Legit Security Reviews

Name: Legit Security
Brand: Legit Security
Rating: 5.0 (4 reviews)

5.0 out of 5

4 reviews
100% willing to recommend

What is Legit Security?

Legit Security provides application security posture management platform that secures application delivery from code to cloud and protects an organization's software supply chain from attack. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Get the Legit Security Buyer's Guide and find out what your peers are saying about Legit Security, Docker, Apiiro and more!

Legit Security is the #6 ranked solution in top Application Security Posture Management (ASPM) solutions and #7 ranked solution in top Software Supply Chain Security solutions. PeerSpot users give Legit Security an average rating of 10.0 out of 10. Legit Security is most commonly compared to Docker: Legit Security vs Docker. Legit Security is popular among the large enterprise segment, accounting for 53% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 21% of all views.

Helped 831,265 peers since 2012

Featured reviews

Tim Crothers

CISO at Mandiant / FireEye

Legit Security is a product that hyper-focuses on the various aspects of the software development pipeline. For example, if an engineer spins off a new project and stands up a new Git project, Legit automatically detects it, connects Snyk and other tools, and ensures the engineering team doesn't have to think about it. This way, we stay on top of security from the beginning. On the other hand, Legit provides a clear view of the controls around repositories. We have standards requiring code reviews and similar practices, and Legit shows us whether these are being followed. Additionally, Legit helps us identify unmaintained repositories, which often arise when engineering teams try something and leave it behind. This knowledge allows us to determine the appropriate action for these neglected projects. One area where Legit falls short is secret detection. While it functions well overall, the feature has a 10-20 percent false positive rate, requiring some manual intervention. Almost everything else works flawlessly. The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates. Unlike traditional programs that require security reviews at specific stages, hindering development flow, we strive to partner with the product engineering team to ship secure code seamlessly within their existing workflows. Legit plays a crucial role in this by automatically notifying us of new projects, eliminating the need for manual communication. This partnership approach, enabled by Legit, allows us to work much closer with our engineering teams than ever before.

Read full review

Rob Preta

Head of Cyber Security at ACV Auctions Inc.

Legit Security enables me to verify things like request checks and the installation of my SaaS. I can also verify that we're not publicly exposing our keys. Those are crucial features. Legit Security's visibility into our software development environment is excellent. The solution correlates information based on the integrations I have, which is extremely helpful. The unified security control panel is top-notch. It has helped us gain insight as the company has grown over the past couple of years. We used to have two different programs that did some of this, but now we're going to discontinue the other application and only use Legit. Centralization is one thing I always preach, and Legit helps us do that. The risk-scoring features are excellent, and their scoring methodology is aligned with mine. It's integrated with Snyk, GitHub, Jenkins, and Wizz. The integration with AppSec applications and tools is excellent. The performance is super-fast, and I haven't had any problems.

Read full review

Karl Mattson

CISO at Noname Security

We're a start-up. We only had about 40 or 50 developers at the time we started with Legit - and essentially, we didn't have a well-defined SDLC. We performed scanning and penetration testing, however, we didn't really have a process from start to finish to ensure the integrity of the software and to track the remediation of findings and those kinds of tasks. Legit was a green field for us in terms of selecting a technology and then to some degree designing our policy and process around it. The most important feature is the surfacing out of the noise of other scanning technologies. We’re getting out of the noisy platforms and focusing our developers on the remediation of the actual most high-risk findings. It's really focused on our efficiency in those areas. It also serves as identification of those individual instances where a developer made a mistake, where they might include hard-coded credentials or what appears to be production data used in a test script. Those are the breadcrumbs to a breach. Legit is paying for itself time and time again by finding those, and allowing us to remediate those quickly. We have it connected to over 100+ repos. The visibility is excellent. It is the primary and the only visibility that we need into the development. The reports at the end of the pipeline are great. It's complete in that sense. It's the only tool that I've seen that can put all the pieces together in terms of visibility, policy enforcement, and vulnerability identification under one pane of glass. It’s important for our organization to have this unified application security control. We are a software company, so this is the primary crown jewel of security control. Our primary risk factor to consider is the security of the software. That is the centerpiece of our attention. The unified application security control plans and risk-scoring comparisons of teams and pipelines are useful. It gives us a certain direction and, in the macro sense, I value it. Personally, I don't put a lot of weight behind the scores except for their directionality. We get a sense over time of direction, and that's very useful. For example, when a 67 goes up to a 90, I know that's a good thing, and we're making progress, or vice versa. We integrate Legit with other application tools. It's integrated with a handful of tools. We use it with our single sign-on through Okta, and then also with our code repositories, CI/CD pipelines, and ticketing systems. The incidents all go to our SEIM. Legit's ability to integrate with AppSec implications and tools somewhere else is easy. Once we've established those API connections, there is little maintenance. It’s helped our organization shift the security left. It just makes shift left executable, enabling us to shift the security controls left as far as possible is absolutely necessary. Legit helped our organization reduce the risk of attacks. Particularly, when we see things like a developer mistake or major coding error. Those are the breachable moments that Legit picks up on, and we can remediate very quickly. Legit has had a positive effect on our overall security posture. We have a very healthy posture, which importantly starts just by having completeness of visibility, knowing exactly what we have - and knowing exactly what our vulnerabilities are, and having trust in the process. On any given day there are always going to be vulnerabilities. To have that procedural integrity of the software development process, that's huge.

