Key Features and Experiences
Overview
Jit provides unique experiences for developers/DevOps engineers and security champions— who commonly hold roles such as DevSecOps engineer, VP of engineering, or CTO.
Jit's goal is to do both of the following:
- Enable developers to shift security left while they are working— without external interruptions.
- Make it exceptionally simple for security champions to implement product security in their organization.
Developer Experience — Change-Based Security Tests in Pull-Requests
Jit is Developer friendly - keeping the developers in their usual tools and platform, commenting only on their current changes, and even suggesting fixes.
Code-layer security requirements run whenever a developer creates or updates a pull request via CLI, IDE, or SCM (in this example — GitHub). In this scenario, the developer makes code changes that contain a Python code security vulnerability.
Jit checks run only on relevant incremental changes in a PR
Jit listens to pull requests and examines their content. If the code language is supported (and the security champion activated this plan item as described below), Jit automatically implements the relevant security checks— which run as part of the PR checks.
Jit comments on each commit with the number of findings added as part of the PR.In addition, Jit comments on each finding with more details, and for many finding types, Jit provides automated remediation — an auto-generated code fix that resolves the finding. In those cases, the suggested code is displayed in the PR itself, and the developer can accept it by clicking Commit suggestion.
The developer can interact with Jit and carefully decide to ignore a specific finding.
Learn more about Developers Getting Started.
Jit also offers developers Jit IDE Extension for Visual Studio Code with security pre-commit hooks.
Security Champion Experience
Jit makes it simple for security champions to implement product security and observe the security progress across their organization.
Security Plans
The security champion can set security standards by enabling security controls across the SDLC — from code to cloud and web apps.
Learn more about security plans, controls, and tools - Security Plans Introduction.
Actions page
The Actions page enables you to quickly and easily remediate security issues and misconfigurations present in the backlog. Each item is an aggregation of one or more issues of a common type that can be fixed as a group with automated remediation.
Security Pipelines
Jit security pipelines are a live representation of Jit continuous security (CS) implementation that provides the following benefits:
- Confirming value added by Jit ("Jit is working").
- Peace of mind in knowing the health (running or not) of all security tools.
- Verification of compliance (SOC2, Iso, etc).
Centralized pull requests visibility
The Pull Requests page enables you to track pull requests (PRs) of interest and obtain a high-level summary of the pull request activity in your organization over a certain period of time (default is two weeks). The Pull Requests page provides the following benefits:
- At-a-glance identification of ongoing issues with PRs.
- Compliance verification (SOC2, Iso, etc).
Security findings backlog
The Backlog page aggregates your organization's security findings in a table that is easily searched, filtered, and exported.
Updated 4 months ago