DevSecOps — integrating SAST, SCA, Secrets detection, Container security and IaC scanning with JIT

Do you still remember when it took a long time to implement Security controls into your workflow? Let’s do it in 5 minutes with JIT.io — a modern DevSecOps Orchestration Platform!

Let imagine the following workflow

The list of Security Controls that will be added:

1. Detecting secrets tool
2. Static application security testing (SAST)
3. Software Composition Analysis (SCA)
4. Container Security checks
5. Infrastructure as code(IaC) scanning

Steps to integrate(5 min):

1. Open jit.io and start a free trial

2. Connect you GitHub account

3. Create a .jit repository

4. Install the Jit app in the GitHub Organization

5. Activate the following Security Controls

• Scan code for vulnerabilities
• Scan code dependencies for vulnerabilities
• Scan code for hard-coded secrets
• Scan container images
• Scan IaC for static misconfigurations

You are all set!

All pull requests will be monitored and fail if a potential security finding is detected. See a few examples below.

Success PR example

Fail PR examples

• Secrets detection

• Software Component Analysis

• Docker Scan

Read more

Implementing Application Security on your project

DevSecOps — What Security Controls exist and when to implement them?

Could GitHub Copilot produce a vulnerable code?

Follow me and stay secure!