Security Tools

The following security tools are implemented by Jit workflows to detect potential security vulnerabilities:

Security ToolLayerObjectiveSupportsDocumentation
BanditCodeCode scanning (SAST)Pythonrepo
GosecCodeCode Scanning (SAST)Golangrepo
SemgrepCodeCode scanning (SAST)Javascript, Typescript, Java, Scalarepo
GitleaksCodeSecret detectionTextual file typesrepo
NancyCodeDependency check (SCA)Golangrepo
OSV-ScannerCodeDependency check (SCA)Python, PHPrepo
npm-auditCodeDependency check (SCA)Javascript, Typescriptdocs
KICSInfrastructureInfrastructure-as-code scanningTerraform, Serverless, Pulumi, CloudFormation, AWS CDKrepo
TrivyInfrastructureContainer scanningDocker filesrepo
ZAPRuntimeDynamic scanningAPIs, Web applicationsrepo
ProwlerInfrastructureRuntime scanningAWSrepo
mfa-github-checker3rd party appGitHub 2FA checkerJit tool
mfa-aws-checker3rd party appAWS 2FA checkerJit tool
bp-github-checker3rd party appBranch Protection checkerJit tool