Jit Security

With Jit, you don't need to be a security expert to consistently write secure code.

The Jit Security extension enables you to access the power of JIT directly from your IDE.

No additional security tools are required to enhance the security of your project with Jit.

Safeguard your code by identifying and fixing vulnerabilities as you work.

VSCode extension

Prerequisites

Docker must be up & running.

The extension runs docker containers in the background to scan your code with multiple security tools.

Features

Quick fix highlights issues in the editor

Quick Fix highlights issues in the editor

Manage New and Existing Issues

Pre-Commit Hook

Jit includes a pre-commit hook that uses the pre-commit framework to check your code for security issues before you commit it.

What is the pre-commit Framework?

The pre-commit framework is a popular tool that allows you to define and manage pre-commit hooks for your Git repositories. It provides a flexible and extensible way to run checks on your code before you commit it, helping you prevent insecure code from being committed to your repository.

Enable pre-commit hook

Open the command palette and search for "Jit: Install Pre Commit Hook". Alternatively, you can install the pre-commit hook from the side panel of the extension and click the "Activate" button in the pre-commit section.

This will add the Jit pre-commit hook to your existing .pre-commit-config.yaml file. The hook will check for any security issues in your code before you commit it, helping you prevent insecure code from being committed to your repository.

If the hook finds any security issues in your code, it will fail the commit and provide diagnostic information to help you fix the issues. This can help you ensure that your code is always secure and free from vulnerabilities.

Configure pre-commit hook

You can configure the pre-commit hook to your specific needs and preferences. To do this:

Open the settings view
Search for the "jitsecurity.pre-commit" section
Choose which security issues the hook will check for, and adjust other settings as needed

You can change these settings at any time, so you can easily adapt the hook to your changing needs and priorities.

Coverage

We support the following languages and file types—

Language/File Type	Objective
Python	Code scanning Dependency check
JavaScript & TypeScript	Code scanning Dependency check
GoLang	Code scanning Dependency check
All Files	Secret detection
Terraform / CloudFormation	Infrastructure-as-code scanning
Dockerfile	Infrastructure-as-code scanning

FAQ

What are the requirements for the extension to work?

The extension requires Docker to be installed and running on your machine.
Do I have to worry about my code being saved by this extension?

No. Your code is not saved by the extension. It only scans your code locally in a Docker container and displays the results in your IDE.
What happens if I don't have Docker installed?

The extension will prompt you to install Docker if it is not already installed on your machine.

About us

Jit is the platform that enables dev organizations to adopt the MVS mindset and progress iteratively in a just-in-time manner.

Visit us on Jit docs to learn more.

Feedback

We would love to hear from you!

Feel free to contact us at contact@jit.io if you need help, have an issue, or just want to provide feedback.

Jit Security - Vulnerability Scanning for Python, JavaScript, TypeScript, GoLang, Terraform, CloudFormation, Dockerfile & more

Jit Security

Jit Security

Prerequisites

Features

Quick fix highlights issues in the editor

Manage New and Existing Issues

Pre-Commit Hook

Enable pre-commit hook

Configure pre-commit hook

Coverage

FAQ

About us

Feedback