- What: Legitify is an open-source tool for scanning security misconfigurations on GitHub and GitLab
- Impact: Helps organizations identify and fix risky settings in their code management platforms
Misconfigured source code management platforms remain a common entry point in software supply chain attacks, and organizations often lack visibility into which settings put them at risk. Legitify, an open-source tool from Legit Security, addresses that gap by scanning GitHub and GitLab environments and reporting policy violations across organizations, repositories, members, and CI/CD runner groups. What it checks Legitify evaluates configurations across five namespaces: organization-level settings, GitHub Actions configurations, member accounts, repositories, and runner groups. … More → The post Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab appeared first on Help Net Security .