|
By David Melamed
Today, I’m thrilled to announce Jit’s full support for GitLab, which will significantly expand our ability to execute our mission to empower every developer to secure everything they code. This new integration will provide all of the same benefits that we’ve been delivering to our customers on GitHub for years, including: If you’re on GitLab, check out the guidelines below to quickly realize these benefits.
|
By Ohav Almog
AWS-Vault is an excellent open-source tool by 99Designs that enables developers to store AWS credentials in their machine keystore securely. After using it for a while at Jit, I decided to dig deeper into how it works and learned a lot along the way. In this article, I will summarize and simplify the information I learned to help others with their aws-vault adoption and lower the barrier to usage.
|
By Ohav Almog
In programming, the term idempotence may sound like a complex and arcane concept reserved for mathematical discussions or computer science lectures. However, its relevance stretches far beyond academia. Idempotence, also called idempotency, is a fundamental principle that is pivotal in ensuring software systems’ predictability, reliability, and consistency.
|
By Ariel Beck
Let’s be honest: some software development changes are bound to fail. The increasing reliance on software systems means that the frequency and complexity of changes are constantly increasing. While you can’t always have pitch-perfect processes, you can bounce back quickly- and, thankfully, there’s a way to measure that. Change Failure Rate (CFR) is one of the four key metrics of DORA Metrics.
|
By Shlomi Kushchi
Let’s keep it real: security compliance often makes your DevOps team feel strained. This burden spans multiple security sub-domains, such as information, network, and endpoint security, and specific security configurations, such as Identity and Access Management (IAM). Restraining budgets and ambitious expansion plans make it even more tempting to brush security under the rug until it becomes a challenge too big to ignore.
|
By Liron Biam
Logging was once just a best practice to help you understand what's happening inside your applications. Now, any security expert worth their salt will tell you that you can’t build a security plan without it. As a result, organizations have turned to specialized logging tools like Log4J to strengthen their application security. This move has proven highly effective, with cyberattack risks on businesses dropping from 44% in 2022 to 34% in 2023.
|
By David Melamed
Today, I’m delighted to announce the release of Jit’s Context Engine, which uses the runtime context of vulnerabilities to automatically prioritize the top security risks in our customers’ cloud applications. One of the defining challenges of product security is the overwhelming volume of alerts generated by code and cloud security scanners, which is especially painful when the majority of “issues” don’t pose any real security risk.
|
By Avichay Attlan
Imagine this: an attacker sneaks a tiny backdoor into software that hundreds of companies use. It sounds like a plot from a spy movie, but it’s a real threat that recently impacted major Linux distributions through a compromised utility tool, XZ Utils. So far, in 2024, over 35 billion known records have been breached. The Linux attack, potentially in action and undetected since 2021, is just one of the many that highlight the alarming proliferation of supply chain attacks.
|
By Liron Biam
The widespread adoption of external libraries and packages in the modern application development process introduces potential security risks that could impact the entire application. To address this, Software Composition Analysis (SCA) tools like npm-audit and OSV Scanner play an important role.
|
By David Melamed
Sisense is a popular monitoring tool that enables users to monitor business metrics from multiple third-party sources in a single dashboard. On April 10, the company informed customers that the sensitive information they entrusted with Sisense may have been compromised and urged them to reset their password and rotate their secrets. According to KrebsOnSecurity, the attackers were allegedly able to access GitLab repositories hosted by Sisense, where hard-coded secrets may have been found.
|
By Jit
Welcome to the end of vulnerability overload. Context Engine intelligently prioritizes the risk of Jit's security findings based on their runtime context, so development and security teams only focus on the alerts that matter.
|
By Jit
With Context Engine, automatically prioritize your vulnerability backlog based on runtime and business context, so you can focus on the alerts that matter.
|
By Jit
Jit provides full product security coverage in minutes, while making it easy for developers to adopt continuous security feedback and remediation into their daily routines.
|
By Jit
In this webinar, David Melamed and Avi Douglen provide their perspective on making code security a part of a software engineering culture.
|
By Jit
Learn how Jit's unique developer UX makes continuous code security exceptionally easy to adopt.
|
By Jit
Learn how Vana was able to improve their product security without having to hire any in-house expertise on code and cloud security.
|
By Jit
Aviram Shmueli, a cofounder at Jit, explains some of the common vulnerabilities that can be mitigated with DevSecOps, which includes coding flaws that expose SQL injection or cross-site scripting vulnerabilities, to security issues in your third-party dependencies.
|
By Jit
Aviram Shmueli, a cofounder at Jit, discusses the importance of integrating DevSecOps into developer tooling like GitHub and Slack.
|
By Jit
Aviram Shmueli, a cofounder at Jit, provides an overview of DecSecOps and explains its benefits compared to traditional product security practices that rely on surfacing vulnerabilities in production.
- July 2024 (2)
- June 2024 (8)
- May 2024 (13)
- April 2024 (21)
- March 2024 (11)
- February 2024 (9)
- October 2023 (3)
- September 2023 (3)
- August 2023 (1)
- June 2023 (3)
- May 2023 (2)
- March 2023 (1)
- February 2023 (2)
Jit is the easiest way to secure your code and cloud, providing full application and cloud security coverage in minutes. Tailor a developer security toolchain to your use case and implement it across your repos in a few clicks.
Jit empowers developers to own the security of their code without ever leaving their workflow, prioritizing the alerts that matter. Using your current security toolset with Jit, your devs can deliver secure code faster than ever.
Full Security Coverage in Minutes:
- Iterative scanning within the PR makes Jit easy to adopt for developers: Fast and automated scanning within GitHub make security checks feel like quality checks, so developers can easily incorporate Jit into their day-to-day.
- Gamified security tracking per team: Every team can monitor their security score, which is based on open vulnerabilities in their repos.
- Leverage an open and extensible orchestration framework: Easily plug any tool into Jit’s extensible orchestration framework to unify the execution and interface of any security tool, enabling a more consistent DevSecOps experience.
The easiest way to secure your code and cloud.