Pricing
Too many security scanners?
Jit provides full coverage for app + cloud security, at a flat rate per developer.
Jit provides full coverage for app + cloud security, at a flat rate per developer.
Compare our plans
Community
Growth
Enterprise
Supported Security Scanners
Static Application Security Testing (SAST)
Scan your codebase for existing vulnerabilities like SQL Injections and Path Traversals in your custom code, while implementing continuous scanning for every code change to prevent new issues from reaching production. Learn more here.
Software Composition Analysis (SCA)
Scan your codebase for vulnerabilities in your open source components and dependencies, while implementing continuous scanning for every code change to prevent vulnerable open source from reaching production. Learn more here.
Secrets Detection
Scan your codebase for hardcoded secrets like passwords, API keys, and AWS tokens, while implementing continuous scanning for every code change to prevent new hardcoded secrets from reaching production. Learn more here.
IaC Security Scanning
Scan your codebase for cloud misconfigurations like weak encryption or open S3 buckets in your IaC, while implementing continuous scanning for every code change to prevent new infrastructure security issues from reaching production. Learn more here.
Dockerfile Scanning
Scan your codebase for open source vulnerabilities and misconfigurations in your Dockerfiles, while implementing continuous scanning for every code change to prevent new issues from reaching production. Learn more here.
CI/CD Security Check
Continuously scan your CI/CD pipeline for security misconfigurations that could allow unauthorized changes to the codebase and other malicious activity.
Learn more here.
Open Source License Detection
Scan your codebase for open source license violations, such as GPL or other copyleft licenses. Implement continuous scanning for every code change so developers can catch copyleft-licensed open source before production. Learn more here.
Software Bill of Materials (SBOM)
Continuously scan your codebase to maintain an up-to-date SBOM that shows all open source components and their associated license, location, and version.
Learn more here.
Cloud Security Posture Management (CSPM)
Integrate Jit with AWS, Azure, or GCP to periodically scan your cloud infrastructure in runtime. Check for cloud security misconfigurations like unencrypted
databases with client connections and EC2 AMIs set to ‘public’. Learn more here.
Dynamic Application Security Testing (DAST)
Priced separately
Use Jit’s ZAP configuration wizard to simplify DAST deployment. Automatically run periodic scans to surface vulnerabilities within your web apps and APIs in runtime. Learn more here.
Add Your Own Security Scanners
Open Orchestration
Need additional coverage? Rather than implementing and managing a new tool yourself, Jit can easily orchestrate new security controls (including open source, commercial, and cloud-native tools) to unify the UX and execution of your entire product security stack. Learn more here.
Security Plans
Minimum Viable Security Plan
Security Plans package the toolsets, integrations, and processes needed to work toward a specific business objective. The Minimal Viable Security Plan
covers the key product security bases with minimal effort, including SAST, SCA, IaC scanning, K8s scanning, and CI/CD Security. Learn more here.
Premium Security Plans
Security Plans package the toolsets, integrations, processes, and reporting needed to work toward a specific business objective. Premium Security Plans include
the SOC2 Plan, the Cloud Security Plan, the Maximum Viable Security Plan, and many more. See all Security Plans here.
Custom Security Plans
Security Plans package the toolsets, integrations, processes, and reporting needed to work toward a specific business objective. If we don’t cover one of your business
objectives, we’ll build a plan for you with Custom Security Plans.
Monitoring and Reporting
Org-wide Security Monitoring Dashboards
Monitor performance and compliance metrics like unresolved vulnerabilities in production, developer adoption of security process, and MTTR. Get a single overview of your security coverage across apps and cloud infrastructure. Learn more here.
Jit Teams: Monitoring for each Dev Team
Jit Teams provides a portal for Development Team Leads to own the security of their services. With full visibility into their security posture, Development
Team Leads can monitor progress, highlight gaps, and benchmark their security posture against other teams in the organization with a leaderboard. Learn more here
Security Pipeline Monitoring
Confirm that Jit is running security scans periodically and/or for each code change. Learn more.
Export Security Reports (CSV)
Quickly export all security findings, coverage metrics, and performance metrics as a CVS for reporting.
