Explore Jit Features
Now that you've integrated with GitHub, you can return to your security plan and activate your plan's security controls.
Some security requirements cannot be activated until additional configuration steps are completed. For more information, refer to the specific requirement in Security Requirements.
Features exploration
The checklist below walks you through a basic exploration of Jit's features and capabilities. You can skip any items that are not relevant for your organization.
These steps are mostly relevant for Jit MVS for AppSec Plan and combine features relevant to code, cloud, and Web app security scanning.
Step 1 - SAST and developer experience
The developer experience is contained entirely within in GitHub. Security champions interact with Jit using the Jit platform UI.
- Activate the SAST security control in MVS Plan page
- From GitHub, open a PR with any of the following code snippets:
- From GitHub, verify that Jit checks are running and failing due to detected vulnerabilities.
- View Jit’s comments in your PR. Note that you do not have to fix them immediately.
You detected a vulnerability pre-production!
- From the Jit platform, navigate to the Pipelines page. View the pipeline that was created for the PR you opened.
- Click on the pipeline.
- To return to the PR in GitHub, click the PR link in the pipeline.
- Fix the vulnerabilities using Jit auto-remediation. (Fix suggestion).
- See that the checks have passed.
You resolved a vulnerability pre-production!
- View the updated data in the Jit platform Overview page.
Step 2 - Slack and ticket management system integrations
- Integrate with Slack.
- Integrate with your ticket management system.
Step 3 - IaC
- Activate Scan your infrastructure-as-code (IaC) for misconfigurations security control via the MVS Plan page.
- In GitHub, open a pull request with any of the following code snippets:
- In GitHub, verify that Jit checks are running and failing due to detected vulnerabilities.
- View Jit’s comments in your PR. Note that you do not have to fix them immediately.
- In the Jit platform, go to Pull Requests page under the Insights section of the menu bar.
- Select Open with Findings. Select Show details for the PR you created. This will take you to the PR in GitHub.
- In GitHub, merge the PR with vulnerabilities.
- View Jit's Slack notifications in your configured channels.
- In the Jit platform, go to the Performance page under the Insights section of the menu bar.
Step 4 - Backlog findings
- From the the Jit platform, navigate to the Backlog page.
- Select any vulnerability.
- Select Create Ticket to create a ticket for the vulnerability.
- Add filters.
- Create a saved view.
Step 5 - Actions
- From the Jit platform, navigate to the Actions page.
- Create a fix PR for the vulnerability you've merged.
- Select View Fix PR to view the fix PR in GitHub.
- From GitHub, verify that Jit checks have passed successfully and select merge the PR.
Step 6 - Ignores
- From GitHub, interact with the Jit bot in a PR and ignore a finding.
- From the Backlog page, change the status of a finding to Ignored.
- Ignore a finding via the Actions page.
Step 7 - Advanced
- Activate all checks that do not require additional configuration.
- All Application Security checks.
- The following Cloud Security checks.
- Scan your Dockerfiles for vulnerabilities
- Scan Kubernetes configuration files
- CI/CD security checks - Verify that MFA for your GitHub organization is enabled check.
- Configure and activate the cloud runtime misconfiguration scan.
- Configure and activate DAST scans and pen-testing tools.
- Configure and activate GitHub branch protection verification and enforcement configuration guide.
- Add resources and expand your security coverage Manage Resources guide.
- Add users and give them a role Users and Permissions guide.
- In the Jit platform - go to the Security Impact page.
Feel free to explore more of the Jit platform. Jit offers a wide variety of features beyond the items in this list.
Updated 4 months ago