Legit Security’s mission is to secure the world’s software by protecting the entire software supply chain. The company aims to provide a unified application security control plane that offers visibility and security control from code to cloud. Legit Security’s platform is designed to help organizations understand risks, address significant issues, and deliver more secure products by bringing together Engineering, DevOps, and Security teams for enhanced speed and collaboration.
The company’s goals include providing tools to score and monitor an organization’s software development lifecycle (SDLC) security, enabling continuous governance and compliance. Legit Security strives to offer a platform that is easy to implement, agentless, and does not interfere with existing development workflows. The company has demonstrated significant growth, having been named to the Fortune Cyber 60 list of important venture-backed startups. Customer reviews and industry analyst ratings for Legit Security are generally positive, with customers highlighting the platform’s ability to provide visibility and context for faster vulnerability remediation.
Offerings, Capabilities, and Integrations
Legit Security provides a SaaS-based Application Security Posture Management (ASPM) platform designed to secure an organization’s software supply chain from code to cloud. The platform offers a unified view of security risks across the entire software development lifecycle (SDLC), enabling organizations to identify and prioritize vulnerabilities based on business context and criticality. This is achieved through automated discovery and analysis of all SDLC assets, dependencies, and pipeline flows. Legit Security’s competitive edge lies in its AI-native platform, which enhances discovery, correlation, and prioritization of security issues, including those arising from the use of generative AI in development. The platform’s ability to provide end-to-end visibility and automate security processes without impeding development workflows helps organizations release software faster and more securely. Legit Security integrates with a wide range of development and security tools, including source code repositories like GitHub and GitLab, CI/CD tools like Jenkins, and security scanners such as Snyk and Veracode, providing a centralized control plane for application security.
Products and Services
Legit Security’s core offering is its AI-native Application Security Posture Management (ASPM) platform. This platform is delivered as a SaaS solution and supports both cloud and on-premises environments. Key products and services within the platform include:
- Application Security Posture Management (ASPM): This is Legit Security’s flagship offering, providing a comprehensive solution to find, fix, and prevent security risks in the software development lifecycle. It offers a unified view of an organization’s application security posture.
- Software Supply Chain Security: This service focuses on protecting the entire software supply chain by discovering and securing development pipelines, infrastructure, code, and personnel. It helps prevent attacks by identifying gaps and leaks in the SDLC.
- Secrets Scanning: Legit Security offers an enterprise-grade, AI-powered secrets scanning product to detect, remediate, and prevent the exposure of secrets across the entire SDLC, including in tools like Confluence, Jira, and Slack, not just in source code. This can be purchased as a standalone product.
- Continuous Compliance: The platform helps automate compliance tasks by providing real-time validation and evidence for auditors and compliance teams. It includes capabilities for generating Software Bill of Materials (SBOMs).
- AI Discovery and Security: A newer focus for the company, this capability discovers the use of AI coding tools and AI-generated code, and establishes guardrails to ensure the secure use of GenAI in development.
- Vulnerability Management: The platform consolidates and de-duplicates vulnerability data from various security tools to help prioritize remediation efforts based on risk and context.
Target Customers
Legit Security provides a range of integrations with various cloud, security, and development tools to secure the software development lifecycle from code to cloud. The platform supports connections to cloud infrastructure, source code management systems, continuous integration tools, and application security testing solutions.
- AWS: Legit Security integrates directly with Amazon Web Services. Specific integrations include Amazon EKS for Kubernetes service management, Amazon ECR for container registry, and Amazon CodeCommit for source code control. The platform also connects with AWS Inspector for vulnerability management.
- Microsoft Azure: The platform integrates with Microsoft Azure for cloud infrastructure. It connects with Azure Kubernetes Service (AKS), Azure Container Registry, and multiple components of Azure DevOps, including Cloud, OnPrem, Server, and Pipelines. Legit Security also integrates with Azure Boards for ticketing and alerting.
Legit Security is available on the following cloud marketplaces:
- AWS Marketplace: Legit Security offers its Legit Software Security Platform on the AWS Marketplace. This offering is presented as an application security posture management (ASPM) solution designed to manage and scale application security, addressing risks from the development environment to the cloud.
- Microsoft Azure Marketplace: There is no indication that Legit Security is available on the Microsoft Azure Marketplace.
- Google Cloud Marketplace: There is no indication that Legit Security is available on the Google Cloud Marketplace.
Key People
- CEO & Co-Founder: Roni Fuchs
- CTO & Co-Founder: Liav Caspi
- Chief Product & Engineering Officer & Co-Founder: Lior Barak
- Chief Marketing Officer: Dave Howell
- Chief Revenue Officer: Aaron Cote
- VP of People and Operations: Liora Rosenzweig
- Vice President of Customer Success: Justin Bradley
Key Facts
- Headquarters Location: Boston, MA, with an additional office in Tel Aviv, Israel.
- Number of Employees: 51-200.
- Annual Revenue: Approximately $15 million.
- Parent Company: None.
- Subsidiary Companies: None.
- Publicly Listed: No.
Analyst Recognition
Gartner has recognized Legit Security in multiple technology categories.
- Gartner has identified Legit Security as a Representative Vendor in its 2024 Market Guide for DevOps Continuous Compliance Automation Tools.
- Gartner also named Legit Security a Sample Vendor for Software Supply Chain Security in its 2024 Emerging Tech Impact Radar: Cloud-Native Platforms report.
- Gartner has included Legit Security as a sample vendor in reports related to Application Security Posture Management (ASPM) and DevSecOps.
- Gartner Peer Insights lists Legit Security within the Application Security Posture Management (ASPM) Tools market.
There is no information available from the provided search results indicating that Forrester, IDC, or Everest Group have formally recognized Legit Security in their analyst reports.
