Security at Scale
Real-time support for 1,000,000s of events generated by 10,000s of developers and 100,000s of repositories
Secure applications from code to cloud with real-time security posture management for the integrity, governance and compliance of every software release.
Real-time support for 1,000,000s of events generated by 10,000s of developers and 100,000s of repositories
Create workspaces for each business unit and assign SDLC assets and infrastructure to your teams and product lines
Integrate your preferred alert, ticketing, productivity and workflow tools to remediate issues and collaborate
Manage via our platform's User Interface and/or full-featured APIs to integrate with existing tools, systems and SOCs
Continuously monitor adherence to regulatory requirements including your custom compliance frameworks
Connect Legit via a read-only access token and immediately gain visibility and security from code to cloud
A software supply chain is the ecosystem of systems, infrastructure, processes and people involved in developing software. A compromise within a company’s software supply chain can negatively impact all of that company’s downstream customers.
Code to cloud traceability refers to tracking applications from code creation, through development, to cloud deployment including visibility into vulnerabilities across code, SDLC systems, and pipelines. This provides valuable context and insights for faster and more efficient remediation by seeing where vulnerabilities in code will ultimately be deployed and where vulnerabilities discovered in production originate.
Login to the platform and use Legit’s integration wizard to agentlessly connect with one or more of your SDLC assets, including source code management systems, build servers, artifact registries, and more. Legit requires an access token with minimum permissions to connect. From there, Legit provides role-based access controls for secure access to our platform across your organization.
Legit is an enterprise SaaS solution that supports both cloud and on-prem resources. Legit has a broker that provides secure connectivity between on-premises SCMs and the Legit Platform. If you prefer to deploy Legit on premises or in your private cloud, Legit provides a containerized version of the platform.
Legit discovers and inventories code repositories, build servers, artifact repositories, packages, product units, collaborators, security controls and other SDLC assets. Each inventoried item is automatically labeled with useful contextual information (e.g. what version of a package manager is my company using?). As Legit creates this inventory, adjacent pipeline systems and infrastructure are identified to create a graph of your software supply chain environment. For example, when connecting Legit to your source code management system, the discovery engine may detect an adjacent Jenkins server or artifactory registry in that pipeline. A visual graph of your software supply chain is automatically created and remains updated in real time.
Legit provides 100s of out-of-the-box policies that span categories such as system misconfigurations, embedded sensitive data, exposed vulnerabilities, events/incidents, and adherence to secure development best practices. Policy examples include, (1) use of insecure build actions; (2) insecure authentication configuration of pipeline tools; and (3) PII detected in code. Request a demo to see our full library of policies.
Legit scores the overall security posture of your software supply chain as well as the ability to score individual areas within it. Legit Scores are based on adherence to security policies, which can be customized into compliance frameworks. Legit scores provide a breakdown report to see exactly what impacts the score to assist in creating an action plan to improve security.
A demo is the easiest way to explore all of these capabilities plus much more. Click the link below.
Onboard your CI/CD stack in minutes via an agentless connection and see our platform in action.