DevSecOps — integrating SAST, SCA, Secrets detection, Container security and IaC scanning with JIT
Do you still remember when it took a long time to implement Security controls into your workflow? Let’s do it in 5 minutes with JIT.io — a modern DevSecOps Orchestration Platform!
Let imagine the following workflow
The list of Security Controls that will be added:
- Detecting secrets tool
- Static application security testing (SAST)
- Software Composition Analysis (SCA)
- Container Security checks
- Infrastructure as code(IaC) scanning
Steps to integrate(5 min):
- Open jit.io and start a free trial
2. Connect you GitHub account
3. Create a .jit repository
4. Install the Jit app in the GitHub Organization
5. Activate the following Security Controls
- Scan code for vulnerabilities
- Scan code dependencies for vulnerabilities
- Scan code for hard-coded secrets
- Scan container images
- Scan IaC for static misconfigurations
You are all set!
All pull requests will be monitored and fail if a potential security finding is detected. See a few examples below.
Success PR example
Fail PR examples
- Secrets detection
- Software Component Analysis
- Docker Scan