Jit is a continuous security platform for modern, DevOps-oriented engineering teams that value velocity over everything else.
High-velocity engineering teams that own product security and follow a < all > as-code, cloud-native, CI/CD development approach.
Jit makes it simple to embed security requirements across the DevOps workflow.
Jit provides a security-plan-as-code (SaC) and orchestrates all security tools for all layers of a cloud app— Code, CI/CD pipeline, Cloud infrastructure, Web Apps, APIs, and more.
For early-stage developer teams & projects, Jit offers a minimal viable security plan— which facilitates rapid initial success followed by iterative improvements in product security posture.
Jit provides experiences for developers/DevOps and for the administrator of the Jit solution— known as the security champion. Below is a summary of these experiences.
We aim to make it ridiculously simple for engineers to implement product security.
- Fix 1st mindset— auto-remediation & Security-As-Code.
- Developer friendly— security tests in PRs, change based.
- Orchestrates & unifies all tools— no need to learn each tool.
Security Champion experience
DevSecOps/VP Engineering/CTO— you set the security standards by enabling the security requirements you would like to embed across your SDLC.
Viewing security tool details—
To view the details of a security tool, select it from the table. For detailed information on specific security requirements, see the security plan reference chapter.
The Actions page enables you to quickly and easily remediate security issues and misconfigurations present in the backlog. Each item is an aggregation of one or more issues of a common type that can be fixed as a group with automated remediation.
Jit security pipelines are a live representation of Jit continuous security (CS) implementation that provides the following benefits:
- Confirming value added by Jit ("Jit is working").
- Peace of mind in knowing the health (running or not) of all security tools.
- Verification of compliance (SOC2, Iso, etc).
Centralized pull requests visibility
The Pull Requests page enables you to track pull requests (PRs) of interest and get a high-level summary of the pull requests activity in your organization over a certain period of time (default is two weeks). The Pull Requests page provides the following benefits:
- At-a-glance identification of ongoing issues with PRs.
- Compliance verification (SOC2, Iso, etc).
Security findings backlog
The Backlog page aggregates your organization's security findings in a table that is easily searched, filtered, and exported.
Developer Experience — Change-Based Security Tests in Pull-Requests
Code-layer security requirements run when a developer creates a pull request via CLI, IDE or — as in this example — GitHub. In this scenario, the developer makes code changes that contain the Python code security vulnerability below.
Jit checks run only on relevant incremental changes in a PR
Jit listens to pull requests and examines their content. If the code language is supported, Jit automatically implements the relevant security requirements— which run as GitHub actions.
For some finding types, Jit provides automated remediation — an auto-generated code fix that resolves the finding. In those cases, the suggested code is displayed in the PR itself, and the developer can accept it by clicking Commit suggestion.
Updated about 1 month ago