News & Press
News

Legit Security lands $40M to lock down apps and dev environments
Legit Security, a cybersecurity company developing a platform to identify app vulnerabilities from code, has raised $40 million in a Series B funding round led by CRV with participation from Cyberstarts, Bessemer Venture Partners and TCV.
Read Now
What is Application Security Posture Management – Insights Into Gartner’s® New Report
On May 5th, Gartner published an Innovation Insights Report that outlines the latest evolution in AppSec– Application Security Posture Management (or ASPM for short). ASPM is something that we at Legit Security have been pioneering for over a year – a revolution in the way modern application security can be done more...
Read Now
Azure Pipelines vulnerability spotlights supply chain threats
Legit Security researchers discovered a remote code execution flaw within Microsoft's Azure DevOps platform that could give threat actors complete control of development pipelines. Researchers with Israeli startup Legit Security discovered a vulnerability in Microsoft Azure Pipelines that could let threat actors submit...
Read Now
GRC Outlook - Ensuring Application Integrity and Compliance
The world today is getting more dependent on technology all around us. Every application that businesses today rely on might have a security loophole that attackers can effectively utilize to harness confidential information, disrupt business operations, or use as a stepping stone for broader attacks.
Read Now
Denial of Service Vulnerability Found in Libraries used by GitHub & Others
In a recent development, Legit Security today announced its discovery of an easy-to-exploit DoS vulnerability in markdown libraries used by GitHub, GitLab and other applications, using a popular markdown rendering service called commonmarker...
Read Now
GitHub Actions, Sha-1 Retirement, And A Self-worming Vulnerability
It should be no surprise that running untrusted code in a GitHub Actions workflow can have unintended consequences. It’s a killer feature, to automatically run through a code test suite whenever a pull request is opened. But that pull request is run in some part...
Read Now
GitHub Actions Were Vulnerable to Rust Artifact Poisoning
A new class of software supply chain vulnerability in GitHub Actions and Rust leverages artifact poisoning to attack the underlying software development pipelines. People are way too inclined to believe that just because some program, language, operating system...
Read Now
Artifact Poisoning in GitHub Actions Imports Malware Into Software Pipelines
Legit Security researchers discovered that attackers submitting changes to an open-source repository on GitHub could cause downstream software projects to compile updates with malicious code. ...
Read Now
Legit Security: Redefining the Future of Software Supply Chain Security
Most organization’s development team don’t have a fully resourced and dedicated security team, making it a challenging task to get rid of all vulnerabilities and deliver secure software. This is where Legit Security comes into the picture with a mission to secure applications at scale...
Read Now
How scanning GitHub helps secure open-source software supply chains
Legitify is an open-source GitHub configuration scanner from Legit Security that helps security teams and DevOps engineers manage and enforce their GitHub configurations in a secure and scalable way.
Read Now
Software Supply Chain Security and the Rapidly Evolving Regulatory Landscape
All you need to know about software supply chain security and the rapidly evolving regulatory landscape, including who is most affected...
Read Now
Legit Security Discovers and Helps Remediate Software Supply Chain Vulnerabilities in Google Firebase & Apache Open-Source Projects
Legit Security, a cyber security company with an enterprise platform to secure an organization’s software supply chain, today announced that it discovered software supply chain attack...
Read Now
In the second half of 2022, key leaders emerge across diverse industries
Legit Security launched out of stealth in February 2022 with a cyber security solution to secure software supply chains used by organizations to build and release software applications. As cyber attacks to the software supply chain are projected to increase...
Read Now
Cloud Native Computing Foundation Continues Significant Membership Growth, Highlighting Ubiquity of Cloud Native Tech
The fact that we are still seeing so many new organizations of all sizes, industries, and geographies joining CNCF is a testament that cloud-native...
Read Now
Merge Requests and Insecure GitHub Workflows May Lead to Software Supply-Chain Attacks
Security researchers at Legit Security identified software supply chain vulnerabilities in the GitHub automated workflows used by Google Firebase and Apache Camel.
Read Now
Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects
Security vulnerabilities discovered by Legit Security in very popular open source projects from Apache and Google could be used to modify source code, steal secrets, and move laterally inside an organization.
