TMCnet News

Legit Security's Open-Source Security Tool "Legitify" Adds Support for GitLab and GitHub Enterprise Server
[January 26, 2023]

Legit Security's Open-Source Security Tool "Legitify" Adds Support for GitLab and GitHub Enterprise Server


TEL AVIV, Israel, Jan. 26, 2023 (GLOBE NEWSWIRE) -- Legit Security, a cyber security company with an enterprise platform that protects an organization's software supply chain from attack and ensures secure application delivery, today announced that Legitify, the open-source security tool that it maintains in addition to its enterprise SaaS platform, has expanded support to include GitHub Enterprise Server and GitLab. Now security and software development teams can easily detect and remediate insecure configurations and vulnerabilities in these popular source-code management (SCM) systems in addition to GitHub.com. To download Legitify, please visit the Legit Security website.

Legitify is a source-code management (SCM) misconfiguration scanner that helps Security, DevOps and Development teams manage and enforce SCM configurations in a secure and scalable way. Legitify was developed to provide the open-source community with a security tool to prevent a very common source of software supply chain attacks by detecting and remediating vulnerabilities that originate in SCM misconfigurations.

After Legitify’s initial release in 2022, multiple requests were received by Legit Security to expand Legitify’s support to additional popular SCM products used by enterpriseorganizations. GitHub Enterprise Server and GitLab Server are two of the most popular on-premise SCM systems used globally today. Insecure configurations in these SCM systems and others have opened the door to multiple cyberattacks, data breaches, and exploits that have made headline news. Legitify is designed to identify and address insecure SCM configurations in real-time, ensuring that both cloud and on-premise SCM implementations are secure and compliant. Legitify can also be scheduled to run periodically to validate secure configurations continuously.



In addition to broader SCM support, Legitify’s latest release also includes other new features including:

  • Dozens of new SCM security policies that have been added, including a new security policy category called “Runner Groups”, that can detect misconfigurations in GitHub’s runner groups. You can browse all of Legitify’s security policies at legitify.dev.
  • A new GitHub action that can be used to run Legitify as part of the organization’s CI/CD pipeline, allowing users to gain continuous protection and receive immediate alerts when a new misconfiguration is detected.
  • To enhance the software supply chain security of Legitify's users, every Legitify release now contains a SLSA Level 3 Provenance attestation that can be used to verify the authenticity of the tool.

“We encounter security incidents on a weekly basis with prospective customers that involve pipeline manipulation, code theft and sensitive data exposure – many of which result from bad SCM configurations,” said Liav Caspi, CTO and co-founder of Legit Security. “We see a huge demand for an open-source tool like Legitify to quickly verify the secure configuration of SCM resources. Our mission with Legitify is to provide an extremely useful open-source security tool to complement our more capable and commercially available Legit Security Platform. We plan to have many more exciting capabilities released in Legitify over time.”


Legitify’s capabilities represent a subset of the broader security capabilities available on the enterprise-grade Legit Security Platform. The Legit Security Platform goes well beyond SCM misconfigurations by securing entire software supply chain environments inclusive of other development assets, build servers, artifact registries, code-to-cloud development pipelines and more. Additional information on the Legit Security Platform can be found on the company’s website: https://www.legitsecurity.com.

Legit Security

Legit Security protects an organization's software supply chain from attack and ensures secure application delivery, governance and risk management from code to cloud. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments, and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.


Media Contact
Tony Keller
[email protected]

Primary Logo


[ Back To TMCnet.com's Homepage ]