Security Plan Concept

To enable dev organizations to own security & risk for the applications they build, Jit introduces the concept of automation through product security plans. Each plan has a designated target or outcome, and specifies individual security measures for your environment to achieve this outcome. The administrator of this plan, known as a product security champion, selects a security plan from Jit's plans templates and implements it in her environment. The product security champion can gradually advance to more advanced plans as part of a complete product security journey.

To implement the selected product security plan, the Jit platform orchestrates a variety of security tools, including open-source, commercial, cloud-native, and others— including security processes that are part of the developer's routine.

Product security plans are written in YAML code, and can be viewed and edited in your favorite IDE. To learn more about the security plan structure and syntax, refer to the Security Plan Reference section.

Product security for the entire stack

A product security plan covers the entire stack of modern cloud applications.

  • Code— Secure the code against the introduction of security vulnerabilities.
  • Pipeline (CI/CD)— Ensure that the CI/CD pipeline itself is secured.
  • Infrastructure— Secure the resources deployed in a cloud environment.
  • Runtime Application— Secure your applications by identifying threats at runtime.

Adhering to GitOps principles, Jit stores the product security plan within your source code management platform.

Security begins with MVS

#mvs is for #productsecurity what #mvp is for #productdevelopment
#mvs is a lean, iterative approach for adding security ‘just-in-time’, following #gitops principles and leveraging popular open-source & cloud-native security tools.

Did this page help you?