Legit Security Launches AI-Powered, Enterprise-Grade Secrets Scanning Product

New secrets scanner delivers enterprise-grade performance and scalability, reduces false positives up to 86%, facilitating rapid discovery and remediation across the developer environment.

Boston, MA – March 26, 2024 -- Legit Security, the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced the launch of its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline. An AI-powered solution that enables secrets discovery beyond source code, Legit’s offering is built to meet the needs of even the most complex development organizations.

This new offering provides CISOs and their teams with enterprise-grade security capable of addressing the needs of the world's largest and most complex organizations. Security teams can now identify, remediate, and prevent the exposure of secrets across developer tools, such as GitHub, GitLab, Azure DevOps, Jenkins, Bitbucket, Docker images, Confluence, Jira, and more. Legit’s AI-powered accuracy also drives highly accurate results; false positives are reduced by as much as 86%.

"Unlike many solutions that are based on open source and other commercial tools, Legit’s enterprise secrets scanning goes beyond the source code and is powered by AI for much better accuracy," said Lior Barak, Chief Product Officer at Legit Security. "The reality is that open source and existing solutions are ineffective at detecting secrets across the software development lifecycle; they miss critical findings and lack the management capabilities needed to manage results. That risk is something that today's organizations cannot afford as one mistake can lead to disastrous consequences."

A shot showing our issue pane, including validity indication, the new issue score and the option to “find issues with the same value”A shot showing the Issues pane, including validity indication, the new issue score and the option to “find issues with the same value”


Secrets, such as API keys, access keys, passwords, and personally identifiable information (PII), are valuable assets and a focal point for attackers. At the same time, applications and developers are using more and more secrets and non-human credentials to function. According to IBM's 2023 Data Breach Report, secret leak risks are the second most common initial attack vector. Protecting secrets is mission-critical, as just one disclosure can lead to multiple breaches that are costly and often difficult to remediate. With Legit, organizations can identify, remediate, and prevent the loss of secrets across various developer tools and platforms.

Key benefits of Legit’s enterprise secrets scanning product include:

  • Performance and scale: Organizations receive enterprise-grade secrets scanning capabilities suitable for large-scale organizations to scan thousands of developer assets within minutes.
  • Going beyond source code: CISOs and their teams can identify, remediate, and prevent the loss of secrets across developer tools, ranging from GitHub, GitLab, Azure DevOps, and Bitbucket to Docker images, artifacts, Confluence pages, and more.
  • AI-powered accuracy: Legit delivers more accurate results through its continual learning engine. In addition, extensive context and prioritization capabilities limit the impact of false positives.
  • Centralized management: Organizations can seamlessly create custom policies, manage exceptions, and execute secrets scanning across all products, systems, and teams.
  • Continuous developer attack surface visibility: Legit discovers and analyzes dev assets such as code, build systems, artifacts, and more. This approach ensures no corner is left unchecked and adds context, such as exposure vectors, to the findings.

Legit Security - Secrets Funnel ViewSecrets Issues Funnel


Legit Security - Secrets Issue ViewSecrets Issue View - AI Suspected


With enterprise secrets scanning from Legit, customers can start with secrets scanning and, based on future needs, expand to other use cases, such as vulnerability management, compliance, and software supply chain security.

Highlighting the effectiveness of Legit’s enterprise secrets scanning, a leading financial services organization recently found the security of its software supply chain significantly improved after deploying Legit's solution. The comprehensive scanning and integration capabilities provided insights into potential risks, leading to more informed decision-making and strengthened security practices.

Legit Security's new product is available now to new and existing customers. For more information, visit www.legitsecurity.com. To learn more about how Legit tackles secrets detection across, join a webcast – “Secrets Detection: Why Coverage Throughout the SDLC is Critical to Your Security Posture” – on Thursday, March 28, 2024 at 2:30 pm ET. Register for the event here.


About Legit Security

Legit is a new way to manage your application security posture for security, product and compliance teams. With Legit, enterprises get a cleaner, easier way to manage and scale application security, and address risks from code to cloud. Built for the modern SDLC, Legit tackles the toughest problems facing security teams, including GenAI usage, proliferation of secrets and an uncontrolled dev environment. Fast to implement and easy to use, Legit lets security teams protect their software factory from end to end, gives developers guardrails that let them do their best work safely, and delivers metrics that prove the success of the security program. This new approach means teams can control risk across the business – and prove it. Book a demo today!

Share this guide

Published on
March 26, 2024

Book a 30 minute demo including the option to analyze your own software supply chain, if desired.