Code & Cloud Scanning Capabilities
Code Scanning Limits
Unlimited
Unlimited
Unlimited
Jit scans your entire codebase and enables continuous scanning for every code change. Scan all the GitHub repos and GitLab projects you need at no extra cost.
Cloud Scanning Limits
Unlimited
Unlimited
Unlimited
Scan your AWS, Azure, or GCP infrastructure periodically or after every deployment. Scan as many times as needed at no extra cost.
Deployment Based Scanning
Unlimited
Unlimited
For Growth and Enterprise Accounts, automatically scan your apps or cloud infrastructure in runtime after every deployment to catch vulnerabilities
that fell through the cracks.
Web App Scanning Limits
Unlimited
Unlimited
For Growth and Enterprise Accounts, scan your web apps as many times as needed with Jit’s Dynamic Application Security Testing (DAST).
API Scanning Limits
Unlimited
Unlimited
For Growth and Enterprise Accounts, scan your web apps as many times as needed with Jit's Dynamic Application Security Testing (DAST).
Number of Supported Web Apps
Unlimited
Unlimited
For Growth and Enterprise Accounts, Jit supports scanning for an unlimited amount of web apps at no extra cost.
Prioritization & Remediation
Auto Remediations
Up to 15 a month
Unlimited
Unlimited
After surfacing a code or cloud security finding, Jit provides suggested code fixes to automatically remediate the issue, so that developers don’t
need to be security experts to make a fix quickly. All remediations have been tested by Jit to confirm issue resolution. Learn more here.
Smart Prioritization with Context Engine
Context Engine prioritizes the top security risks while weeding out noisy alerts. By building a knowledge graph of your code pipeline and cloud environment,
Context Engine can determine the runtime context of each security issue, such as whether it is in production, is exposed to the internet, or is connected to a
sensitive database (among other prioritization factors). Learn more here.
Vulnerability Management
Jit’s Backlog provides a unified view of all unresolved vulnerabilities, which includes information like the vulnerability’s location, severity, owner, runtime context, security control, and other data, which can be monitored on dashboards. Each issue can be triaged in systems like Slack and Jira. Learn more here.
Bulk Remediation with Actions
Jit’s Actions page consolidates and deduplicates vulnerabilities, while providing fixes that can resolve issues in bulk with a single code change. Learn more here.
Classify and Prioritize App Resources
Jit automatically discovers and classifies resources by factors like “Production”, “Externally Accessible”, and “Database integration”. Resources can also be manually tagged by microservice, application, business unit, and more. Learn more.
Intergrations
Source Code Manager
(GitHub & GitLab)
Integrate Jit with your GitLab environment to enable one-click activation for Jit’s code security controls. This will scan all selected projects,
while implementing continuous scanning for every code change. Jit’s unique GitLab integration makes it exceptionally easy for developers to resolve issues before production, because they never need to leave their environment to gather the context and remediation guidance needed to make a fix.
IDE (VS Code with more to come)
Jit provides immediate feedback on code security within VS Code, so that developers never need to leave their environment to surface and resolve vulnerabilities before production. Configure Jit to scan code with pre-commit hooks, or run scans on demand. Learn more here.
Ticketing & Triage (Slack, Jira, Shortcut, Linear)
Enterprise Features
SSO (SAML)
For Enterprise customers, reach out so we can enable SSO for your Jit account.
Role Based Access
For Enterprise customers, segregate users by account to limit access to sensitive information.
Audit Logs
For Growth and Enterprise customers, track user activity within Jit with audit logs.
Self Hosted Runners
For Growth and Enterprise customers, run Jit on self-hosted GitHub runners to keep Jit running on your infrastructure. Learn more here.
Webhook Support
For Growth and Enterprise customers, use webhooks to create automated workflows with third-party apps.
Support
Next Business Day
24/5
24/7
We’re here if you need our help with developer trainings, technical issues, or for any other reason :)
SLA - Uptime
99.5
99.5
Our rockstar DevOps team keeps Jit running, so you can stay on top of your product security.