Read Now
Attack Vulnerability Announced Two Days After Google's Vulnerability Rewards Program Launch
Just two days after Google announced the Open Source Software Vulnerability Rewards Program, Legit Security reported attack vulnerabilities in open-source projects from Google.
Read Now
Legit Security Protects Against Modern Threats to Software Applications and Their Supply Chain
Business innovation relies on speed and agility to engage customers in new ways though their software applications and digital business models. However, the hard work that businesses invest in...
Read Now
Legit Security Brings a Needed Layer of Protection to the SDLC Pipeline
Cybercrime has appeared more frequently in the news cycle over the past five years. Malicious software and attacks have only grown more sophisticated, and each new development...
Read Now
Researchers Find Privilege Escalation Vulnerabilities in GitHub Repos
Legit Security today revealed that it discovered a privilege escalation vulnerability in GitHub repositories that has since been remediated. Liav Caspi, Legit Security CTO, said the company worked with GitHub to...
Read Now
Legit Security Raises 30M to Tackle Software Supply Chain Security
A team of Israeli entrepreneurs with roots in the application security ecosystem is taking a stab at software supply chain security with big backing from Bessemer Venture Partners. The venerable venture capital firm is leading...
Read Now
Legit Security Gather 30M Series A
Legit Security, a cybersecurity company in the rapidly growing software supply chain security space, has announced $30 million from top tier investors for their Series A funding...
Read Now
Securing Your CI/CD Pipeline: Exploring the Dangers of Self-Hosted Agents
Continuous Integration/Continuous Deployment (CI/CD) pipelines have become crucial to modern software development practices. CI/CD pipelines can significantly improve development efficiency and software quality by automating the process of building, testing, and deploying code.
Read NowPress

Legit Security Secures $40 Million Series B Investment Led by CRV
Legit Security, a cyber security company with an enterprise Application Security Posture Management (ASPM) platform, has successfully closed a $40 million venture capital round investment led by CRV with participation from existing investors Cyberstarts, Bessemer Venture Partners, and TCV.
Read Now
Legit Security Announces Integration with CrowdStrike to Bring Application Security Posture Management to Customers
Legit Security announced a partnership with CrowdStrike, a global leader in cloud-delivered protection of endpoints, cloud workloads, identity, and data protection. With this partnership, Legit Security integrates with the CrowdStrike Falcon® platform to provide extended application security, auto-discovery, and vulnerability management. Leveraging the two solutions, customers can automatically trace cloud application vulnerabilities back to their code origin and more rapidly prioritize and remediate security issues leveraging deep application context.
Read Now
Legit Security Discovers and Helps Remediate CI/CD Vulnerabilities in Google Open-Source Projects
Legit Security announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline.
Read Now
Legit Security Wins 7 Industry Awards As RSA Conference Wraps Up
Legit Security announced that it has won seven industry awards for its innovative cybersecurity solution. The company joins a rare group of companies that are broadly and consistently recognized for their innovation and market leadership from a consensus of leading cybersecurity experts and judges...
Read Now
Legit Security Extends Platform Capabilities for Code to Cloud Visibility and Security
Legit Security today announces new code to cloud traceability and security capabilities that capture deep security issue context and business insights to drive faster remediation and security issue prioritization for enterprise security teams. These capabilities extend the company’s existing market...
Read Now
Legit Security Announces New Partnership with Snyk
Legit Security announced a partnership with Snyk, the leader in developer security. Together, Legit Security and Snyk help bridge the gap between security and development teams by scaling-up security from code to cloud through the combination of secure code and secure application delivery...
Read Now
Legit Security Uncovers Remote Code Execution Vulnerability in Microsoft’s Azure Pipelines, Posing Serious Risks to Software Supply Chains
Legit Security today announced that it has uncovered a remote code execution vulnerability in Microsoft’s Azure Pipelines. The vulnerability allows attackers to exploit Microsoft’s Azure DevOps Servers to initiate software...
Read Now
Legit Security Add Supports For More Regulatory Compliance Frameworks To Strengthen Software Supply Chain Security
Legit Security today announces support for additional regulatory compliance frameworks and standards to improve software supply chain security, including ISO 27001, SSDF, FedRAMP, SLSA, NIST, SBOM, and SOC2...
