Jit now supports GitLab! Learn how to implement automated code security across your projects in minutes.

Learn more

Pricing

Too many security scanners?
Jit provides full coverage for app + cloud security, 
at a flat rate per developer.
Compare our plans
Community
Growth
Enterprise
$0
per month
Up to 3 developers
Get Started
$50
per developer, per month
*billed annually
4+ developers
Free Trial
Custom
Book a demo
for details
Enterprise features 
+ extended support
Book a Demo
Supported Security Scanners
Static Application Security Testing (SAST)
Scan your codebase for existing vulnerabilities like SQL Injections and Path Traversals in your custom code, while implementing continuous scanning for every code change to prevent new issues from reaching production. Learn more here.
Software Composition Analysis (SCA)
Scan your codebase for vulnerabilities in your open source components and dependencies, while implementing continuous scanning for every code change to prevent vulnerable open source from reaching production. Learn more here.
Secrets Detection
Scan your codebase for hardcoded secrets like passwords, API keys, and AWS tokens, while implementing continuous scanning for every code change to prevent new hardcoded secrets from reaching production. Learn more here.
IaC Security Scanning
Scan your codebase for cloud misconfigurations like weak encryption or open S3 buckets in your IaC, while implementing continuous scanning for every code change to prevent new infrastructure security issues from reaching production. Learn more here.
Dockerfile Scanning
Scan your codebase for open source vulnerabilities and misconfigurations in your Dockerfiles, while implementing continuous scanning for every code change to prevent new issues from reaching production. Learn more here.
CI/CD Security Check
Continuously scan your CI/CD pipeline for security misconfigurations that could allow unauthorized changes to the codebase and other malicious activity. 
Learn more here.
Open Source License Detection
Scan your codebase for open source license violations, such as GPL or other copyleft licenses. Implement continuous scanning for every code change so developers can catch copyleft-licensed open source before production. Learn more here.
Software Bill of Materials (SBOM)
Continuously scan your codebase to maintain an up-to-date SBOM that shows all open source components and their associated license, location, and version.
Learn more here.
Dynamic Application Security Testing (DAST)
Use Jit’s ZAP configuration wizard to simplify DAST deployment. Automatically run periodic scans to surface vulnerabilities within your web apps and APIs in runtime. Learn more here.
Cloud Security Posture Management (CSPM)
Integrate Jit with AWS, Azure, or GCP to periodically scan your cloud infrastructure in runtime. Check for cloud security misconfigurations like unencrypted 
databases with client connections and EC2 AMIs set to ‘public’. Learn more here.
Add Your Own Security Scanners
Open Orchestration
Need additional coverage? Rather than implementing and managing a new tool yourself, Jit can easily orchestrate new security controls (including open source, commercial, and cloud-native tools) to unify the UX and execution of your entire product security stack. Learn more here.
Security Plans and Reporting
Security Dashboards
Monitor performance and compliance metrics like unresolved vulnerabilities in production, developer adoption of security process, and MTTR. Get a single overview of your security coverage across apps and cloud infrastructure. Learn more here.
Minimum Viable Security Plan
Security Plans package the toolsets, integrations, and processes needed to work toward a specific business objective. The Minimal Viable Security Plan 
covers the key product security bases with minimal effort, including SAST, SCA, IaC scanning, K8s scanning, and CI/CD Security. Learn more here.
Premium Security Plans
Security Plans package the toolsets, integrations, processes, and reporting needed to work toward a specific business objective. Premium Security Plans include
 the SOC2 Plan, the Cloud Security Plan, the Maximum Viable Security Plan, and many more. See all Security Plans here.
Custom Security Plans
Security Plans package the toolsets, integrations, processes, and reporting needed to work toward a specific business objective. If we don’t cover one of your business 
objectives, we’ll build a plan for you with Custom Security Plans.
Jit Teams
Jit Teams provides a portal for Development Team Leads to own the security of their services. With full visibility into their security posture, Development 
Team Leads can monitor progress, highlight gaps, and benchmark their security posture against other teams in the organization with a leaderboard.
