Legit Security

Did you catch Legit Wrapped 2024? Get a sampling of Legit’s top achievements below. And there’s a legit playlist in the comments! 😀 #LegitSecurity #ASPM #cybersecurity #ApplicationSecurity

Announcing Legit Secrets Detection & Prevention 2.0! Most secrets scanners leave teams with too many findings, no way to prioritize, no way to prevent more exposure, and limited coverage. Enter Legit Secrets Detection & Prevention 2.0, which gives you: ✔️ One clear dashboard offering all secrets activity at a glance ✔️ Secrets detection well beyond source code, including personal GitHub repos ✔️ AI-powered secrets detection that delivers highly accurate results ✔️ A secrets CLI that provides extensive prevention capabilities  See link to blog post in comments to get details on the new capabilities. #LegitSecurity #secretscanning #ASPM #GitHub

Tomorrow! Don't miss the unveiling off our new secrets capabilities. Join us tomorrow -- 12pm ET on December 19th -- to see the future of secrets detection and prevention, including: • A dashboard to see all secrets activities in one place • Ways to prevent secrets exposure • The ability to find more secrets in more places, including personal GitHub repos Register here: https://hubs.li/Q02_Q-2-0 #secretscanning #ASPM #LegitSecurity

Cybersecurity planning for 2025? Here’s a good place to start. We analyzed a *lot* of software factories in 2024, and these 6 risks always bubbled up to the top. 1.        Exposed secrets 2.        Unknown build assets 3.        Misconfiguration of build assets 4.        Developer permissions sprawl 5.        Missing AI guardrails 6.        IaC misconfigurations Get details on the risks we find, and what we recommend to prevent them, in our new guide, The Top 6 Unknown SDLC Risks Legit Uncovers. Scroll through the guide below, or download it with link in comments. #ASPM #secretscanning #cybersecurity #softwaresupplychainsecurity #LegitSecurity #GenAI #IaC

We recently surveyed 400 security professionals and software developers to find out: 1️⃣ How they are using GenAI in software development 2️⃣ The concerns and challenges surrounding its use 3️⃣ How it will shape the future of software development One stat that stood out: ✔️80% have security concerns about over-reliance on GenAI to develop software. Get link to blog post with more survey highlights in comments ... #GenAI #ASPM #LegitSecurity  

Misconfigured build assets is one of the most common SDLC risks the Legit platform uncovers. How do you prevent this risk? • Branch protection • Continual monitoring • Enforcing authentication • Expiring keys • Limiting permissions • Not executing third-party resources before verification • Avoiding unsafe cross-workflow actions Get more details from Legit Senior Technical Account Manager Amanda Alvarez in the clip below. #ASPM #LegitSecurity

Need better secrets scanning? Need a better foundation for your AppSec program? Need both? Get clarity on Legit's capabilities in our new short datasheet: https://hubs.li/Q02-D8_x0 #LegitSecurity #ASPM #secretscanning

We published research recently highlighting the insecurity of GitHub Actions. What can you do to reduce the risk? Our recommendations include: When choosing GitHub Actions from the marketplace, select Actions that: Are from verified owners Are popular Are active and maintained Have high security scorecards Have more than one maintainer When writing GitHub Actions: Avoid using risky triggers Pin third-party actions to a specific commit sha Use hosted runners only in private repositories Limit token permissions to bare minimum When using GitHub Actions: Educate developers Enforce organization-wide configurations Scan GitHub and GitHub Actions for misconfigurations and vulnerabilities Hear more from Legit Security Researcher Noam Dotan below. #GitHub #LegitSecurity

Finding secrets is only half the battle. Without fixing exposed secrets and preventing new exposure, you are simply adding to an unwieldy mountain of security debt. Find out how to move beyond finding, and be the first to see our new secrets capabilities! Join us a week from today -- 12pm ET on December 19th -- to see the future of secrets detection and prevention, including: • A dashboard to see all secrets activities in one place • Ways to prevent secrets exposure • The ability to find more secrets in more places, including personal GitHub repos Register here: https://hubs.li/Q02-Xm0b0 #secretscanning #ASPM #LegitSecurity

What a way to celebrate a successful year! Such a thrill to see Legit on the trading floor of the iconic New York Stock Exchange ... We had a great time at the Cyberstarts holiday party -- we loved celebrating with all the other Cyberstarts portfolio companies. Thanks to all those who planned and organized such a wonderful event! On to 2025 ... #LegitSecurity #ASPM