Automatically discover, classify, and prioritize app resources with Jit Tags!

Learn more

Integrations

Embed continuous security scanning and remediation into your existing toolsets, code commit flows, and deployments.
Start free

Source Code Managers and IDEs

Jit’s unique integrations with Source Code Managers and IDEs enable self-service security for developers. Don’t see what you’re looking for? Contact us.

GitHub
(Github.com)

Scan your entire GitHub codebase, while implementing continuous scanning for every pull request.
Learn more

GitLab
(GitLab.com)

Scan your entire GitLab codebase, while implementing continuous scanning for every merge request.
Learn more

Visual Studio Code

Resolve security issues as you write code with continuous scanning and pre-commit hooks.
Learn more

Cloud Providers

Scan cloud environments in runtime for infrastructure misconfigurations. See the runtime context for every code and cloud vulnerability to prioritize the risks that really matter.

Amazon Web Services

Scan EC2, RDS, S3 instances, and many other services for security misconfigurations.
Learn more

Azure

Scan Defender, IAM, storage instances, and many other services for security misconfigurations.
Learn more

Google Cloud Platform

Scan compute, BigQuery, CloudSQL instances, and many other services for security misconfigurations.
Learn more

Ticketing Systems

Push Jit alerts to your notification endpoints to triage issues. Set policies to focus on the alerts that really matter, while weeding out the noise. Don’t see what you’re looking for? Contact us.

Security Tools

Set up integrations with your existing security tools to consolidate findings and expand Jit's capabilities. Don’t see what you’re looking for? Contact us.

Wiz

Push Jit findings into Wiz, or vice versa. Enhance Jit’s prioritization with runtime context from Wiz.
Learn more

Drata

Easily fulfill SOC2 product security requirements and upload evidence to Drata.
Learn more

Semgrep Pro

Consolidate findings from Semgrep Pro to prioritize all your product security issues in one place.
Learn more

Integrate any scanner into Jit’s extensible orchestration framework

Under the hood, Jit leverages leading open source security scanners to surface vulnerabilities, which can be deployed out-of-the-box. Or, plug your favorite scanners into Jit’s open orchestration framework to unify the UX and execution of your product security tools.
Learn more about Jit’s flexible orchestration
Application Security
Cloud Security
CI/CD Security
SAST
Secret
Detection
CA + OSS License Check
Container Scanning
SBOM
DAST
IaC Scanner
CSPM
GitHub Misconfig Scanner
Semgrep

Semgrep provides lightweight static analysis security testing (SAST) for many languages. Compare Semgrep SAST results with other popular SAST tools. Jit adds our own rules to Semgrep to cover additional findings.

Gitleaks

Use Gitleaks to surface hard-coded secrets that can be exploited by attackers to gain unauthorized access to the password-protected asset.

OSV-Scanner

Use OSV-Scanner (by Google) to find existing vulnerabilities affecting your project’s dependencies. The tool uses the data provided by https://osv.dev. Support Python and PHP.

Trivy

Use Trivy (by Aqua Security) to scan for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues.

syft

Generate a Software Bill of Materials with Syft to quickly see dependencies in use.

ZAP

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. Use ZAP to run dynamic tests against web apps and APIs to surface a huge list of vulnerabilities.

KICS

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

Prowler

Prowler is an spen source tool to perform AWS security best practices assessments, audits, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

Legitify

Legitify makes it east to detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets.

Gosec

Gosec provides static application security testing (SAST) for code written in Go.

Add Your
Own
Add Your
Own
Trufflehog

Use Trufflehog to surface hard-coded secrets that can be exploited by attackers to gain unauthorized access to the password-protected asset. Trufflehog can determine whether an hard-coded secret will be exposed in production.

Npm-Audit

Surface known vulnerabilities in open source components written in Javascript or Typescript. NPM-audit is powered by the GitHub Advisory Database.

Kubescape

Kubescape (by Armo) provides vulnerability and misconfiguration scanning for IaC files being deployed to Kubernetes.

Chain-bench

Chain-bench by Aqua anaalyzes your software supply chain against new CIS Benchmarks.

BP-checker

Jit BP-checker verifies the GitHub Branch Protection is properly configured.

Add Your
Own
Add Your
Own
Add Your
Own
Add Your
Own
Add Your
Own
Add Your
Own
Add Your
Own

Still Exploring?

Dive deeper into how Jit can simplify security for developers and unify code-to-cloud security scanning in one place.
Start Free