Securing GitHub With GitHub: Adding SARIF Support to Legitify
My pull request puts reporting right in the Security Center
Hanging out with some friends from Legit Security at Blackhat 2023I work with plenty of clients who want their GitHub environments tested for security. And with the OpenSSF’s new Source Code Management Platform Configuration Best Practices guide, tools like Legitify are more important pieces of this strategy than ever. But wouldn’t it be great to automate these security audit checks and show feedback from them right in GitHub?
I’m pleased to announce that day has come. My pull request, which adds SARIF output support to Legitify, has been merged!
Now it’s even easier to run automatic security audits on your GitHub enterprises, organizations, repositories, runners, and more. Just set up the Legitify action, and find your results reported right in the Security Center.
Legitify audit results are beautifully rendered
Legitify audit results in the Security Overview