Explore Jit

Overview

Thank you for onboarding with Jit! The checklist below will walk you through a basic exploration of Jit's features and capabilities. You can skip any items that are not relevant to your organization.

Step 1 - SAST and developer experience

📘

The developer experience is contained entirely within in GitHub. Security champions interact with Jit using the Jit platform UI.

  • Activate the SAST security control in My Plan page
  • From GitHub, open a PR with any of the following code snippets:
  • From GitHub, verify that Jit checks are running and failing due to detected vulnerabilities.
  • View Jit’s comments on your PR. Note that you do not have to fix them immediately.

👍

You detected a vulnerability pre-production!

  • From the Jit platform, navigate to the Pipelines page. View the pipeline that was created for the PR you opened.
  • Click on the pipeline.
  • To go back to the PR in GitHub, click on the PR link in the pipeline.
  • Fix the vulnerabilities using Jit auto-remediation. (fix suggestion)
  • See that the checks have passed.

👍

You resolved a vulnerability pre-production!

Step 2 - Slack and ticket management system integrations

Step 3 - IaC

  • Activate Scan your infrastructure-as-code (IaC) for misconfigurations security control via the My Plan page.
  • In GitHub, open a pull request with any of the following code snippets:
  • In GitHub, verify that Jit checks are running and failing due to detected vulnerabilities.
  • View Jit’s comments on your PR. Note that you do not have to fix them immediately.
  • In Jit platform, go to Pull Requests page under the Insights section of the menu bar.
  • Select Open with Findings. Select Show details for the PR you created. This will take you to the PR in GitHub.
  • In GitHub, merge the PR with vulnerabilities.
  • View Jit's slack notifications on your configured channels.
  • In Jit platform, go to Performance page under the Insights section of the menu bar.

Step 4 - Backlog findings

  • From the Jit platform, navigate to the Backlog page.
  • Select any vulnerability.
  • Select Create Ticket to create a ticket for the vulnerability.
  • Add filters.
  • Create a saved view.

Step 5 - Actions

  • From the Jit platform, navigate to the Actions page.
  • Create a fix PR for the vulnerability you've merged.
  • Select View Fix PR to view the fix PR in GitHub.
  • From GitHub, verify that Jit checks have passed successfully and select merge the PR.

Step 6 - Ignores

  • From GitHub, interact with the Jit bot in a PR and ignore a finding.
  • From the Backlog page, change the status of a finding to ignored.
  • Ignore a finding via the Actions page.

Step 7 - Advanced

👍

Feel free to explore more of the Jit platform. Jit offers a wide variety of features beyond the items in this list.