Secure Your Software Supply Chain Environment

A software supply chain is the ecosystem of systems, infrastructure, processes and people involved in developing software. A compromise within a company’s software supply chain can negatively impact all of that company’s downstream customers.

An SDLC (Software Development Life Cycle) asset is a resource within a software supply chain environment. Examples of SDLC assets include: Source Code Management (SCM) systems (e.g. GitHub), build servers (e.g. Jenkins) and artifact repositories (e.g. JFrog).

Login to the platform and use Legit’s integration wizard to agentlessly connect with one or more of your SDLC assets. Legit typically requires an access token with minimum permissions to connect. From there, Legit provides role-based access controls for secure and broad based availability across your organization.

Legit is an enterprise SaaS solution that supports both cloud and on-prem resources. Legit has a broker that provides secure connectivity between on-premises SCMs and the Legit Platform. If you prefer to deploy Legit on premises or in your private cloud, Legit provides a containerized version of the platform.

Legit discovers and inventories code repositories, build servers, artifact repositories, packages, product units, collaborators, security controls and other SDLC assets. Each inventoried item is automatically labeled with useful contextual information (e.g. what version of a package manager is my company using?). As Legit creates this inventory, adjacent pipeline systems and infrastructure are identified to create a graph of your software supply chain environment. For example, when connecting Legit to your source code management system, the discovery engine may detect an adjacent Jenkins server or artifactory registry in that pipeline. A visual graph of your software supply chain is automatically created and remains updated in real time.

Legit provides 100s of out-of-the-box policies that span categories such as system misconfigurations, embedded sensitive data, exposed vulnerabilities, events/incidents, and adherence to secure development best practices. Policy examples include, (1) use of insecure build actions; (2) insecure authentication configuration of pipeline tools; and (3) PII detected in code. Request a demo to see our full library of policies.

Book a Demo

Legit scores the overall security posture of your software supply chain as well as the ability to score individual areas within it. Legit Scores are based on adherence to security policies, which can be customized into compliance frameworks. Legit scores provide a breakdown report to see exactly what impacts the score to assist in creating an action plan to improve security.

A demo is the easiest way to explore all of these capabilities plus much more. Click the link below.

Book a Demo