Jump to Content

★Start Free★

Guides Discussions

★Start Free★

Guides Discussions

Welcome!

About Jit
Key Features and Experiences

Security Champion Experience

Get Started
Integrate with GitHub
Explore Jit
Platform User Interface
Integrating with Third-Party Products and Services
Security as Code Configuration

Developer Experience

Developers Getting Started
Change-Based Security Tests in Pull-Requests
Automated Remediation
Jit IDE Extension for Visual Studio Code

Security Plan Reference

Security Plans Introduction
Security Plan Structure
Product Security Plans
- Jit MVS for AppSec Plan
- AWS Foundational Technical Review (FTR)
Security Controls
Security Tools
Deployment-Based Scanning
Code Samples and Test Targets

GUIDES AND Troubleshooting

Troubleshooting

Powered by

Explore Jit

Overview

Thank you for onboarding with Jit! The checklist below will walk you through a basic exploration of Jit's features and capabilities. You can skip any items that are not relevant to your organization.

Step 1 - SAST and developer experience

📘
The developer experience is contained entirely within in GitHub. Security champions interact with Jit using the Jit platform UI.

Activate the SAST security control in My Plan page
From GitHub, open a PR with any of the following code snippets:
From GitHub, verify that Jit checks are running and failing due to detected vulnerabilities.
View Jit’s comments on your PR. Note that you do not have to fix them immediately.

👍
You detected a vulnerability pre-production!

From the Jit platform, navigate to the Pipelines page. View the pipeline that was created for the PR you opened.
Click on the pipeline.
To go back to the PR in GitHub, click on the PR link in the pipeline.
Fix the vulnerabilities using Jit auto-remediation. (fix suggestion)
See that the checks have passed.

👍
You resolved a vulnerability pre-production!

View the updated data in the Jit platform Overview page.

Step 2 - Slack and ticket management system integrations

Integrate with Slack.
Integrate with your ticket management system.

Step 3 - IaC

Activate Scan your infrastructure-as-code (IaC) for misconfigurations security control via the My Plan page.
In GitHub, open a pull request with any of the following code snippets:
In GitHub, verify that Jit checks are running and failing due to detected vulnerabilities.
View Jit’s comments on your PR. Note that you do not have to fix them immediately.
In Jit platform, go to Pull Requests page under the Insights section of the menu bar.
Select Open with Findings. Select Show details for the PR you created. This will take you to the PR in GitHub.
In GitHub, merge the PR with vulnerabilities.
View Jit's slack notifications on your configured channels.
In Jit platform, go to Performance page under the Insights section of the menu bar.

Step 4 - Backlog findings

From the Jit platform, navigate to the Backlog page.
Select any vulnerability.
Select Create Ticket to create a ticket for the vulnerability.
Add filters.
Create a saved view.

Step 5 - Actions

From the Jit platform, navigate to the Actions page.
Create a fix PR for the vulnerability you've merged.
Select View Fix PR to view the fix PR in GitHub.
From GitHub, verify that Jit checks have passed successfully and select merge the PR.

Step 6 - Ignores

From GitHub, interact with the Jit bot in a PR and ignore a finding.
From the Backlog page, change the status of a finding to ignored.
Ignore a finding via the Actions page.

Step 7 - Advanced

Activate all checks that do not require additional configuration.
- All Application Security checks.
- The following Cloud Security checks.
  - Scan your Dockerfiles for vulnerabilities
  - Scan Kubernetes configuration files
- CI/CD security checks - Verify that MFA for your GitHub organization is enabled check.
Configure and activate the cloud runtime misconfiguration scan.
Configure and activate DAST scans and pen-testing tools.
- WebApp vulnerabilities scan configuration guide
- API vulnerabilities scan configuration guide
Configure and activate GitHub branch protection verification and enforcement configuration guide.
Add resources and expand your security coverage Manage Resources guide.
Add user and give them a role Users and Permissions guide.
In the Jit platform - go to the Security Impact page.

👍
Feel free to explore more of the Jit platform. Jit offers a wide variety of features beyond the items in this list.

Updated about 2 months ago

What’s Next

Security as Code Configuration
Developers Getting Started
Security Plans Introduction

Table of Contents
- Overview