Jit, a startup that helps developers automate product security by codifying their plans and workflows as code that can be managed through a code repository such as GitHub, has announced a $38.5 million seed round led by boldstart ventures, with participation from Insight Partners, Tiger Global, TeachAviv, and several strategic angel investors. The company was incubated by FXP, a Boston-Israeli startup venture studio.
Jit Exits Stealth
With this announcement, Jit is also coming out of Stealth and announcing that Abby Kearns, a former CTO of Puppet and executive director of the Cloud Foundry Foundation, has joined its advisory board.
“Cybersecurity leaders are adding more tools, faster than their teams can implement, tune and configure them — increasing risk spend,” said Jit CTO David Melamed. “Creating a security plan or program is too time-consuming for high-velocity dev and product teams.
Read Also : Afropolitan Set To Build Digital Nation With $2.1M Pre-seed From Srinivasan And Others
Jit streamlines technical security for engineering teams over compliance checkboxes, all while reducing spend. We deliver the simplest approach to implementing DevSecOps where product security is built into the software from the start along with a way to maintain it in a language developers understand — code continuously.”
Offering Minimal Viable Security
Jit’s goal is to offer what the business refers to as “minimal viable security” (MVS). A minimum set of tools and workflows that developers will need to secure their apps and the infrastructure they run on are already codified in the service’s MVS plans, which are available right out of the box.
“Instead of having to research, configure, implement and do the work to integrate open source security tools into your stacks and CI/CD pipelines, the security research team at Jit has taken the time to curate and select the tools that will provide the first line of defense for your applications, without having to figure it out yourself,” the company explains.
The company claims that its approach also means that developers won’t receive alerts unless there are critical vulnerabilities that require immediate attention. Developers can then fix these bugs from within their existing workflows, the company claims. AWS misconfigurations or issues with security rules for third-party services like npm-audit will be discovered by the tool, which will also automatically create security reviews inside pull requests.
Read Also : How Marcus Bullock Went From Prison To Founding Flikshop Now Backed By John Legend
By providing developers with a dashboard that displays their current status, the service can also make it easier for businesses to start their gap analysis for a number of compliance programs like SOC2 or ISO 27001.
“With the rapid increase in the number of applications being developed and managed, product security needs to be simple and easy to use as code, as well as work within current CI/CD pipelines,” said Ed Sim, founder, and managing partner at boldstart ventures. “Jit ensures that modern engineering teams can build secure cloud-based applications by design, all while simplifying continuous security. Jit is unique because it unifies various open-source security tools while natively integrating the entire security as code experience into the current developer workflow.”
