Additional Info

Company size (employees)50 to 99
Headquarters RegionNorth America


Legit Security is a Software Supply Chain Security company that protects an organization’s software supply chain from attack and ensures secure application delivery, governance and risk management from code to cloud through its Legit Security platform and the open-source tool Legitify.

The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments, allowing security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.
Legitify is an open-source security tool for GitHub and GitLab users to automatically discover insecure configurations, help security teams and DevOps engineers manage and enforce SCM configurations in a secure and scalable way. The tool can scan specific GitHub/GitLab instances, an entire GitHub org or GitLab group across resource types and automatically detects security issues and provides remediation steps.
Legit Security has also made strides across software supply chain cybersecurity, discovering multiple types of vulnerabilities and potential exploits within Github, which could jeopardize organizations SDLC and SCM systems. These exploits include GitHub Actions vulnerabilities, Environment Injections, DoS vulnerabilities in markdown libraries, and Rust poisoning attacks. By discovering these vulnerabilities, we’re not only raising awareness of the potential exposures Github and the community has, but we’ve also worked with Github to ensure that some of these vulnerabilities are addressed and fixed in subsequent updates.

How we are different

What's Different/Unique?
Our Legit Security platform is unique in at least three areas;

(1) The breadth and depth of our automated SLDC discovery and analysis capabilities. In minutes you can obtain a complete inventory of all your SDLC assets, dependencies, and pipeline flows including a visualization graph. Legit also auto-detects deployed security products such as SAST and SCA and their security coverage. No other platform is as comprehensive or fast.

(2) Hundreds of best practice software supply chain security policies can be enforced directly in our product. The platform scans development pipelines for gaps and leaks, the SDLC infrastructure and systems within those pipelines, and people and their security posture as they operate within it. This includes CI/CD pipeline security scanning, secret scanning with optional CLI, and threat discovery with ad-hoc queries into a graph database model of a company’s SDLC.

(3) Our Legitify open source tool and continued research into Github vulnerabilities are a testament of our commitment to software supply chain security and we're actively finding new ways to secure organizations SDLC and SCM systems in Github like no other organization by finding vulnerabilities and exposures.