Jit

Jit is a developer-first ASPM platform with AI Agents that automate security workflows across code scanning, cloud security, and compliance.

The platform bundles native scanners (SAST, SCA, secrets, IaC, CSPM) with pre-built Security Plans mapped to compliance frameworks.

Claims 70,000+ engineering and security hours saved through automation, with 2,500+ agents deployed across customer environments.

What is Jit?

Jit is an ASPM platform designed for development teams that want comprehensive security scanning without assembling a complex multi-vendor toolchain.

Unlike aggregation-focused ASPM platforms that require you to bring your own scanners, Jit includes native SAST, SCA, secrets detection, IaC scanning, and container security capabilities.

The platform organizes security controls into Security Plans, pre-configured packages that map to specific compliance requirements or security goals.

Select a SOC 2 plan, and Jit enables the controls and scanners needed for compliance.

This approach removes guesswork about which security checks matter for your compliance obligations.

Jit targets product-led companies where developers own security outcomes.

The platform integrates into developer workflows with minimal friction, providing findings in pull requests and offering AI-powered remediation to accelerate fixes.

Key Features

Built-in Security Scanners

Jit provides native scanning capabilities across security domains:

SAST (Static Application Security Testing)

• Supports JavaScript, TypeScript, Python, Go, Java, Ruby, PHP
• Semantic analysis for reduced false positives
• Custom rule creation
• Incremental scanning for fast PR feedback

SCA (Software Composition Analysis)

• Dependency vulnerability detection
• Transitive dependency analysis
• License compliance checking
• Reachability analysis to filter noise

Secrets Detection

• Pre-commit and CI/CD scanning
• 100+ secret patterns (API keys, tokens, certificates)
• Historical scanning of git history
• Custom pattern support

IaC Security

• Terraform, CloudFormation, Kubernetes manifests
• Pulumi and Helm charts
• CIS and custom policy enforcement
• Drift detection

Container Security

• Docker image scanning
• Base image vulnerability assessment
• Container configuration analysis

Security Plans

Security Plans bundle controls for specific objectives:

SOC 2 Plan

• Access control validation
• Encryption verification
• Logging and monitoring checks
• Change management evidence

Minimum Viable Security Plan

• Essential vulnerability scanning
• Secrets detection
• Dependency analysis
• Suitable for early-stage startups

Custom Plans

• Build plans from individual controls
• Map to internal security policies
• Extend built-in plans with additional checks

AI-Powered Remediation

Jit’s AI agents accelerate vulnerability remediation:

• Generates fix suggestions in context of your codebase
• Creates pull requests with proposed fixes
• Explains vulnerabilities in developer-friendly language
• Learns from accepted fixes to improve suggestions

Wiz Integration

The October 2025 Wiz integration connects code findings with cloud runtime:

• Correlate code vulnerabilities with production exposure
• Prioritize based on actual attack surface
• Trace runtime issues back to responsible code
• Unified view of code and cloud security posture

Installation and Setup

Quick Start

1. Sign up at jit.io (free tier available)
2. Connect GitHub, GitLab, or Bitbucket
3. Select a Security Plan
4. Jit automatically scans and reports findings

GitHub App Integration

1. Navigate to jit.io/integrations
2. Click "Connect GitHub"
3. Authorize the Jit GitHub App
4. Select repositories to protect
5. Choose a Security Plan
6. Jit begins scanning on next commit

CI/CD Integration

GitHub Actions:

name: Jit Security Scan
on:
  pull_request:
    types: [opened, synchronize]
  push:
    branches: [main]

jobs:
  jit-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Run Jit Security Scan
        uses: jitsecurity/jit-github-action@v1
        with:
          api_key: ${{ secrets.JIT_API_KEY }}
          security_plan: soc2
          fail_on_severity: high

GitLab CI:

jit-scan:
  stage: test
  image: jitsecurity/scanner:latest
  script:
    - jit scan --api-key $JIT_API_KEY
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  artifacts:
    reports:
      sast: jit-results.json

CLI Usage

# Install Jit CLI
npm install -g @jitsecurity/cli

# Authenticate
jit auth login

# List available security plans
jit plans list

# Scan with specific plan
jit scan --plan soc2

# Scan specific checks only
jit scan --sast --secrets

# Generate compliance report
jit report compliance --plan soc2 --format pdf

When to Use Jit

Jit works well for development teams seeking integrated security with compliance mapping.

Consider Jit when:

• Developers own security without dedicated AppSec staff to manage complex toolchains
• Compliance is a priority and pre-built Security Plans accelerate SOC 2 or similar certifications
• Preferring integrated scanners over assembling and maintaining multiple third-party tools
• Budget-conscious with need for a functional free tier to get started
• Using Wiz for cloud security and wanting code-to-cloud correlation
• Seeking AI remediation to accelerate developer fix times

Jit may not be ideal for:

• Organizations with large existing investments in security tools they want to aggregate
• Teams requiring the deepest possible analysis in any single domain (specialized vendors may go deeper)
• Enterprises needing extensive customization beyond what Security Plans provide

For product-led companies building cloud-native applications, Jit offers a streamlined path to comprehensive security with compliance baked in.