NEW Gartner® Report: Hype Cycle™ for Application Security, 2023

Download Now
Platform
header mobile nav icon
Platform
warranty-badge-highlight 1
Software Supply Chain Security

dashboard-3 1
Application Security Control Plane

cloud-data-transfer 1
Code To Cloud Traceability

shield-check 1
Compliance & SBOM

Customers Company
header mobile nav icon
Company
book icon primary 200
About Us

briefcase icon primary 200
Careers

message icon primary 200
News

calendar icon primary 200
Events

Resources
header mobile nav icon
Resources
squared pencil icon primary 200
Blog

bookmark icon primary 200
Resource Library

brackets icon primary 200
Open Source

Contact Us
  • Blog
  • Legitify adds support for GitLab and GitHub Enterprise Server

Blog

blog post hero icon

Legitify adds support for GitLab and GitHub Enterprise Server

Roy Blit

We encounter security incidents on a weekly basis with prospective customers that involve pipeline manipulation, code theft, and sensitive data exposure - many of which result from bad source code management (SCM) system configurations. Legitify, the open-source security tool we recently announced, is rapidly gaining popularity because it helps users analyze and remediate the security configuration of their SCM resources. 

Adding support for More SCMs

Legitify is a source-code management (SCM) misconfiguration scanner that helps security, DevOps, and engineering teams manage and enforce their SCM configurations in a secure and scalable way. Legitify's initial release only supported GitHub.com, with the aim to provide the open-source community with a tool that would help them prevent software supply chain attacks that originate in GitHub misconfigurations. After its initial release, multiple requests were submitted to support more SCM vendors and solutions, especially those used by enterprise organizations.

GitHub Enterprise Server and GitLab Server are popular on-premises SCM systems widely used in the software development industry. Like all SCMs, misconfigurations in these systems can also lead to serious security vulnerabilities and data breaches.

With Legitify’s latest release, we're now proud to support a this broader range of popular SCMs:

  • GitHub Cloud
  • GitHub Enterprise Server
  • GitLab Cloud
  • GitLab Server

Legitify can identify and help remediate misconfigurations in real time for this expanded list of SCMs, ensuring that both cloud and on-prem SCM implementations are secure and compliant. It can also run periodically to validate these configurations continuously.

 

More Features to Keep your SCMs Continually secured

In addition to expanded SCM support, Legitify’s latest release includes important new features to keep your SCMs secure:

  • Dozens of new SCM security policies that have been added, including a new security policy category called “Runner Groups”, that can detect misconfigurations in GitHub’s runner groups. You can browse all of Legitify’s security policies at legitify.dev.

  • A new GitHub action that can be used to run Legitify as part of the organization’s CI/CD pipeline, allowing users to gain continuous protection and get alerted rapidly when a new misconfiguration is introduced.

  • To enhance the software supply chain security of Legitify's users, every Legitify release contains a SLSA Level 3 Provenance attestation that can be used to verify the authenticity of the tool.

Join the community

Legitify's mission is to help security and development teams ensure that they have secure SCMs across their software delivery pipelines, and we have many more exciting capabilities planned in the future.

Download Legitify now and send us your feedback, we’d love to hear your thoughts and comments. We encourage and appreciate any kind of contribution!
Roy Blit

Share this guide

Blog

Related posts

Securing AI-Generated Code

Securing AI-Generated Code

Legit Security | Explore Legit Security's revolutionary AI application security, risks, and solutions in our blog.

Read More
OpenSSF SCM Best Practices Guide Released With Contributions From Legitify

OpenSSF SCM Best Practices Guide Released With Contributions From Legitify

Legit Security | Explore the collaborative effort by OpenSSF and leading security vendors in the release of SCM Best Practices Guide.

Read More
Legit Security and CrowdStrike: Securing Applications from Code Creation to Cloud Deployment

Legit Security and CrowdStrike: Securing Applications from Code Creation to Cloud Deployment

Legit Security | Legit Security's ASPM platform offers an enterprise-grade ASPM solution, proven by customers.

Read More

Schedule A Demo

Book a 30 minute demo including the option to analyze your own software supply chain, if desired.

Book a Demo