Security Tools

The following security tools are implemented by Jit workflows to detect potential security vulnerabilities:

Security ToolLayerJit Security ControlSupportsDocumentation
SemgrepApplication SecurityScan your code for vulnerabilities (SAST)Javascript, Typescript, Python, Go, Java, Scala, Kotlin, Swift, Rust, C#, PHPrepo
GosecApplication SecurityScan your code for vulnerabilities (SAST)Gorepo
GitleaksApplication SecurityScan code for hard-coded secretsText filesrepo
TruffleHogApplication SecurityScan code for hard-coded secretsText filesrepo
NancyApplication SecurityScan your code dependencies for vulnerabilities (SCA)Gorepo
OSV-ScannerApplication SecurityScan your code dependencies for vulnerabilities (SCA)Python, PHPrepo
npm-auditApplication SecurityScan your code dependencies for vulnerabilities (SCA)Javascript, Typescriptdocs
TrivyApplication SecurityScan your Dockerfiles for vulnerabilitiesDockerfilerepo
KICSCloud SecurityScan your infrastructure-as-code (IaC) for misconfigurationsTerraform, Serverless Framework, Pulumi, CloudFormation, AWS CDKrepo
KubescapeCloud SecurityScan Kubernetes configuration filesK8s manifest files, Helm chartsrepo
ProwlerCloud SecurityScan infrastructure for runtime misconfigurationsAWS, GCP, Azurerepo
ZAPDASTScan your API for vulnerabilities (DAST)
Scan your web application for vulnerabilities (DAST)
APIs, Web applicationsrepo
LegitifyCI/CD SecurityDetect GitHub misconfigurationsGitHubrepo
AWS Security HubCloud runtime scanningImport AWS Security Hub FindingsAWSdocumentation
aws-mfa-checkerCloud SecurityVerify that the users of your AWS accounts have enabled MFAAWSJit tool
github-mfa-checkerCI/CD SecurityVerify that MFA for your GitHub organization is enabledGitHubJit tool
github-bp-checkerCI/CD SecurityVerify that Github Branch Protection is properly configuredGitHubJit tool