Code & Cloud Scanning Capabilities
Code Scanning Limits
Unlimited
Unlimited
Unlimited
Jit scans your entire codebase and enables continuous scanning for every code change. Scan all the GitHub repos and GitLab projects you need at no extra cost.
Cloud Scanning Limits
Unlimited
Unlimited
Unlimited
Scan your AWS, Azure, or GCP infrastructure periodically or after every deployment. Scan as many times as needed at no extra cost.
Deployment Based Scanning
Unlimited
Unlimited
For Growth and Enterprise Accounts, automatically scan your apps or cloud infrastructure in runtime after every deployment to catch vulnerabilities 
that fell through the cracks.
Web App Scanning Limits
Unlimited
Unlimited
For Growth and Enterprise Accounts, scan your web apps as many times as needed with Jit’s Dynamic Application Security Testing (DAST).
API Scanning Limits
Unlimited
Unlimited
For Growth and Enterprise Accounts, scan your web apps as many times as needed with Jit's Dynamic Application Security Testing (DAST).
Number of Supported Web Apps
Unlimited
Unlimited
For Growth and Enterprise Accounts, Jit supports scanning for an unlimited amount of web apps at no extra cost.
Prioritization & Remediation
Auto Remediations
Up to 15 a month
Unlimited
Unlimited
After surfacing a code or cloud security finding, Jit provides suggested code fixes to automatically remediate the issue, so that developers don’t 
need to be security experts to make a fix quickly. All remediations have been tested by Jit to confirm issue resolution. Learn more here.
Smart Prioritization with Context Engine
Context Engine prioritizes the top security risks while weeding out noisy alerts. By building a knowledge graph of your code pipeline and cloud environment, 
Context Engine can determine the runtime context of each security issue, such as whether it is in production, is exposed to the internet, or is connected to a 
sensitive database (among other prioritization factors). Learn more here.
Vulnerability Management
Jit’s Backlog provides a unified view of all unresolved vulnerabilities, which includes information like the vulnerability’s location, severity, owner, runtime context, security control, and other data, which can be monitored on dashboards. Each issue can be triaged in systems like Slack and Jira. Learn more here.
Bulk Remediation with Actions
Jit’s Actions page consolidates and deduplicates vulnerabilities, while providing fixes that can resolve issues in bulk with a single code change. Learn more here.
Intergrations
Source Code Manager
(GitHub & GitLab)
Integrate Jit with your GitLab environment to enable one-click activation for Jit’s code security controls. This will scan all selected projects, 
while implementing continuous scanning for every code change. Jit’s unique GitLab integration makes it exceptionally easy for developers to resolve issues before production, because they never need to leave their environment to gather the context and remediation guidance needed to make a fix.
IDE (VS Code with more to come)
Jit provides immediate feedback on code security within VS Code, so that developers never need to leave their environment to surface and resolve vulnerabilities before production. Configure Jit to scan code with pre-commit hooks, or run scans on demand. Learn more here.
Ticketing & Triage (Slack, Jira, Shortcut, Linear)
For Growth and Enterprise customers, triage security alerts to the relevant developer with automated workflows to your ticketing and collaboration system. See instructions to set up Jira, Slack, and Linear.
Cloud Providers (AWS, Azure, GCP)
For Growth and Enterprise customers, integrate Jit with your cloud provider to automatically scan your cloud infrastructure for vulnerabilities. See instructions to integrate with AWS, Azure, and GCP.
Enterprise Features
SSO (SAML)
For Enterprise customers, reach out so we can enable SSO for your Jit account.
Role Based Access
For Enterprise customers, segregate users by account to limit access to sensitive information.
Audit Logs
For Growth and Enterprise customers, track user activity within Jit with audit logs.
Self Hosted Runners
For Growth and Enterprise customers, run Jit on self-hosted GitHub runners to keep Jit running on your infrastructure. Learn more here.
Webhook Support
For Growth and Enterprise customers, use webhooks to create automated workflows with third-party apps.
Support
Next Business Day
24/5
24/7
We’re here if you need our help with developer trainings, technical issues, or for any other reason :)
SLA - Uptime
99.5
99.5
Our rockstar DevOps team keeps Jit running, so you can stay on top of your product security.

Instantly achieve continuous product security, from day 0

Get started with Jit