Legit Security Blog


Legitify adds support for GitLab and GitHub Enterprise Server

We encounter security incidents on a weekly basis with prospective customers that involve pipeline manipulation, code theft, and sensitive data...

Read More

1 min read

The MarkdownTime Vulnerability: How to Avoid This DoS Attack on Business Critical Services

Everybody is familiar with downtimes in major services. It can be very frustrating when a platform your organization depends upon becomes...

Read More

2023 Predictions for Modern Application Security

Software dominates the world and remains abig and accessible attack surface.In 2022, an estimated $6Bwas invested in Application Security, with that...

Read More

How to Continuously Detect Vulnerable Jenkins Plugins to Avoid a Software Supply Chain Attack

Jenkins is an open-source automation and build platform that allows for automated tests, integrations, builds, and much more. However, Jenkins also...

Read More

Introducing Legitify: A Better Way To Secure GitHub

We’re pleased to announce the launch of Legitify – an open-source security tool for GitHub users to automatically discover and remediate insecure...

Read More

Google & Apache Found Vulnerable to GitHub Environment Injection

In this blog post, we'll discuss a new type of GitHub Actions workflow vulnerability we called "GitHub Environment Injection". We've found a couple of

Read More

The Open Source Community And Its Critical Role in Software Supply Chain Security

As we head to the Open Source Summit conference next week, we wanted to discuss our contributions to the open source community, why we invest so much...

Read More

Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks

In this blog post, we’ll explore a bug we’ve found in a popular third-party action and how in some cases it could lead to your SDLC pipeline being...

Read More

Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline

At Legit Security, we’re focused on preventing software supply chain attacks and securing the SDLC for our customers and the broader cybersecurity...

Read More

Announcing Legit Security: The Story Behind Our Mission

I'm excited to share that Legit Security is officially launching out of stealth mode. While in stealth, we’ve been incredibly busy acquiring our...

Read More

Stay Connected

 Please join our mailing list for future updates and announcements.