Security Tools

The following security tools are implemented by Jit workflows to detect potential security vulnerabilities:

Security ToolLayerJit Security ControlSupportsDocumentation
SemgrepApplication SecurityScan your code for vulnerabilities (SAST)Javascript, Typescript, Python, Go, Java, Scala, Kotlin, Swift, Rust, C#, PHP, C, C++repo
GosecApplication SecurityScan your code for vulnerabilities (SAST)Gorepo
GitleaksApplication SecurityScan code for hard-coded secretsText filesrepo
TruffleHogApplication SecurityScan code for hard-coded secretsText filesrepo
NancyApplication SecurityScan your code dependencies for vulnerabilities (SCA)Gorepo
OSV-ScannerApplication SecurityScan your code dependencies for vulnerabilities (SCA)Python, PHPrepo
npm-auditApplication SecurityScan your code dependencies for vulnerabilities (SCA)Javascript, Typescriptdocs
TrivyApplication SecurityScan your Dockerfiles for vulnerabilitiesDockerfilerepo
KICSCloud SecurityScan your infrastructure-as-code (IaC) for misconfigurationsTerraform, Serverless Framework, Pulumi, CloudFormation, AWS CDKrepo
KubescapeCloud SecurityScan Kubernetes configuration filesK8s manifest files, Helm chartsrepo
ProwlerCloud SecurityScan infrastructure for runtime misconfigurationsAWS, GCP, Azurerepo
AWS Security HubCloud SecurityImport AWS Security Hub FindingsAWSdocumentation
AWS MFA CheckerCloud SecurityVerify that the users of your AWS accounts have enabled MFAAWSJit tool
ZAPDASTScan your API for vulnerabilities (DAST)
Scan your web application for vulnerabilities (DAST)
APIs, Web applicationsrepo
LegitifyCI/CD SecurityDetect GitHub misconfigurationsGitHubrepo
GitHub MFA CheckerCI/CD SecurityVerify that MFA for your GitHub organization is enabledGitHubJit tool
GitHub BP CheckerCI/CD SecurityVerify that Github Branch Protection is properly configuredGitHubJit tool