Announcing Jit Resources – Focus security remediation on your most critical assets

Product security leaders face the monumental task of identifying and safeguarding their most critical cloud and application assets within large and complex cloud environments.

Application and cloud security scanners often flood security teams with long backlogs of issues, but lack the crucial context to prioritize the vulnerabilities that reside in the most critical resources — like the resources that are exposed to the internet, running in production, or directly interact with business-critical services, often referred to as "crown jewels."

This lack of contextual awareness can leave security risks in vital resources buried under noise, while teams waste valuable time chasing down non-critical issues. 

That’s why Jit is introducing Resources — a powerful new feature that leverages Jit’s Context Engine to automatically map and prioritize the most critical resources in your cloud environment. 

Here is what Jit Resources can do:

• Auto discovery and risk scoring for code resources: Jit provides a continuously updated inventory of all code repos in your environment, which are assigned a risk score depending on the risk that unresolved security issues introduce.

• Filter resources according to risk factors to focus prioritization: Instantly pull up all resources that are in production, accessible via the internet, or call a database, and view all of the security issues within them.

• Label crown jewels to track the security of critical resources: manually tag specific resources, so you can easily pull them up to monitor their security risks.

How to use Jit Resources to focus on the most critical risks

After integrating Jit with your Source Code Manager (GitHub or Gitlab) and AWS or GCP, Jit’s Context Engine will automatically discover your code resources and map them on a knowledge graph.

This knowledge graph is enriched with properties that describe the risk of each resource – like whether a code repository is being deployed to production, is exposed to the internet via an API gateway, or calls a sensitive database, for example. We call these variables “Priority Factors”, because they provide useful information for prioritizing the most critical resources that must be secured.

Jit Resources group code repositories according to these Priority Factors – providing a complete and continuously updated inventory of our environment. In the screenshot below, we can see how many resources fall under each Priority Factor and their associated risk scores – which are determined by the risk that unresolved issues introduce.



If we wanted to see all of the security issues within our resources in production, for example, we could simply open up the “Production” box.

In this case, we see a list of code repositories being deployed to production – along with other tagged Priority Factors for each repo. These Priority Factors are wrapped up into a Risk Score, which ranks each repo according to the risk they introduce.



Clearly, the repo at the top of the list is introducing the most risk. Upon opening it up, we can see the knowledge graph that describes exactly how it’s being deployed to production, along with all of the security issues (detected by Jit’s scanners) that reside in the repository.



Jit automatically tags each resource with these Priority Factors. We can also manually add a “Business Critical” tag to specific resources we need to secure – like those that handle sensitive data or require administrative access.

To do this, we can simply click on any given resource and edit the Risk Score, which provides the option to tag a resource as Business Critical. 



If we go back to the Resources page, we can click on the “Business Critical” box to bring up all of the resources we tagged, so we can quickly dive into security issues residing in our most sensitive services.

Want to try it yourself? If you’re a Context Engine user, simply navigate to the “Risks” item in the left menu and hit “Resources” to see an inventory of your resources broken down by priority factor. If you’re not yet a Context Engine user (currently only available for AWS or GCP users), reach out to us and we’ll open it for your account!