How can AppSec teams empower development orgs to deliver more secure code? We asked 150 developers.

Read the survey report

Login Start Free Book a Demo

The born-left product security blog

Jit's blogs contains guides to implement the best product security tools, how to build security into your development culture, and best practices for understanding and mitigating product security risk.

All Velocity Security DevOps

Featured

Announcing Context Engine: Focus on the alerts that matter

Today, I’m delighted to announce the release of Jit’s Context Engine, which uses the runtime context of vulnerabilities to automatically prioritize the top security risks in our cu

June 10, 2024

a purple background with a pink and green megaphone and the words announcing a content preview image

a pink and white cat sitting on top of a cloud

March 20, 2025

Introducing Jit’s Seamless Integration with the Checkmarx One SAST Solution Balancing security and developer experience has always been a challenge. On one hand, teams need best-of-breed security scanners to minimize false positives and surface the most critical vulnerabiliti

a clipboard with a magnifying glass next to it

March 18, 2025

Announcing Jit's Customizable SAST Rulesets: Detect Security Issues Unique to Your Environment We’re excited to announce Jit's Customizable SAST Rulesets, a powerful new feature that allows AppSec and DevOps teams to create and manage custom Semgrep rules tailored to their specific security nee

the 8 best practices when using aws security groups

December 3, 2024

8 Best Practices When Using AWS Security Groups Are you concerned about the security of your AWS environment? With over 73% of businesses having at least one critical security misconfiguration, it's essential to take proactive measures to protect y

a purple background with an image of a bag and the words breaking down jits

November 14, 2024

Breaking Down Jit’s New Approach to ASPM Application Security Posture Management (ASPM) emerged to address gaps in traditional application and cloud security scanners – like SAST, SCA, secrets detection, IaC scanning, CSPM, and many others –

a white paper with the words focusing on the why

September 17, 2024

Focusing on the WHY: Jit Enables Developers to Understand the Runtime Context for Security Issues While code and cloud security scanners are great at identifying code flaws and cloud misconfigurations, they can bombard developers with long lists of potential security “issues” – many of which don’t

a diagram with the words playing around with aws - vault for fun and profits

July 29, 2024

Playing Around with AWS-Vault for Fun & Profit AWS Vault is an open-source tool by 99Designs that enables developers to store AWS credentials in their machine keystore securely. After using it for a while at Jit, I decided to dig deeper into how i

Lessons Learned About Secrets Protection After the Sisense Breach

May 21, 2024

Lessons Learned About Secrets Protection After the Sisense Breach Sisense is a popular monitoring tool that enables users to monitor business metrics from multiple third-party sources in a single dashboard. On April 10, the company informed customers that the sensit

a purple background with a check box and a purple background with a check box and

April 24, 2024

Vulnerability Assessments vs. Penetration Testing: Key Differences Vulnerability Assessments vs. Penetration Testing: Key Differences In the race for technological innovation, companies often sprint toward product launches but find themselves in a marathon when fixin

Unzipping the XZ Backdoor and Its Lessons for Open Source

April 18, 2024

Unzipping the XZ Backdoor and Its Lessons for Open Source Originally posted on The New Stack. By now, you have probably heard about the recently discovered backdoor into versions 5.6.0 and 5.6.1 of the tarballs of the xz utilities, a popular compression/deco