Security Plans Introduction

This section describes Jit's security plans and their components:

Definition of a Jit Security Plan

A product Security plan is an outcome-driven blueprint that describes best practices and measures to protect and manage the different components of a company's tech stack.

It is designed to align with the organization's overall business objectives and security goals, with a continuous security approach of the company's product(s).

Security Plan As Code - From intent to implementation

  • Captures security requirements as intent.
  • Allows for velocity and extensibility, including addressing custom risks.
  • Jit translates the abstract intent into a concrete implementation by running workflows and evaluating policies.
  • Jit runs workflows:
    • Uses integration points along the SDLC and with third parties.
    • Can be triggered by various events such as pull requests, deployments, scheduled events, or external inputs.
    • Orchestrates security tools and manages automated processes like incident response, onboarding, and offboarding.

What’s Next

For an in-depth explanation of how security plans are structured, see the following—