Legit Security delivers automated security reviews for AppSec and development teams
Legit Security announced enhanced capabilities for significant code change and workflow orchestration within its platform.
These capabilities provide insight into changes in code, configuration, or infrastructure that can impact an application’s security or compliance posture. With visibility into where everyday code changes are occurring and the appropriate workflows to resolve them, AppSec and development teams can overcome the challenges of disconnected tool sprawl, duplicate alerts, remediation without context, and hidden or unnoticed code.
Detecting, documenting, and addressing code changes is a security requirement due to high-impact, high-volume changes taking place within code, pipelines, dependencies, and policies.
However, this requirement is often hampered by a lack of visibility due to the use of multiple tools and no consolidated view of the software development life cycle (SDLC). These roadblocks cause delays in reviewing, analyzing and actioning significant code change requests. In addition, without the right context, teams may needlessly act on code changes that don’t have a significant security impact or ignore those that do.
“As DevOps teams build and scale projects with open-source code and proprietary libraries, strong security requires deep detection and analysis of the current environment and significant code changes, as well as clear workflows that ensure issues are remediated,” says Liav Caspi, CTO at Legit. “With this update, customers will get insights on numerous change types to determine what should be fixed and then take action against the code changes that require the most attention. This clarity helps developers focus on actual risks to the organization while reducing any development lag.”
Legit’s significant code change and advanced workflow features enhance context within ASPM by adding detailed change detection information, including change type, security impact level, commit ID/data, committer, review status, assignee, source, tags, repository, entity, and action type. Contextual, granular workflows enforce the organization’s security policy enforcement across the SDLC, and teams can block changes based on lack of guardrails, low Legit Score, material change, business impact, or deployment environment.