Empower Development Teams to Own the Security of Their Services with Jit Teams

When it comes to securing applications in the cloud, the challenge isn’t detecting potential security issues. There are hundreds of application security tools and cloud security tools that are capable of surfacing code flaws and security misconfigurations that could lead to vulnerabilities. 

The real challenge is empowering development teams to adopt these tools to consistently improve the security posture of their services. 

While Jit’s unique developer UX makes it easy for developers to adopt continuous security testing and remediation into their daily routines, this is just part of the product security equation. To improve the security of their services, development teams still need to answer questions like:

• What is the current security posture of my services? Is it improving or getting worse?

• Which code repositories contain the most critical security risks? How do I resolve them?

• How secure are my services compared to the rest of the development organization?

Product security reporting is often siloed across different tools and platforms – making it difficult to answer these seemingly straightforward questions.

That’s why we built Jit Teams.

Jit Teams provides a dedicated security portal for each development team – providing visibility into their security posture over time, the most critical risks within the resources they own, and how their security posture compares to other development teams in their organization.

As a result, each development team has the visibility they need to own the security of their services.

What you can do with Jit Teams

To get started, go to the Jit app and hit the “Teams” item in the left menu. From here, click “Import Teams from JSON file”, open the suggested JSON template, and fill out your team structure. After uploading the JSON file, you’ll have a full view of the security posture for each team and their services.

Upon opening Jit Teams, you’ll see a high level overview of the security posture for every team based on security scores – which are based on the number of code and cloud security issues in the team’s services, and the actual risk they introduce (more on that later).

This also helps development teams understand how they’re doing compared to other teams in the organization.



We can click on a specific team to get more granular insights into their security posture. 

This view includes information that answers essential questions about the security posture of their services:

• Which of my resources contain the most serious security risks? Developers can quickly see the security score for each resource their team owns (right side of screenshot below).

• What are the most critical security risks across all my services? By hitting “Top Findings”, developers can see a list of all security issues in their services – prioritized by the risk they introduce. We’ll dive deeper here in a moment (left side of screenshot below).

• Is the security posture of my services improving or getting worse? Developers can view how their overall security score has changed over time (left side of screenshot below).

• Is my team using Jit to resolve security issues before production? Development team leads can see the number of issues resolved pre production vs the total number of outstanding issues (left side of screenshot below).



By clicking into one of the resources, we can view the security findings grouped by the Jit scanner that detected them. 

Below, we can see that most of the issues were detected by Jit’s Software Composition Analysis (SCA) scanner, which identifies potential vulnerabilities in open source components.



We can see the security issues themselves by clicking on one of the security vulnerability groups. After clicking on the SCA group, we can view all of the open source security issues in this repository – ranked by Priority Score.



The Priority Score ranks issues by the actual risk they introduce. Rather than looking at “severity” alone (critical, high, medium, low), Jit’s Context Engine determines the runtime context of each issue to determine its true risk – like whether it is exposed to the internet, deployed to a production environment, or calls a database.

This makes it easy to cut through the noise and focus on the real risks.

By clicking into the issue itself, we can see how it is deployed. In the case below, the issue resides in a repository that is deployed to production, calls a database, and is exposed to the internet – making it a top priority finding.



We can also see a full prioritized list of security issues across all of the development team’s resources by clicking on “Top Findings” in the team view. With a full consolidated view, development team leads can triage issues to efficiently reduce the top risks in their environment.

Lastly, to provoke friendly competition among development teams, Jit customers have the option to send Slack notifications of the “Leaderboard”, which shows the development teams with the highest security scores among the organization.



Try Jit Teams for yourself

Jit Teams is Generally Available. To try it yourself, simply hit “Teams” in the Jit app sidebar, upload the JSON of your team structure, and begin monitoring and investigating the security posture of each development team.

Don’t have a Jit account? You can get started for free.