Read Now
Legit Security’s Open-Source Security Tool “Legitify” Adds Support for GitLab and GitHub Enterprise Server
Legit Security today announced that Legitify, the open-source security tool that it maintains in addition to its enterprise SaaS platform, has expanded support to include GitHub Enterprise Server and GitLab...
Read Now
Legit Security Discovers “MarkdownTime”, A Vulnerability in Markdown Services Affecting GitHub, GitLab and Countless Others
Legit Security today announced that it discovered an easy to exploit Denial-of-Service (DoS) vulnerability in Markdown libraries used by GitHub, GitLab and countless other applications using a popular...
Read Now
Legit Security Discovers New Class of Development Pipeline Vulnerabilities; Rust Programming Language Vulnerable
Legit Security today announced that it discovered a new class of software supply chain vulnerabilities that leverage artifact poisoning to attack underlying software development pipelines...
Read Now
Legit Security Selected For Security Innovation Of The Year Award Shortlist
Legit Security today announced it has been shortlisted for the “Security Innovation of the Year” Award for the 2022-2023 Cloud Awards program. Legit Security competed against companies across the US, Canada, Australia, Europe, Israel, and the UK in an international awards program...
Read Now
Legit Security Named Winner of Top InfoSec Innovator Award for 2022
Legit Security has been named a winner of the Top InfoSec Innovator Awards for 2022. Judges looked at thousands of information security companies to search for those with the most innovative solutions to some of the most challenging cybersecurity issues facing the marketplace today...
Read Now
Legit Security named "Cloud Security Startup of The Year" in the Cybersecurity Breakthrough Awards
Legit Security has been named “Cloud Security Startup of the Year” in the Cybersecurity Breakthrough 2022 Awards. The awards program aims to provide the most comprehensive evaluation of cybersecurity solutions...
Read Now
Legit Security Launches Open-Source Security Product to Enforce and Scale Secure GitHub Configurations
Legitify is a GitHub misconfiguration scanner that helps security teams and DevOps engineers manage and enforce their GitHub configurations in a secure and scalable way. Legitify is a cross-platform security tool that works with Windows, Mac, and Linux and...
Read Now
Legit Security Announces Support For New Compliance Frameworks To Increase Software Supply Chain Security And Integrity
In accordance with a growing number of regulations including the President's Executive Order for improving the nation's cybersecurity, the latest Legit Security platform update addresses a wide range of...
Read Now
Legit Security Is Named Rising Star As Part Of Forbes’ Cloud 100 List
Legit Security is named one of 20 Rising Stars as part of the seventh-annual Forbes 2022 Cloud 100 list. The Cloud 100 List is a definitive list of the top private cloud companies in the world, published by Forbes in partnership with Bessemer Venture Partners and Salesforce Ventures. “We are deeply honored to...
Read Now
Legit Security Discovers GitHub Privilege Escalation Vulnerability and Warns Organizations To Protect Themselves From Potential Software Supply Chain Attacks
Legit Security today announced the responsible disclosure of recently found GitHub-Actions pipeline privilege escalation vulnerabilities. These vulnerabilities...
Read Now
Legit Security Announces Free Risk Assessment to Help Organizations Secure Themselves From Escalating Software Supply Chain Attacks
Legit Security today announced a free Rapid Risk Assessment to help organizations proactively mitigate the risk of crippling software supply chain...
Read Now
Legit Security Launches Out of Stealth with Series A Investment to Secure Software Supply Chains
Legit Security announced its launch out of stealth mode with a Series A $30 million funding announcement with leading venture capital firms Bessemer Venture Partners and TCV. Prior seed funding was provided by...
Read Now
Legit Security Expands Platform Capabilities for Application Security Posture Management
Legit Security announced expanded capabilities to provide comprehensive visibility into an application's security posture, including deep contextual insights and automated detection-to-remediation workflows so enterprises can release software fast while protecting against evolving threats.
Read NowSchedule a Demo
Book a demo including the option to analyze your own software supply chain.