Legit Security is an Application Security Posture Management (ASPM) platform that provides visibility and security controls across the software development lifecycle. The platform integrates with development environments to: - Monitor and assess application security risks from code to cloud deployment - Detect and prevent secrets exposure in code repositories - Generate Software Bill of Materials (SBOM) for compliance purposes - Implement security controls for software supply chain - Manage AI security posture and detect risky AI/LLM usage in development - Consolidate and prioritize application security vulnerabilities Key capabilities include: - Automated discovery and visualization of application security risks - Integration with existing CI/CD pipelines and development tools - Policy enforcement and compliance monitoring - Risk prioritization based on business impact analysis - Security automation and orchestration features - Vulnerability correlation and deduplication - Developer-focused remediation guidance The platform aims to help organizations: - Maintain visibility across development environments - Implement consistent security controls - Automate compliance validation - Detect security issues early in development - Manage application security at scale
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.