Legit Security Releases Industry’s First Software Compliance and Attestation Trust Center

Legit Security expands capabilities to support compliance, audit, and attestation, empowering organizations to prove software compliance faster with the most comprehensive control validation platform.

BOSTON, April 30, 2024 /PRNewswire/ -- Legit Security, the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced extended software compliance, audit, and attestation support with the release of the industry's first software compliance and attestation trust

Legit enables customers to build a repeatable and scalable software security compliance program by automating manual processes and producing the required evidence to
prove compliance. By leveraging multiple frameworks, including SLSA, PCI DSS, SOC2, and ISO 27001, Legit quickly assesses the state of a software security program to identify gaps that create risk.


Legit Security Platform - Risk and Compliance - CISA Attestation

Legit Security Platform - Risk and Compliance - CISA Attestation


In addition, Legit now supports new requirements for the CISA Secure Software Development Attestation Form. CISA offers an essential set of guidelines to ensure software is secure; attestation provides a means for vendors to confirm that software was developed with these standards in mind.

"Compliance and audit requirements prove the expectations for software security are on the rise," said Lior Barak, Chief Product Officer at Legit. "As cyber attacks are increasingly more sophisticated and targeted, it is critical to continuously ensure that software is built based on the industry best practices and frameworks. No matter the size, industry or location, everyone developing software needs an automated and reliable process to find and
close gaps."

Legit’s compliance and attestation trust center features include:

  • Out-of-the-box controls and automated validation: Legit is pre-built with suggested controls for many key frameworks and standards to immediately provide a gap analysis that can be customized to an organization's needs.
  • Customizations to enable precise compliance reporting: Legit's product unit and custom query capabilities allow customers to define products, lines of businesses and apps, and specific controls and policies required for compliance; Legit automatically validates and alerts on any areas that are out of compliance.
  • Capture evidence and reduce exposure: Legit captures and enables users to export required data by using compliance frameworks to determine status when attesting to CISA or other security frameworks.
  • Continuous compliance and faster remediation: Legit simplifies audits and attestations, enabling organizations to upload evidence supporting requirements, validate compliance status, and automate workflows and ownership.
  • New dashboard and reporting capabilities: Legit allows customers to seamlessly drill into multiple frameworks with expanded reporting capabilities to determine security gaps and demonstrate compliance status

Legit’s software compliance and attestation capabilities are available now to new and existing customers. For more information, visit  www.legitsecurity.com.


Legit Security Platform - Risk and Compliance - PO.3.2

Legit Security Platform - Risk and Compliance - PO.3.2


Legit Security Platform - Risk and Compliance - Upload Evidence File

Legit Security Platform - Risk and Compliance - Upload Evidence File


About Legit Security

Legit is a new way to manage your application security posture for security, product and compliance teams. With Legit, enterprises get a cleaner, easier way to manage and scale application security and address risks from code to cloud. Built for the modern SDLC, Legit tackles the toughest problems facing security teams, including GenAI usage, proliferation of secrets and an uncontrolled dev environment. Fast to implement and easy to use, Legit lets security teams protect their software factory from end to end, gives developers guardrails that let them do their best work safely, and delivers metrics that prove the success of the security program. This new approach means teams can control risk across the business – and prove it. Book a demo today!

Share this guide

Published on
April 30, 2024

Book a 30 minute demo including the option to analyze your own software supply chain, if desired.