We Just Reduced our Security Scan Times by 80%

The success of any application or cloud security initiative depends on developer buy-in, so they can fix vulnerabilities before arriving in production. So why can it be challenging to empower developers to secure their code early? 

The answer is simple: security is usually slow.

Developers are motivated to deliver innovative features faster than their competitors, so introducing new processes into the CI/CD pipeline that slow them down could understandably be met with resistance. 

For this reason, Jit is focused on providing near-immediate security feedback as developers code, and we’re happy to announce that we just reduced our scan times by 80%.

This allows our biggest group of users – developers – to get back to what they do best: coding.

How does Jit scan code so quickly?

Jit has always delivered uniquely fast scan times through iterative and optimized code analysis.

First, Jit only invokes the scanner relevant to the current code change. Unlike many other tools, Jit wouldn’t invoke Javascript SAST rules for Python code.

Next, most developer security tools will scan the entire repo every time a change is made. For big repos, it can take a while to see any results, and once they come, they can overwhelm and fluster developers with vulnerabilities that have nothing to do with the change they’re making! Who would want to fix vulnerabilities they didn’t introduce?

For this reason, Jit has provided an iterative analysis that only scans the newly-introduced code change. This significantly reduces the amount of code that needs to be scanned, while only surfacing potential security issues introduced by the author of the given code change.

Worried that our iterative scanning approach could miss vulnerabilities? Jit also runs full repo security scans in the background, ensuring that no vulnerabilities fall through the cracks.

How can you try it?

If you’re a customer, you don’t need to do anything! Continue creating PRs and Jit will automatically scan your code – just faster this time. Notice the difference? Tweet the impact and tag us!

If you’re not a Jit customer, start a free trial and install the Jit app available on GitHub Marketplace. This will enable Jit to scan your repos by running code analyses in your GitHub CI environment (GitHub Actions), so that code is never pulled to our cloud.

Next, based on your business objective, pick a Security Plan, which will activate code scanners that will analyze your existing code base, record the results in a unified backlog, and monitor every new PR.

After activation, Jit will automatically trigger security scans as new PRs are created, which present newly introduced vulnerabilities to developers before code is merged.

Looking for more info before you get started? Check out the How Jit Works page or schedule a demo.