Secure Your Software Supply Chain Environment
Automatically discover security issues, remediate threats and ensure the integrity and compliance of every software release

The Legit Security Platform


Risk Protection
and Remediation

Security Scoring
and Compliance
Make Your Software Factory Secure and Tamper-Proof
See all of your SDLC
- Comprehensive, visual inventory that's continually updated
- Reveal unknown, misconfigured and vulnerable SDLC systems and infrastructure
- See which pipelines are secure, and which are vulnerable
- Centralized visibility over the location, coverage and configuration of your existing security tools and scanners
Prevent SDLC Attacks
- Catch insecure build actions before they can embed vulnerabilities downstream
- Centralized, early scanning of secrets and PII before being pushed into the SDLC
- Validate safe usage of plug-ins, images and other executables that could impact release integrity
- Remediate risks with in-depth context to address issues fast
Continuous Compliance
- Receive alerts for drift from compliance frameworks in real time, such as SOC2, OpenSSF, NIST and ISO27001
- Get security posture at-a-glance with Legit Security Scores
- Instantly detect the removal of a mandatory security control
- Track security trends across teams and product lines to improve security posture and incentivize behavior
Easy to Implement & Fast Time-To-Value
Legit doesn't interfere with your existing development tools and workflows. Onboard your CI/CD stack in minutes via an agentless connection.
Built For Enterprise
Security at Scale
Real-time support for 1,000,000s of events generated by 10,000s of developers and 100,000s of repositories
Align to Business Lines
Create workspaces for each business unit and assign SDLC assets and infrastructure to your teams and product lines
Works With Workflows
Integrate your own alert and ticketing tools or use ours. Legit always provides an up-to-date, centralized view
UI or API
Legit integrates with existing tools, systems and workflows. Manage via our platform's User Interface and/or full-featured APIs.
Risk & Compliance
Continuously monitoring adherence to regulatory requirements and custom compliance frameworks
Connect Agentlessly
Simply connect Legit via an access token requiring minimal permissions to start securing your software supply chain now
Frequently Asked Questions
-
How do you define “software supply chain”?
A software supply chain is the ecosystem of systems, infrastructure, processes and people involved in developing software. A compromise within a company’s software supply chain can negatively impact all of that company’s downstream customers.
-
What is an SDLC asset?
An SDLC (Software Development Life Cycle) asset is a resource within a software supply chain environment. Examples of SDLC assets include: Source Code Management (SCM) systems (e.g. GitHub), build servers (e.g. Jenkins) and artifact repositories (e.g. JFrog).
-
How do I deploy and access Legit?
Login to the platform and use Legit’s integration wizard to agentlessly connect with one or more of your SDLC assets. Legit typically requires an access token with minimum permissions to connect. From there, Legit provides role-based access controls for secure and broad based availability across your organization.
-
How does Legit support on premises use cases?
Legit is an enterprise SaaS solution that supports both cloud and on-prem resources. Legit has a broker that provides secure connectivity between on-premises SCMs and the Legit Platform. If you prefer to deploy Legit on premises or in your private cloud, Legit provides a containerized version of the platform.
-
What does Legit automatically discover?
Legit discovers and inventories code repositories, build servers, artifact repositories, packages, product units, collaborators, security controls and other SDLC assets. Each inventoried item is automatically labeled with useful contextual information (e.g. what version of a package manager is my company using?). As Legit creates this inventory, adjacent pipeline systems and infrastructure are identified to create a graph of your software supply chain environment. For example, when connecting Legit to your source code management system, the discovery engine may detect an adjacent Jenkins server or artifactory registry in that pipeline. A visual graph of your software supply chain is automatically created and remains updated in real time.
-
What are examples of Legit’s security policies?
Legit provides 100s of out-of-the-box policies that span categories such as system misconfigurations, embedded sensitive data, exposed vulnerabilities, events/incidents, and adherence to secure development best practices. Policy examples include, (1) use of insecure build actions; (2) insecure authentication configuration of pipeline tools; and (3) PII detected in code. Request a demo to see our full library of policies.
-
What is a Legit Security Score?
Legit scores the overall security posture of your software supply chain as well as the ability to score individual areas within it. Legit Scores are based on adherence to security policies, which can be customized into compliance frameworks. Legit scores provide a breakdown report to see exactly what impacts the score to assist in creating an action plan to improve security.
-
How can I learn more?
A demo is the easiest way to explore all of these capabilities plus much more. Click the link below.
See a Demo
Schedule a 30-minute demo to see how Legit can help you secure your software supply chain environment