Scan Your Code for Vulnerabilities (SAST)

Description

Static code analysis tools can discover vulnerabilities inside your code before they make their way to production. Jit integrates code scanners (SAST tools) to CI/CD to automatically scan the full code base and every new Pull Request.

Language	Tool	Detection	Remediation
JavaScript	Semgrep	Yes	Yes
TypeScript	Semgrep	Yes	Yes
Python	Semgrep	Yes	Yes
Go	Gosec	Yes	-
Java	Semgrep	Yes	Yes
Scala	Semgrep	Yes	Yes
Kotlin	Semgrep	Yes	Yes
PHP	Semgrep	Yes	-
C#	Semgrep	Yes	Yes
Swift	Semgrep	Yes	Yes
Rust	Semgrep	Yes	-

Remediation

For SAST vulnerabilities, Jit can auto-generate fix code that resolves the finding. Remediation is made available in two modes:

Remediation in a Pull Request - In those cases, the suggested code is displayed in the PR itself, and the developer can accept it by clicking Commit suggestion.

Remediation from the Actions page - In those cases, the user views the finding in the Jit Platform and clicks the Create a Fix PR button to generate a new Pull Request which introduces the fix code. In GitHub, the developer will review the newly created Pull Request and merge it to apply the fix.

Available Remediation in the Actions Page