Application security firm ShiftLeft on Tuesday announced that it raised $20 million in a Series B funding round, which brings the total raised by the company to nearly $30 million.
The funding round was led by Thomvest Ventures, with participation from new investor SineWave Ventures and existing investors Bain Capital Ventures and Mayfield.
ShiftLeft says it plans on using the newly obtained funds to drive broader adoption of its solutions by expanding its product portfolio, application coverage, and sales and marketing initiatives.
ShiftLeft, which emerged from stealth mode in October 2017 with $9 million in funding, provides solutions designed to help developers identify vulnerabilities in their code and protect their applications.
The company’s products are powered by its Code Property Graph (CPG), a technology designed for quickly analyzing high volumes of source code in search of vulnerabilities. Its Inspect service provides static application security testing capabilities, while its flagship product, ShiftLeft Protect, combines source code analysis during development with protection against threats at runtime.
For code auditors, ShiftLeft has developed Ocular, which uses the CPG for custom queries that can help identify vulnerabilities while minimizing the possibility of false positives.
ShiftLeft also announced that it has created an advisory board of several prominent experts on security and development. The company has also appointed Jim Sortino, who previously held executive roles at Trend Micro and Dome9, as vice president of worldwide sales.
“I’ve seen organizations struggle through a reactive, threat-focused security posture, resulting in overworked security teams and frequent breaches,” said Enrique Salem, partner at Bain Capital Ventures and former CEO of Symantec. “Yet ShiftLeft gets at the root problem – vulnerable software – by automating the process of accurately and rapidly analyzing and plugging vulnerabilities in the applications themselves. It’s exciting to be an investor in a company that is meaningfully helping security teams by reducing the overall attack surface and providing direct root-cause insight for developers.”
Related: Code Analysis Firm Semmle Launches With $21 Million in Funding
Related: Protego Labs Raises $2 Million in Seed Funding
Related: Rate of Cybersecurity Venture Funding Not Sustainable, Investors Say

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
Latest News
- Patient Information Compromised in Data Breach at San Diego Healthcare Provider
- Germany Appoints Central Bank IT Chief to Head Cybersecurity
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
