Blogs about Legit
.png?width=740&height=220&name=image%20(62).png)
GitHub Locks Down npm: What the New Install Defaults Mean for Your Supply Chain
In July 2026, GitHub is going to change how npm install works for the first time in npm's history - and it's going to break some builds on purpose. Starting with npm v12, the package manager will stop automatically running install scripts, pulling Git dependencies, or fetching dependencies from remote URLs unless you explicitly approve each one. Behavior that's been on-by-default for over a decade is becoming opt-in.
Read More
Agentic AppSec: closing the remediation gap and automating application security
Application security has spent a decade getting brilliant at half of its job. This is about automating the other half – starting with the fix, and not stopping there.
Read More
The Government Just Made Our Case: Stop Fixing Everything, Fix What Matters.
On June 10, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a new directive on how federal agencies should handle software vulnerabilities. Agencies now must ask whether a flaw is genuinely exposed and exploitable before treating it as urgent, which means the old “every critical is a five-alarm fire” approach is officially dead.
Read More.png?width=740&height=220&name=image%20(57).png)
Fable 5 Is Here. The AppSec Problem Hasn’t Changed.
Anthropic’s release of Fable 5 has reignited discussion about what AI means for cybersecurity. When the company building the technology is cautious about how broadly it should be deployed, security teams should pay attention.
Read More
The Missing Security Layer in AI-First Development
AI coding agents have changed how developers work. Alongside the productivity gains comes a new challenge: how do organizations ensure AI-generated code is secure from the moment it’s written?
Read More
Scaling Our Vision: Welcoming Tamar Nulman and Omri Arnon to the Legit Team
Welcoming two world-class leaders to the Legit Security family: Tamar Nulman, our new VP of HR, and Omri Arnon, our Head of Engineering.
Read More-1.png?width=740&height=220&name=4%20(2)-1.png)
Mythos: Just One Piece of the Cybersecurity Puzzle
Anthropic’s new AI model, Mythos, is being framed as a “cybersecurity reckoning.” Read more here.
Read More
When AI Writes the Code, What Changes for Security?
A security breach linked to a compromised Trivy binary exposed LiteLLM. Learn how to protect your infrastructure now.
Read More
Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions
A security breach linked to a compromised Trivy binary exposed LiteLLM. Learn how to protect your infrastructure now.
Read More
When Your Scanner Becomes the Weapon: From Trivy to LiteLLM
A security breach linked to a compromised Trivy binary exposed LiteLLM. Learn how to protect your infrastructure now.
Read More
The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond
Aqua Security's Trivy vulnerability scanner was compromised, exposing sensitive data. Learn how to respond and secure your systems effectively.
Read More
Legit Security Named 2026 AI Code Innovator in AppSec, Leader in AppSec Management
Legit Security recognized as a leader in AppSec for innovating AI code security. Discover the award-winning VibeGuard platform.
Read More.png?width=740&height=220&name=image%20(42).png)
Legit License Scanning and Policy Enforcement
Upgraded Custom ASPM Dashboards: Build Security Views That Match How Your Teams Work
Read More.png?width=740&height=220&name=image%20(44).png)
Software License Scanning vs. Manual License Review: The True Cost of Compliance
Upgraded Custom ASPM Dashboards: Build Security Views That Match How Your Teams Work
Read More
Upgraded Custom ASPM Dashboards: Build Security Views That Match How Your Teams Work
Upgraded Custom ASPM Dashboards: Build Security Views That Match How Your Teams Work
Read More
Executive Brief: Questions AI is Creating that Security Can't Answer Today
Executive Brief: Questions AI is Creating that Security Can't Answer Today
Read More
Technical Architecture Guide: Fixing Code Issues Early to Protect Developer Flow
Technical Architecture Guide: Fixing Code Issues Early to Protect Developer Flow
Read More
The AI Security Maturity Model for AI-First Development Teams
The AI Security Maturity Model for AI-First Development Teams
Read More
When Security Incidents Break: The Questions Every CISO Asks (And How We Securely Built a Solution in Record Time)
When Security Incidents Break: The Questions Every CISO Asks (And How We Securely Built a Solution in Record Time)
Read More
Enterprise POV: Why AI Policy Without Enforcement Fails at Scale
Enterprise POV: Why AI Policy Without Enforcement Fails at Scale.
