Security Tools
The following security tools are implemented by Jit workflows to detect potential security vulnerabilities:
| Security Tool | Layer | Objective | Supports | Documentation |
|---|---|---|---|---|
| Bandit | Code | Code scanning (SAST) | Python | repo |
| Gosec | Code | Code Scanning (SAST) | Golang | repo |
| Semgrep | Code | Code scanning (SAST) | Javascript, Typescript, Java, Scala | repo |
| Gitleaks | Code | Secret detection | Textual file types | repo |
| Nancy | Code | Dependency check (SCA) | Golang | repo |
| OSV-Scanner | Code | Dependency check (SCA) | Python, PHP | repo |
| npm-audit | Code | Dependency check (SCA) | Javascript, Typescript | docs |
| KICS | Infrastructure | Infrastructure-as-code scanning | Terraform, Serverless, Pulumi, CloudFormation, AWS CDK | repo |
| Trivy | Infrastructure | Container scanning | Docker files | repo |
| ZAP | Runtime | Dynamic scanning | APIs, Web applications | repo |
| Prowler | Infrastructure | Runtime scanning | AWS | repo |
| mfa-github-checker | 3rd party app | GitHub 2FA checker | Jit tool | |
| mfa-aws-checker | 3rd party app | AWS 2FA checker | Jit tool | |
| bp-github-checker | 3rd party app | Branch Protection checker | Jit tool |
Updated 24 days ago