Jit unifies and enhances the leading open source scanners for all product security scanning technologies. Jit users do not need to configure or deploy the supported scanners – they are built-in to the platform and supported out-of-the-box.
By integrating the following open source security scanners into our platform, Jit provides the following benefits:
- Automate configuration, deployment, and execution for all scanners
- Automated scanner upgrading
- Added custom rules to surface additional vulnerabilities, while tweaking noisy rules to reduce false positives
- Contextual prioritization to surface the code security flaws and cloud misconfigurations that introduce real risk
- A unique developer UX and auto remediation to simplify code security for developers
- Unification of all findings into a single, prioritized backlog with metrics to monitor security posture
| Jit Security Control | OSS Security Tool | Layer | Supports | OSS Tool Documentation |
|---|
| Scan your code for vulnerabilities (SAST) | Semgrep | Application Security | Javascript, Typescript, Python, Go, Java, Scala, Kotlin, Swift, Rust, C#, PHP, C, C++, Ruby | repo |
| Scan your code for vulnerabilities (SAST) | Gosec | Application Security | Go | repo |
| Scan code for hard-coded secrets | Gitleaks | Application Security | Text files | repo |
| Scan code for hard-coded secrets | TruffleHog | Application Security | Text files | repo |
| Scan your code dependencies for vulnerabilities (SCA) | Nancy | Application Security | Go | repo |
| Scan your code dependencies for vulnerabilities (SCA) | OSV-Scanner | Application Security | Python, PHP, Java | repo |
| Scan your code dependencies for vulnerabilities (SCA) | npm-audit | Application Security | Javascript, Typescript | docs |
| Scan your Dockerfiles for vulnerabilities | Trivy | Application Security | Dockerfile | repo |
| Scan your infrastructure-as-code (IaC) for misconfigurations | KICS | Cloud Security | Terraform, Serverless Framework, Pulumi, CloudFormation, AWS CDK | repo |
| Scan Kubernetes configuration files | Kubescape | Cloud Security | K8s manifest files, Helm charts | repo |
| Scan infrastructure for runtime misconfigurations | Prowler | Cloud Security | AWS, GCP, Azure | repo |
| Import AWS Security Hub Findings | AWS Security Hub | Cloud Security | AWS | documentation |
| Verify that the users of your AWS accounts have enabled MFA | AWS MFA Checker | Cloud Security | AWS | Jit tool |
Scan your API for vulnerabilities (DAST)
Scan your web application for vulnerabilities (DAST) | ZAP | DAST | APIs, Web applications | repo |
| Detect GitHub misconfigurations | Legitify | CI/CD Security | GitHub | repo |
| Verify that MFA for your GitHub organization is enabled | GitHub MFA Checker | CI/CD Security | GitHub | Jit tool |
| Verify that Github Branch Protection is properly configured | GitHub BP Checker | CI/CD Security | GitHub | Jit tool |
