Onboarding Overview

Welcome to Jit!

The first onboarding step is to connect Jit with your GitHub, GitLab, Bitbucket or Azure DevOps account:

Integrating with your SCM account will automatically activate the following code scanners:

Static Application Security Testing (SAST) to detect security flaws in your custom code
Software Composition Analysis (SCA) to detect known vulnerabilities in open source components
Secrets Detection to flag hardcoded secrets in your code, such as passwords, API keys and cloud provider tokens.

The scanners will analyze your code using two flows:

The first scanning flow is a full codebase scan (or a full scan of selected repositories/projects). The first codebase scan will take place the moment you connect Jit with your SCM account. The results of the scan are documented in the Backlog page.
The second scanning flow is continuous scanning for every code change, which is experienced by developers within your SCM account. This flow is designed to make it easy for developers to consistently resolve code security issues before deployment.

Other important notes:

Activate additional scanners by navigating to Security Plans (left menu) → Jit Max Security Plan
Integrating Jit with your cloud environment will enable other core Jit features, including:
- Contextual prioritization that assigns risk scores to each security issue based on their runtime context (AWS and GCP only)
- Cloud Security Posture Management to scan your cloud infrastructure in runtime for misconfigurations (AWS, GCP, and Azure)
Explore Jit's features to learn more.