Jit, a startup that helps developers automate product security by codifying their security plans and workflows into code that can then be maintained in a code repository such as GitHub, announced today that it has won a seed round of Raised $38.5 million led by boldstart ventures with Insight Partners , Tiger Global, TeachAviv and a number of strategic angel investors also participating. The company was founded by FXP, a startup venture studio based in Boston and Israel
With this announcement, Jit is also stepping out of the cloak and announcing the addition of former Puppet CTO and executive director of the Cloud Foundry Foundation, Abby Kearns, to its advisory board.
“Cybersecurity leaders are adding more tools faster than their teams are able to implement, fine-tune, and configure them — increasing risk spend,” said David Melamed, CTO of Jit. “Creating a security plan or program is too time-consuming for high-velocity development and product teams. Jit optimizes technical security for engineering teams via compliance checkboxes while reducing expenses. We deliver the easiest approach to implementing DevSecOps, where product security is built into the software from the start, along with a way to continually maintain it in a language developers understand – code.”
The idea behind Jit is to offer what the company calls “minimal viable security” (MVS). By default, the service offers developers MVS plans that have already codified a minimum set of tools and workflows they need to secure their apps and the infrastructure they run on.
“Instead of researching, configuring, implementing, and integrating open-source security tools into your stacks and CI/CD pipelines, the security research team at jit took it time to curate and select the tools that will be the first line of defense for your applications without having to figure it out for yourself,” the company explains.
The company argues that its approach also means developers only receive alerts when there are key vulnerabilities they need to address immediately — and then fix them within their existing workflows. The tool creates automatic security checks within pull requests or finds AWS misconfigurations or security control issues for third-party services like npm-audit.
With this, the service can also make it easier for companies to start their gap analysis for a number of compliance programs such as SOC2 or ISO 27001 by providing them with a dashboard showing their current status.
“With the rapid increase in applications being developed and managed, product security needs to be simple, easy to use as code, and work in current CI/CD pipelines,” said Ed Sim, founder and managing partner at boldstart Enterprises. “Jit ensures modern engineering teams can build secure cloud-based applications by design while simplifying ongoing security. Jit is unique in that it brings together a variety of open-source security tools while natively integrating the entire security-as-code experience into the current developer workflow.”
https://techcrunch.com/2022/06/23/security-as-code-startup-jit-comes-out-of-stealth-with-38-5m-in-seed-funding/ Security-as-code startup Jit comes out of stealth with $38.5M in seed funding – TechCrunch