Scan Your Code for Vulnerabilities (SAST)

Description

Static code analysis tools can discover vulnerabilities inside your code before they make their way to production. Jit integrates code scanners (SAST tools) to CI/CD to automatically scan the full code base and every new Pull Request.

LanguageToolDetectionRemediation
JavaScriptSemgrepYesYes
TypeScriptSemgrepYesYes
PythonSemgrepYesYes
GoGosecYes-
JavaSemgrepYesYes
ScalaSemgrepYesYes
KotlinSemgrepYesYes
PHPSemgrepYes-
C#SemgrepYesYes
SwiftSemgrepYesYes
RustSemgrepYes-
CSemgrepYes-
C++SemgrepYes-
RubySemgrepYes-

Remediation

For SAST vulnerabilities, Jit can auto-generate fix code that resolves the finding. Remediation is made available in two modes:

  1. Remediation in a Pull Request whereby the suggested code is displayed in the PR itself, and the developer can accept it by clicking Commit suggestion.
Inline Remediation in a Pull Request

Inline Remediation in a Pull Request

  1. Remediation from the Actions page, whereby the user views the finding in the Jit Platform and clicks the Create a Fix PR button to generate a new Pull Request which introduces the fix code. In the SCM, the developer will review the newly created Pull Request and merge it to apply the fix.
Available Remediation in the Actions Page

Available Remediation in the Actions Page