Jump to Content
Jit Documentation
GuidesChangelogDiscussions
Jit Documentation
GuidesChangelogDiscussions

Welcome!

  • About Jit
  • Security Plan Concept
  • How it works

Security Champion Experience

  • Getting Started
  • Integrating With Github
  • Activating the Security Plan
  • Platform User Interface
    • Plan Page
    • Findings Page

Developer Experience

  • Jit for Developers

Security Plan Reference

  • Introduction
  • Security Plan Structure
  • Product Security Plans
    • Jit MVS for AppSec Plan
    • GitHub Marketplace Plan
    • OWASP Serverless Top 10 Plan
  • Security Requirements
    • Scan Code for Vulnerabilities
    • Scan Code for Hard-Coded Secrets
    • Scan Code Dependencies for Vulnerabilities
    • Scan IaC for Static Misconfigurations
    • Scan for Infrastructure Runtime Misconfigurations
    • Scan Container Images
    • Ensure IAM Roles are Least Privileged
    • Require MFA for Cloud Providers
    • Require MFA for SCM
    • Run a Web Application Scanner
    • Ensure Your API is Secure
    • Do not share account services across apps
    • Allow account direct deletion
    • Store app Client ID and secret securely
    • Encrypt any secret data
    • Encrypt traffic in transit
    • Delete Github user data within 30 days of deletion request
    • Grant access to production only to engineers and employees with admin duties
    • Don't ask for the user Github password
    • Use dedicated Github App for each device type (desktop/mobile)
    • Use Github OAuth or Github App token to communicate with Github API
    • Use Github App instead of Github OAuth app
    • Follow the Least Privilege Principle
    • Implement RBAC in your app
    • All services should have unique login and credentials
    • Create Incident Response plan
    • Add logging capability for your application
    • Ensure log retention for 30 days
    • Ensure log format includes critical fields
    • Conduct periodic vulnerability scans
    • Ensure your serverless functions are configured properly
    • Ensure your logs are shipped to a central place
  • Security Tools

Legal

  • Terms of Use
  • Privacy Policy
Powered by 

Product Security Plans

Suggest Edits

Different product security plans are available, depending on your organization's unique security needs.

The following security plans are currently supported by Jit:

  • Jit MVS for AppSec Plan
  • GitHub Marketplace Plan
  • OWASP Serverless Top 10 Plan
  • More options coming soon!

Updated 27 days ago

Did this page help you?