Onboarding Overview

Welcome to Jit!

The first onboarding step is to connect Jit with your GitHub or GitLab account:

Integrating with GitHub or GitLab will automatically activate the following code scanners:

Static Application Security Testing (SAST) to detect security flaws in your custom code
Software Composition Analysis (SCA) to detect known vulnerabilities in open source components
Secrets Detection to flag hardcoded secrets in your code, such as passwords, API keys and cloud provider tokens.

The scanners will analyze your code using two flows:

The first scanning flow is a full codebase scan (or a full scan of selected GitHub repositories/GitLab projects). The first codebase scan will take place the moment you connect Jit with GitHub or GitLab. The results of the scan are documented in the Backlog page.
The second scanning flow is continuous scanning for every code change, which is experienced by developers within GitHub or GitLab. This flow is designed to make it easy for developers to consistently resolve code security issues before deployment.

Other important notes:

Jit NEVER clones or pulls your code to the cloud. All scanners run on GitHub Actions/GitLab Pipelines (including the self-hosted versions if needed).
Activate additional scanners by navigating to Security Plans (left menu) → Jit Max Security Plan
Integrating Jit with your cloud environment will enable other core Jit features, including:
- Contextual prioritization that assigns risk scores to each security issue based on their runtime context (AWS and GCP only)
- Cloud Security Posture Management to scan your cloud infrastructure in runtime for misconfigurations (AWS, GCP, and Azure)
Explore Jit's features to learn more.