DevSecOps — integrating SAST, SCA, Secrets detection, Container security and IaC scanning with JIT

YevhSec1
3 min readSep 21, 2022

--

Do you still remember when it took a long time to implement Security controls into your workflow? Let’s do it in 5 minutes with JIT.io — a modern DevSecOps Orchestration Platform!

Let imagine the following workflow

The list of Security Controls that will be added:

  1. Detecting secrets tool
  2. Static application security testing (SAST)
  3. Software Composition Analysis (SCA)
  4. Container Security checks
  5. Infrastructure as code(IaC) scanning

Steps to integrate(5 min):

  1. Open jit.io and start a free trial

2. Connect you GitHub account

3. Create a .jit repository

4. Install the Jit app in the GitHub Organization

5. Activate the following Security Controls

  • Scan code for vulnerabilities
  • Scan code dependencies for vulnerabilities
  • Scan code for hard-coded secrets
  • Scan container images
  • Scan IaC for static misconfigurations

You are all set!

All pull requests will be monitored and fail if a potential security finding is detected. See a few examples below.

Success PR example

Fail PR examples

  • Secrets detection
  • Software Component Analysis
  • Docker Scan

--

--

YevhSec1

MSc in Cyber Security, OSCP, eWPTXv2, CEH Master. Awarded by Apple, Trello, Paysera..