Pricing

Scan your codebase for existing vulnerabilities like SQL Injections and Path Traversals in your custom code, while implementing continuous scanning for every code change to prevent new issues from reaching production. Learn more here.

Scan your codebase for vulnerabilities in your open source components and dependencies, while implementing continuous scanning for every code change to prevent vulnerable open source from reaching production. Learn more here.

Scan your codebase for hardcoded secrets like passwords, API keys, and AWS tokens, while implementing continuous scanning for every code change to prevent new hardcoded secrets from reaching production. Learn more here.

Scan your codebase for cloud misconfigurations like weak encryption or open S3 buckets in your IaC, while implementing continuous scanning for every code change to prevent new infrastructure security issues from reaching production. Learn more here.

Scan your codebase for open source vulnerabilities and misconfigurations in your Dockerfiles, while implementing continuous scanning for every code change to prevent new issues from reaching production. Learn more here.

Continuously scan your CI/CD pipeline for security misconfigurations that could allow unauthorized changes to the codebase and other malicious activity. 
Learn more here.

Scan your codebase for open source license violations, such as GPL or other copyleft licenses. Implement continuous scanning for every code change so developers can catch copyleft-licensed open source before production. Learn more here.

Continuously scan your codebase to maintain an up-to-date SBOM that shows all open source components and their associated license, location, and version.
Learn more here.

Integrate Jit with AWS, Azure, or GCP to periodically scan your cloud infrastructure in runtime. Check for cloud security misconfigurations like unencrypted 
databases with client connections and EC2 AMIs set to ‘public’. Learn more here.

Use Jit’s ZAP configuration wizard to simplify DAST deployment. Automatically run periodic scans to surface vulnerabilities within your web apps and APIs in runtime. Learn more here.

Need additional coverage? Rather than implementing and managing a new tool yourself, Jit can easily orchestrate new security controls (including open source, commercial, and cloud-native tools) to unify the UX and execution of your entire product security stack. Learn more here.

Monitor performance and compliance metrics like unresolved vulnerabilities in production, developer adoption of security process, and MTTR. Get a single overview of your security coverage across apps and cloud infrastructure. Learn more here.

Security Plans package the toolsets, integrations, and processes needed to work toward a specific business objective. The Minimal Viable Security Plan 
covers the key product security bases with minimal effort, including SAST, SCA, IaC scanning, K8s scanning, and CI/CD Security. Learn more here.

Security Plans package the toolsets, integrations, processes, and reporting needed to work toward a specific business objective. Premium Security Plans include
 the SOC2 Plan, the Cloud Security Plan, the Maximum Viable Security Plan, and many more. See all Security Plans here.

Security Plans package the toolsets, integrations, processes, and reporting needed to work toward a specific business objective. If we don’t cover one of your business 
objectives, we’ll build a plan for you with Custom Security Plans.

Jit Teams provides a portal for Development Team Leads to own the security of their services. With full visibility into their security posture, Development 
Team Leads can monitor progress, highlight gaps, and benchmark their security posture against other teams in the organization with a leaderboard.

Jit scans your entire codebase and enables continuous scanning for every code change. Scan all the GitHub repos and GitLab projects you need at no extra cost.

Scan your AWS, Azure, or GCP infrastructure periodically or after every deployment. Scan as many times as needed at no extra cost.

For Growth and Enterprise Accounts, automatically scan your apps or cloud infrastructure in runtime after every deployment to catch vulnerabilities 
that fell through the cracks.

For Growth and Enterprise Accounts, scan your web apps as many times as needed with Jit’s Dynamic Application Security Testing (DAST).

For Growth and Enterprise Accounts, scan your web apps as many times as needed with Jit's Dynamic Application Security Testing (DAST).

For Growth and Enterprise Accounts, Jit supports scanning for an unlimited amount of web apps at no extra cost.

After surfacing a code or cloud security finding, Jit provides suggested code fixes to automatically remediate the issue, so that developers don’t 
need to be security experts to make a fix quickly. All remediations have been tested by Jit to confirm issue resolution. Learn more here.

Context Engine prioritizes the top security risks while weeding out noisy alerts. By building a knowledge graph of your code pipeline and cloud environment, 
Context Engine can determine the runtime context of each security issue, such as whether it is in production, is exposed to the internet, or is connected to a 
sensitive database (among other prioritization factors). Learn more here.

Jit’s Backlog provides a unified view of all unresolved vulnerabilities, which includes information like the vulnerability’s location, severity, owner, runtime context, security control, and other data, which can be monitored on dashboards. Each issue can be triaged in systems like Slack and Jira. Learn more here.

Jit’s Actions page consolidates and deduplicates vulnerabilities, while providing fixes that can resolve issues in bulk with a single code change. Learn more here.

Integrate Jit with your GitLab environment to enable one-click activation for Jit’s code security controls. This will scan all selected projects, 
while implementing continuous scanning for every code change. Jit’s unique GitLab integration makes it exceptionally easy for developers to resolve issues before production, because they never need to leave their environment to gather the context and remediation guidance needed to make a fix.

Jit provides immediate feedback on code security within VS Code, so that developers never need to leave their environment to surface and resolve vulnerabilities before production. Configure Jit to scan code with pre-commit hooks, or run scans on demand. Learn more here.

For Growth and Enterprise customers, triage security alerts to the relevant developer with automated workflows to your ticketing and collaboration system. See instructions to set up Jira, Slack, and Linear.

For Growth and Enterprise customers, integrate Jit with your cloud provider to automatically scan your cloud infrastructure for vulnerabilities. See instructions to integrate with AWS, Azure, and GCP.

For Enterprise customers, reach out so we can enable SSO for your Jit account.

For Enterprise customers, segregate users by account to limit access to sensitive information.

For Growth and Enterprise customers, track user activity within Jit with audit logs.

For Growth and Enterprise customers, run Jit on self-hosted GitHub runners to keep Jit running on your infrastructure. Learn more here.

For Growth and Enterprise customers, use webhooks to create automated workflows with third-party apps.

We’re here if you need our help with developer trainings, technical issues, or for any other reason :)

Our rockstar DevOps team keeps Jit running, so you can stay on top of your product security.