For a more secure software supply chain, open source “Legitify” Automatically Discovers GitHub Vulnerabilities.
Legitify, an open source security tool to secure GitHub implementations, was just announced by Legit Security, a cyber security company with an enterprise platform to secure an organization’s software supply chain. Security teams and DevOps engineers can monitor and enforce their GitHub configurations in a secure and scalable manner with the aid of Legitify, a GitHub misconfiguration checker. With support for Windows, Mac, and Linux, Legitify is a cross-platform security solution that offers only a small portion of the features offered by the larger Legit Security platform. You may find more details on Legitify, as well as product documentation and downloads, at this link.
Software developers all across the world utilise GitHub, a very well-liked Source Code Management (SCM) solution at the centre of many enterprises’ software supply chains. However, because GitHub is a complicated product, managers may fail to notice incorrect configurations and insecure default settings, which can lead to security flaws that jeopardise an organization’s software supply chain.
Due to the distinct configurations and protections necessary for each repository, ensuring security across big GitHub installations was challenging and time-consuming prior to the advent of open-source Legitify. It took a lot of manual work and was prone to error for a large GitHub group to consistently enforce security.
These issues are addressed by Legitify, which makes it possible for businesses to securely and effectively:
- Use the command line to scan GitHub implementations for various security flaws related to GitHub configurations and settings. Legitify can be used to examine a single GitHub repository or a whole GitHub organisation.
- Utilize an access token to quickly connect to GitHub and find problems with the member, repository, activities, and organisation resource types. In order to scan a complete GitHub organisation across all resource types or a specific repository and/or resource type, use Legitify.
- Find security flaws and list them alphabetically by their name, along with a succinct description and a classification of severity. In addition to the entityID of the violation, remediation steps are also given.
- Integrate with OSSF Scorecard so that you may use the Security Scorecard framework to evaluate the security posture within Legitify while using Scorecard.
Along with Legitify, Legit Security has given back to the online security community by responsibly disclosing more GitHub flaws found by its in-house security research team. The blog of Legit Security is located at https://www.legitsecurity.com/blog, where you may find these disclosures. Legit Security also participates actively in groups like OpenSSL and the Linux Foundation, where it helps to advance the security of the software supply chain and safe software development in general.
The capabilities of Legitify are a minor portion of the larger security features offered by the Legit Security platform. The Legit Security platform secures the entire software supply chain environments, including other SCMs, build servers, artefact registries, end-to-end development pipelines, and more, going well beyond GitHub security. You may learn more about the Legit Security platform by visiting the business’ website at https://www.legitsecurity.com.