A Better Way to Secure GitHub

Legitify is an open-source security tool for GitHub users to automatically discover insecure configurations.

Learn MoreDownload Now
Legitify Logo - White

Are Your GitHub Implementations Secure?

It’s difficult and time-consuming to consistently enforce security across large GitHub implementations, and GitHub misconfigurations are a very common source of vulnerabilities. Different individuals often deploy GitHub instances with different configurations and settings. However, manually enforcing consistency across large GitHub organizations is very labor intensive and prone to human error.

GitHub Logo Mark

Auto-Discover Insecure Configurations

 Legitify is an open-source GitHub configuration scanner from Legit Security that helps security teams and DevOps engineers manage and enforce their GitHub configurations in a secure and scalable way. Legitify automatically detects security issues, provides remediation steps to address them, and represents a subset of the capabilities available in the broader Legit Security Platform. Here's how Legitify works:

1. Connect Easily

Legitify connects to GitHub via an access token and detects issues across four resource types: member, repository, actions, and organization. Legitify provides the option to scan by specific GitHub instance and/or resource type, or to scan an entire GitHub organization across all resource types.

Legitify - Connect Easily


Legitify - Scan Quickly


2. Scan Quickly

Legitify rapidly scans your GitHub implementations via the command line to detect a wide range of security issues associated with GitHub configurations and settings. Use Legitify across an entire GitHub organization of any size.

3. Detect Security Issues

Any security issue detected is listed in the results including the name of the issue with a brief description and severity categorization. Remediation steps are also provided along with the entityID of the violation.

Legitify - Detect Security Issues


Legitify - Obtain Security Score


4. Obtain Security Scores

Legitify is integrated with OSSF Scorecard so you can run Scorecard within Legitify to assess the security posture of repositories using the Security Scorecard framework.

Cross-Platform Deployment

Legitify is an open source, cross-platform binary that works on Windows, Mac and Linux. Security and DevOps engineers run Legitify in the command line. Several improvements are planned for the future, including the ability to support periodic scanning schedules.


Download /// Documentation

Get the latest version of Legitify by downloading below and read through the
documentation for an in-depth look at how our tool works.