Check out AI Discovery, the latest addition to the Legit platform. Read the press release now →

Platform
header mobile nav icon
Platform
Platform - Capabilities -
warranty-badge-highlight 1
ASPM

Legit Security - Navbar Icon - Compliance Attestation & Reporting
Compliance Attestation & Reporting

- Features -
Legit IconAI Discovery
AI Discovery

Legit IconCISA Attestation
CISA Attestation

- Integrations -
Legit Security - Navbar Icon - Integrations
Integrations

Modules
Legit For Secret Scanning Nav Icon 2024 - Very Light Purple
Secret Scanning

Use Cases
header mobile nav icon
Use Cases
dashboard-3 1
Vulnerability Management

Legit For Secret Scanning Nav Icon 2024 - Very Light Purple
Secrets Scanning

shield-check 1
Compliance

warranty-badge-highlight 1
Secure SDLC & Software Supply Chain Security

Customers Company
header mobile nav icon
Company
book icon primary 200
About Us

briefcase icon primary 200
Careers

message icon primary 200
In the News

Legit For Press Releases Nav Icon 2024 - Very Light Purple
Press Releases

calendar icon primary 200
Events

Resources
header mobile nav icon
Resources
squared pencil icon primary 200
Blog

bookmark icon primary 200
Resource Library

brackets icon primary 200
Open Source

Contact Us
image of blog Tor Beer

Tor Beer

Showing all posts by Tor Beer

Legit Security | Our team investigated how sensitive information can get exposed via SDLC tools that may be used as part of your development pipeline.

Exposing Secrets Via SDLC Tools: The Artifactory Case

February 28, 2023

Our team investigated how sensitive information can get exposed via SDLC tools that may be used as part of your development pipeline.

Read More
Legit Security | We investigate how sensitive information can get exposed via AppSec tools that you use in your dev pipeline, using the SonarQube Case.
Threats

Exposing Secrets Via SDLC Tools: The SonarQube Case

January 19, 2023

We investigate how sensitive information can get exposed via AppSec tools that you use in your dev pipeline, using the SonarQube Case.

Read More
We explore our findings in a popular implementation vulnerability of the markdown engine and potential Denial-of-Service (DoS) attack that it could cause.
Legit Threats

The MarkdownTime Vulnerability: How to Avoid This DoS Attack on Business Critical Services

January 18, 2023

We explore our findings in a popular implementation vulnerability of the markdown engine and potential Denial-of-Service (DoS) attack that it could cause.

Read More
Earlier today, Stephan Lacy published a Twitter post about a massive attack on GitHub. Even though later it was understood that none of the original GitHub repositories was infected, the attack attempt is a huge deal.
Threats SCMs

Breaking News: How a Massive Malware Attack Almost Occurred on GitHub

August 03, 2022

Earlier today, Stephan Lacy published a Twitter post about a massive attack on GitHub. Even though later it was understood that none of the original GitHub repositories was infected, the attack attempt is a huge deal.

Read More
Create a Secure Software Supply Chain in 10 Easy Steps In today’s age of security breaches, it’s more important than ever to create a secure software supply chain. Follow these 10 easy steps to keep your business safe.
CISO Best Practices

How to Secure Your Software Supply Chain in 10 Steps

August 02, 2022

Create a Secure Software Supply Chain in 10 Easy Steps In today’s age of security breaches, it’s more important than ever to create a secure software supply chain. Follow these 10 easy steps to keep your business safe.

Read More
On April 1st, GitLab announced Critical Security Release CVE-2022-1162, disclosing a very bizarre vulnerability and illustrating some important lessons in securing a software supply chain.
Threats SCMs

A Cautionary Tale: The Untold Story of the GitLab CVE Backdoor (CVE-2022-1162)

April 06, 2022

On April 1st, GitLab announced Critical Security Release CVE-2022-1162, disclosing a very bizarre vulnerability and illustrating some important lessons in securing a software supply chain.

Read More

Request a Demo

Request a demo including the option to analyze your own software supply chain.

Request a Demo