The world today is getting more dependent on technology all around us. Every application that businesses today rely on might have a security loophole that attackers can effectively utilize to harness confidential information, disrupt business operations, or use as a stepping stone for broader attacks.
It should be no surprise that running untrusted code in a GitHub Actions workflow can have unintended consequences. It’s a killer feature, to automatically run through a code test suite whenever a pull request is opened. But that pull request is run in some part...
Legit Security researchers discovered that attackers submitting changes to an open-source repository on GitHub could cause downstream software projects to compile updates with malicious code. ...
Legitify is an open-source GitHub configuration scanner from Legit Security that helps security teams and DevOps engineers manage and enforce their GitHub configurations in a secure and scalable way.
Legit Security, a cyber security company with an enterprise platform to secure an organization’s software supply chain, today announced that it discovered software supply chain attack...
The fact that we are still seeing so many new organizations of all sizes, industries, and geographies joining CNCF is a testament that cloud-native...
Security vulnerabilities discovered by Legit Security in very popular open source projects from Apache and Google could be used to modify source code, steal secrets, and move laterally inside an organization.
Business innovation relies on speed and agility to engage customers in new ways though their software applications and digital business models. However, the hard work that businesses invest in...
Legit Security today revealed that it discovered a privilege escalation vulnerability in GitHub repositories that has since been remediated. Liav Caspi, Legit Security CTO, said the company worked with GitHub to...
Legit Security, a cybersecurity company in the rapidly growing software supply chain security space, has announced $30 million from top tier investors for their Series A funding...
In a recent development, Legit Security today announced its discovery of an easy-to-exploit DoS vulnerability in markdown libraries used by GitHub, GitLab and other applications, using a popular markdown rendering service called commonmarker...
A new class of software supply chain vulnerability in GitHub Actions and Rust leverages artifact poisoning to attack the underlying software development pipelines. People are way too inclined to believe that just because some program, language, operating system...
Most organization’s development team don’t have a fully resourced and dedicated security team, making it a challenging task to get rid of all vulnerabilities and deliver secure software. This is where Legit Security comes into the picture with a mission to secure applications at scale...
All you need to know about software supply chain security and the rapidly evolving regulatory landscape, including who is most affected...
Legit Security launched out of stealth in February 2022 with a cyber security solution to secure software supply chains used by organizations to build and release software applications. As cyber attacks to the software supply chain are projected to increase...
Security researchers at Legit Security identified software supply chain vulnerabilities in the GitHub automated workflows used by Google Firebase and Apache Camel.
Just two days after Google announced the Open Source Software Vulnerability Rewards Program, Legit Security reported attack vulnerabilities in open-source projects from Google.
Cybercrime has appeared more frequently in the news cycle over the past five years. Malicious software and attacks have only grown more sophisticated, and each new development...
A team of Israeli entrepreneurs with roots in the application security ecosystem is taking a stab at software supply chain security with big backing from Bessemer Venture Partners. The venerable venture capital firm is leading...
Legit Security today announces support for additional regulatory compliance frameworks and standards to improve software supply chain security, including ISO 27001, SSDF, FedRAMP, SLSA, NIST, SBOM, and SOC2...
Legit Security today announced that it discovered an easy to exploit Denial-of-Service (DoS) vulnerability in Markdown libraries used by GitHub, GitLab and countless other applications using a popular...
Legit Security today announced it has been shortlisted for the “Security Innovation of the Year” Award for the 2022-2023 Cloud Awards program. Legit Security competed against companies across the US, Canada, Australia, Europe, Israel, and the UK in an international awards program...
Legit Security has been named “Cloud Security Startup of the Year” in the Cybersecurity Breakthrough 2022 Awards. The awards program aims to provide the most comprehensive evaluation of cybersecurity solutions...
In accordance with a growing number of regulations including the President's Executive Order for improving the nation's cybersecurity, the latest Legit Security platform update addresses a wide range of...
Legit Security today announced the responsible disclosure of recently found GitHub-Actions pipeline privilege escalation vulnerabilities. These vulnerabilities...
Legit Security announced its launch out of stealth mode with a Series A $30 million funding announcement with leading venture capital firms Bessemer Venture Partners and TCV. Prior seed funding was provided by...
Legit Security today announced that Legitify, the open-source security tool that it maintains in addition to its enterprise SaaS platform, has expanded support to include GitHub Enterprise Server and GitLab...
Legit Security today announced that it discovered a new class of software supply chain vulnerabilities that leverage artifact poisoning to attack underlying software development pipelines...
Legit Security has been named a winner of the Top InfoSec Innovator Awards for 2022. Judges looked at thousands of information security companies to search for those with the most innovative solutions to some of the most challenging cybersecurity issues facing the marketplace today...
Legitify is a GitHub misconfiguration scanner that helps security teams and DevOps engineers manage and enforce their GitHub configurations in a secure and scalable way. Legitify is a cross-platform security tool that works with Windows, Mac, and Linux and...
Legit Security is named one of 20 Rising Stars as part of the seventh-annual Forbes 2022 Cloud 100 list. The Cloud 100 List is a definitive list of the top private cloud companies in the world, published by Forbes in partnership with Bessemer Venture Partners and Salesforce Ventures. “We are deeply honored to...
Legit Security today announced a free Rapid Risk Assessment to help organizations proactively mitigate the risk of crippling software supply chain...
Mar 14, 2023 by Kevin Broughton
In this blog post, we'll discuss 8 of the top threats targeting cloud applications in 2023. Taking steps to protect...
Feb 28, 2023 by Tor Beer
Development secrets are any data sensitive to an organization or person and should not be exposed publicly. It can be a...
Feb 16, 2023 by Kevin Broughton
Rapid innovation is the lifeblood of many companies in the digital age. If your organization employs a CI/CD workflow,...