Read More
What Breaks First When AI-Generated Code Goes Ungoverned?
What Breaks First When AI-Generated Code Goes Ungoverned?
Read More
.jpg?width=740&height=220&name=Blog-Image-Reality%20Check%20on%20Securing%20AI-Generated%20Code-2%20(1).jpg)
The 2025 State of Application Risk Report: Understanding AI Risk in Software Development
Get details on the AI risks Legit unearthed in enterprises' software factories.
Read More
Strengthening Software Security Under the EU Cyber Resilience Act: A High-Level Guide for Security Leaders and CISOs
Get guidance on key tenets of the EU CRA and how Legit can help address them.
Read More.png?width=740&height=220&name=Legit-NewAICapabilities-2%20(1).png)
How Legit Is Using Classic Economic Tools to Prevent Application Vulnerabilities
Prevent vulnerabilities and learn how Legit uses data-driven methods like the Lorenz Curve and the Gini Index to uncover high-risk areas in your SDLC.
Read More.png?width=740&height=220&name=ASPM_1200x627%20(2).png)
The Power of Identifying Continuously Vulnerable Repositories (CVRs)
Legit Security is redefining application security by analyzing CVRs, helping enterprises prevent vulnerabilities from recurring in their SDLC.
Read More
Legit SLA Management & Governance – Built for Enterprise-Scale AppSec
Get details on Legit's powerful SLA management capabilities.
Read More
The 2025 State of Application Risk Report: Understanding Toxic Combinations in Application Security
Get details on the most common toxic combinations Legit unearthed in enterprises' software factories.
Read More
.png?width=740&height=220&name=Blog%20Thumbnail%20(1).png)
White House Executive Order: Strengthening and Promoting Innovation in the Nation’s Cybersecurity
Get details on this new cybersecurity Executive Order and its implications.
Read More
Securing the Vault: ASPM's Role in Financial Software Protection
Discover the importance of Application Security Posture Management (ASPM) in financial software protection. Learn how ASPM enhances security practices and compliance in the U.S. financial services sector through Legit Security.
Read More
Securing the Software Supply Chain: Risk Management Tips
Securing the Software Supply Chain: Risk Management Tips. Securing the software supply chain can seem daunting, but with the right strategy, you can optimize your software supply chain risk management practices.
Read More
How to Get the Most From Your Secrets Scanning
How to Get the Most From Your Secrets Scanning. Secret scanning is essential for unlocking next-level software supply chain security. Get tips & best practices for optimal secret scanning to secure your code.
Read More
Microsoft Under Attack by Russian Cyberattackers
Microsoft Under Attack by Russian Cyberattackers. Understand how these attackers are operating and what their tactics mean for security strategies.
Read More
Using AI to Reduce False Positives in Secrets Scanners
Using AI to Reduce False Positives in Secrets Scanners. Get an overview of how secrets scanners work, and how Legit is reducing secret-scanning false positives..
Read More
Securing AI-Generated Code
Explore Legit Security's revolutionary AI application security, risks, and solutions in our blog.
Read More
2023 Predictions for Modern Application Security
This blog analyzes trends in application security and predicts the future direction of enterprise application security programs.
Read More.png?width=740&height=220&name=Blog%20Exposing%20Secrets%20(2).png)
Exposing Secrets Via SDLC Tools: The Artifactory Case
Our team investigated how sensitive information can get exposed via SDLC tools that may be used as part of your development pipeline.
Read More
How to Continuously Detect Vulnerable Jenkins Plugins to Avoid a Software Supply Chain Attack
See how attackers used compromised Jenkins plugins to attack the software supply chain and how to continuously detect vulnerable Jenkins plugins at scale.
Read More
Google & Apache Found Vulnerable to GitHub Environment Injection
Learn how Legit Security discovered a vulnerable GitHub actions workflow that affected Google, Apache and potentially many more. Get details on the vulnerability and what you can do to mitigate it.
Read More
Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks
We examine a bug we’ve found in a popular third-party GitHub action and how it could lead to your SDLC pipeline being attacked. Read more to improve GitHub security and secure your software supply chain.
Read More
Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline
Learn how Legit Security discovered a vulnerable GitHub actions workflow. Get details on the vulnerability and and what you can do to mitigate it.
Read More