About Jit

About Jit

Jit is a continuous security platform for modern, DevOps-oriented engineering teams that value velocity over everything else.

High velocity engineering teams that own product security and follow a < all > as-code, cloud-native, CI/CD development approach.

Jit makes it simple to embed security controls across the DevOps workflow.

Jit provides a security-plan-as-code (SaC) and orchestrates all security tools for all layers of a cloud app— code, CI/CD pipeline, cloud, 3, APIs, and more.

For early-stage developer teams & projects, Jit offers a minimal viable security plan— which facilitates rapid initial success followed by iterative improvements in product security posture.

Jit provides experiences for developers/devops and for the administrator of the Jit solution— known as the security champion. Below is a summary of these experiences.

Platform Experience

We aim to make it ridiculously simple for engineers to implement product security.

  • Fix 1st mindset— auto-remediation & Security-As-Code.
  • Developer friendly— security tests in PRs, change based.
  • Orchestrates & unifies all tools— no need to learn each tool, unify findings.

Security Champion experience

DevSecOps/VP Engineering/CTO— you set the security standards by enabling the security controls you would like to embed across your SDLC.

Viewing security tool details—

To view the details of a security tool, select it from the table. For detailed information on specific security requirements, see the security plan reference chapter.

Actions page

The Actions page enables you to quickly and easily remediate security issues and misconfigurations present in the backlog. Each item is an aggregation of one or more issues of a common type that can be fixed as a group with automated remediation.

Security Pipelines

Jit security pipelines are a live representation of Jit continuous security (CS) implementation that provides the following benefits:

  1. Confirming value added by Jit ("Jit is working").
  2. Peace of mind in knowing the health (running or not) of all security tools.
  3. Verification of compliance (SOC2, Iso, etc).

Centralized pull requests visibility

The Pull Requests page enables you to track pull requests (PRs) of interest and get a high-level summary of the pull requests activity in your organization over a certain period of time (default is two weeks). The Pull Requests page provides the following benefits:

  1. At-a-glance identification of ongoing issues with PRs.
  2. Compliance verification (SOC2, Iso, etc).

Security findings backlog

The Backlog page aggregates your organization's security findings in a table that is easily searched, filtered, and exported.

Developer Experience — Change-Based Security Tests in Pull-Requests

Code-layer security requirements run when a developer creates a pull request via CLI, IDE or — as in this example — GitHub. In this scenario, the developer makes code changes that contain the Python code security vulnerability below.

Jit checks run only on relevant incremental changes in a PR

Jit listens to pull requests and examines their content. If the code language is supported, Jit automatically implements the relevant security requirements— which run as GitHub actions.
For some finding types, Jit provides automated remediation — an auto-generated code fix that resolves the finding. In those cases, the suggested code is displayed in the PR itself, and the developer can accept it by clicking Commit suggestion.