Deliver Your Software With Confidence

Code to cloud traceability refers to tracking applications from code creation, through development, to cloud deployment including visibility into vulnerabilities across code, SDLC systems, and pipelines. This provides valuable context and insights for faster and more efficient remediation by seeing where vulnerabilities in code will ultimately be deployed and where vulnerabilities discovered in production originate.

Login to the platform and use Legit’s integration wizard to agentlessly connect with one or more of your SDLC assets, including source code management systems, build servers, artifact registries, and more. Legit requires an access token with minimum permissions to connect. From there, Legit provides role-based access controls for secure access to our platform across your organization.

Legit is an enterprise SaaS solution that supports both cloud and on-prem resources. Legit has a broker that provides secure connectivity between on-premises SCMs and the Legit Platform. If you prefer to deploy Legit on premises or in your private cloud, Legit provides a containerized version of the platform.

Legit discovers and inventories code repositories, build servers, artifact repositories, packages, product units, collaborators, security controls and other SDLC assets. Each inventoried item is automatically labeled with useful contextual information (e.g. what version of a package manager is my company using?). As Legit creates this inventory, adjacent pipeline systems and infrastructure are identified to create a graph of your software supply chain environment. For example, when connecting Legit to your source code management system, the discovery engine may detect an adjacent Jenkins server or artifactory registry in that pipeline. A visual graph of your software supply chain is automatically created and remains updated in real time.

Legit provides 100s of out-of-the-box policies that span categories such as system misconfigurations, embedded sensitive data, exposed vulnerabilities, events/incidents, and adherence to secure development best practices. Policy examples include, (1) use of insecure build actions; (2) insecure authentication configuration of pipeline tools; and (3) PII detected in code. Request a demo to see our full library of policies.

Legit scores the overall security posture of your software supply chain as well as the ability to score individual areas within it. Legit Scores are based on adherence to security policies, which can be customized into compliance frameworks. Legit scores provide a breakdown report to see exactly what impacts the score to assist in creating an action plan to improve security.

A demo is the easiest way to explore all of these capabilities plus much more.