Announcing Jit’s AI Agents: Human-directed automation for your most time-consuming AppSec tasks.

Read the blog

Login Connect with Jit

The born-left product security blog

Jit's blogs contains guides to implement the best product security tools, how to build security into your development culture, and best practices for understanding and mitigating product security risk.

All Velocity Security DevOps

Featured

Introducing Jit's Agentic AppSec Platform That Gets Real Work Done

I am beyond excited to announce that we are launching the first ever Agentic Application Security Platform, which will revolutionize the way AppSec teams and engineers work. Jit wi

April 9, 2025

Introducing Jit's Agentic AppSec Platform That Gets Real Work Done preview image

an open policy agent as a control engine devsecops conf 2012 rec

September 17, 2024

Open Policy Agent as a Control Engine - DevSecOps Conf 2022 Recap About This content is brought to you by Jit - a platform that simplifies continuous security for developers, enabling dev teams to adopt a ‘minimal viable security’ mindset, and build secure cloud app

a padlock with a padlock on it and the text step - by -

App Sec Best Practices

September 17, 2024

A Step-by-Step Guide to Preventing Javascript Injections If over 40 major banks can be the target of JavaScript injection attacks, let’s be honest – so can you. In 2023, a malware campaign using this attack method affected 50,000 user sessions across more t

a diagram with the words playing around with aws - vault for fun and profits

July 29, 2024

Playing Around with AWS-Vault for Fun & Profit AWS Vault is an open-source tool by 99Designs that enables developers to store AWS credentials in their machine keystore securely. After using it for a while at Jit, I decided to dig deeper into how i

Announcing GitLab support: Empower developers to secure everything they code in GitLab

July 10, 2024

Announcing GitLab support: Empower developers to secure everything they code in GitLab Today, I’m thrilled to announce Jit’s full support for GitLab, which will significantly expand our ability to execute our mission to empower every developer to secure everything they code. This new in

the best vs code themes in 2024

June 17, 2024

20 Best VS Code Themes in 2025 With nearly 14 million monthly VS Code users and new features like remote development, collaboration, and developer personas, the VS Code editor—one of coders' IDE sweethearts—remains as strong as eve

Lessons Learned About Secrets Protection After the Sisense Breach

May 21, 2024

Lessons Learned About Secrets Protection After the Sisense Breach Sisense is a popular monitoring tool that enables users to monitor business metrics from multiple third-party sources in a single dashboard. On April 10, the company informed customers that the sensit

a purple background with a check box and a purple background with a check box and

April 24, 2024

Vulnerability Assessments vs. Penetration Testing: Key Differences Vulnerability Assessments vs. Penetration Testing: Key Differences In the race for technological innovation, companies often sprint toward product launches but find themselves in a marathon when fixin

Unzipping the XZ Backdoor and Its Lessons for Open Source

April 18, 2024

Unzipping the XZ Backdoor and Its Lessons for Open Source Originally posted on The New Stack. By now, you have probably heard about the recently discovered backdoor into versions 5.6.0 and 5.6.1 of the tarballs of the xz utilities, a popular compression/deco

CVE 2023-2033: What is it, and how to fix it?

April 8, 2024

CVE 2023-2033: What is it, and how to fix it?Zero-day vulnerabilities are the surprise no developer wants to get. Because these security flaws are unknown to developers, they have zero days to prepare or mitigate the vulnerability before an expl