.”
Related: Code Analysis Firm Semmle Launches With $21 Million in Funding
Related: Protego Labs Raises $2 Million in Seed Funding
Related: Rate of Cybersecurity Venture Funding Not Sustainable, Investors Say

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies
- Cybersecurity M&A Roundup: 28 Deals Announced in September 2023
- Companies Address Impact of Exploited Libwebp Vulnerability
- Number of Internet-Exposed ICS Drops Below 100,000: Report
- Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
- Recently Patched TeamCity Vulnerability Exploited to Hack Servers
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- NIST Publishes Final Version of 800-82r3 OT Security Guide
Latest News
- Synqly Joins Race to Fix Security, Infrastructure Product Integrations
- ZDI Discusses First Automotive Pwn2Own
- Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies
- US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform
- Actor Tom Hanks Warns of Ad With AI Imposter
- Network, Meet Cloud; Cloud, Meet Network
- Dozens of Malicious NPM Packages Steal User, System Data
- Motel One Discloses Ransomware Attack Impacting Customer Data
