Explore Jit
Overview
Thank you for onboarding with Jit! The checklist below will walk you through a basic exploration of Jit's features and capabilities. You can skip any items that are not relevant to your organization.
Step 1 - SAST and developer experience
The developer experience is contained entirely within in GitHub. Security champions interact with Jit using the Jit platform UI.
- Activate the SAST security control in My Plan page
- From GitHub, open a PR with any of the following code snippets:
- From GitHub, verify that Jit checks are running and failing due to detected vulnerabilities.
- View Jit’s comments on your PR. Note that you do not have to fix them immediately.
You detected a vulnerability pre-production!
- From the Jit platform, navigate to the Pipelines page. View the pipeline that was created for the PR you opened.
- Click on the pipeline.
- To go back to the PR in GitHub, click on the PR link in the pipeline.
- Fix the vulnerabilities using Jit auto-remediation. (fix suggestion)
- See that the checks have passed.
You resolved a vulnerability pre-production!
- View the updated data in the Jit platform Overview page.
Step 2 - Slack and ticket management system integrations
- Integrate with Slack.
- Integrate with your ticket management system.
Step 3 - IaC
- Activate Scan your infrastructure-as-code (IaC) for misconfigurations security control via the My Plan page.
- In GitHub, open a pull request with any of the following code snippets:
- In GitHub, verify that Jit checks are running and failing due to detected vulnerabilities.
- View Jit’s comments on your PR. Note that you do not have to fix them immediately.
- In Jit platform, go to Pull Requests page under the Insights section of the menu bar.
- Select Open with Findings. Select Show details for the PR you created. This will take you to the PR in GitHub.
- In GitHub, merge the PR with vulnerabilities.
- View Jit's slack notifications on your configured channels.
- In Jit platform, go to Performance page under the Insights section of the menu bar.
Step 4 - Backlog findings
- From the Jit platform, navigate to the Backlog page.
- Select any vulnerability.
- Select Create Ticket to create a ticket for the vulnerability.
- Add filters.
- Create a saved view.
Step 5 - Actions
- From the Jit platform, navigate to the Actions page.
- Create a fix PR for the vulnerability you've merged.
- Select View Fix PR to view the fix PR in GitHub.
- From GitHub, verify that Jit checks have passed successfully and select merge the PR.
Step 6 - Ignores
- From GitHub, interact with the Jit bot in a PR and ignore a finding.
- From the Backlog page, change the status of a finding to ignored.
- Ignore a finding via the Actions page.
Step 7 - Advanced
- Activate all checks that do not require additional configuration.
- All Application Security checks.
- The following Cloud Security checks.
- Scan your Dockerfiles for vulnerabilities
- Scan Kubernetes configuration files
- CI/CD security checks - Verify that MFA for your GitHub organization is enabled check.
- Configure and activate the cloud runtime misconfiguration scan.
- Configure and activate DAST scans and pen-testing tools.
- Configure and activate GitHub branch protection verification and enforcement configuration guide.
- Add resources and expand your security coverage Manage Resources guide.
- Add user and give them a role Users and Permissions guide.
- In the Jit platform - go to the Security Impact page.
Feel free to explore more of the Jit platform. Jit offers a wide variety of features beyond the items in this list.
Updated about 2 months ago