Read full review

Legit Security mindshare

Product category:

As of January 2025, the mindshare of Legit Security in the Software Supply Chain Security category stands at 14.0%, up from 10.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Software Supply Chain Security

PeerAnalyst reports

Type	Title	Date
Category	Software Supply Chain Security	Jan 22, 2025	Download
Product	Reviews, tips, and advice from real users	Jan 22, 2025	Download
Comparison	Legit Security vs Sonatype Lifecycle	Jan 22, 2025	Download
Comparison	Legit Security vs Mend.io	Jan 22, 2025	Download
Comparison	Legit Security vs JFrog Xray	Jan 22, 2025	Download

Title	Rating	Mindshare	Recommending
Docker	4.3	2.4%	98%	55 interviews Add to research
Apiiro	4.3	14.4%	100%	2 interviews Add to research

Valuable Features

Legit Security enhances software development by focusing on high-risk findings, providing unified application security control and excellent visibility. It effectively integrates with various tools, supports shifting security left, and strengthens the security posture. Users appreciate its centralization, risk-scoring features, and integration capabilities. It aids in secret management, infrastructure scans, and pipeline security, while seamlessly notifying teams of new projects. Though secret detection may have false positives, its primary value is supporting smooth product security workflows.

"The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates."
"We implemented Legit Security to gain visibility into all development teams and ensure that consistent controls are in place and accounted for on every route."
"Legit has increased my security posture to a level I couldn't achieve before. I don't need to worry as much about what's happening within my developer environments. I can rest assured that my vulnerabilities are being detected."

Room for Improvement

Legit Security could benefit from having its own static code scanner and open-source software scanners. Users desire improved detection of publicly exposed keys and more effective secret detection due to inconsistencies and false positives. They emphasize a need for dynamic rerun capabilities for development teams and suggest consolidating multiple tools under one platform. While the team's responsiveness is appreciated, enhancements in these areas are looked forward to for better overall functionality.

"One issue is that engineering teams don't always embed secrets in the same way, making it difficult for the tool to consistently identify them."
"The one we're working on right now is the ability to dynamically rerun development teams and groups."
"Legit Security could do a little better with detecting publicly exposed keys. It's not bad. The detections that they are running get to everything eventually, but it would be great if they could increase some of that awareness."

Pricing

"The pricing is reasonable."

Popular Use Cases

Legit Security is used primarily for managing the software development lifecycle by enforcing policies, ingesting results, creating SBOMs, and providing visibility, prioritization, and orchestration. It supports application security posture management, ensuring secure coding practices. Organizations deploy it for visibility into development teams, ensuring consistent controls and metrics. It secures the code pipeline, emphasizing security and agility. It was chosen to secure the software delivery pipeline, highlighted as necessary after the SolarWinds breach.

Deployment

Users found Legit Security's initial setup straightforward, with minimal maintenance required. Involving up to four team members, deployment often completed within two weeks. Teams highlighted the importance of integrating core solutions to enhance visibility. While users needed to ensure continuous assets enrollment and integration with resources like GitHub, they required few dedicated resources for maintenance or support. Users noted Legit Security's ease of setup and execution using familiar methods.

Scalability

Legit Security demonstrates exceptional scalability, accommodating environments as they grow significantly in size. Users with numerous repositories experience no strain on capacity, while others have successfully doubled their number of developers and infrastructure without issues. With its ability to seamlessly expand with user demand, Legit Security effectively meets the needs of diverse organizations.

Stability

Users express satisfaction with the stability of Legit Security, highlighting consistent service without outages. They mention an absence of downtime, reinforcing confidence in its reliability. Flawless performance is frequently noted by multiple individuals, indicating a strong emphasis on stable operation. The consistent theme across feedback confirms Legit Security’s robust and dependable nature. Every response emphasizes an uninterrupted experience, suggesting that any concerns related to stability are minimal or nonexistent.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Legit Security Buyer's Guide for additional reliable information.

Top industries

By visitors reading reviews

Computer Software Company

21%

Financial Services Firm

14%

University

12%

Pharma/Biotech Company

Healthcare Company

Insurance Company

Retailer

Performing Arts

Recreational Facilities/Services Company

Hospitality Company

Educational Organization

Legal Firm

Government

Construction Company

Comms Service Provider

Energy/Utilities Company

Wholesaler/Distributor

Consumer Goods Company

Logistics Company

Manufacturing Company

Media Company

Non Profit

Outsourcing Company

Real Estate/Law Firm

Compare Legit Security with alternative products

Learn more about Legit Security

Legit Security customers

Google, NYSE, Kraft-Hienz, Takeda Pharmaceuticals, and many other large enterprise and Fortune 500 customers. Learn more by going to: https://www.legitsecurity.com/...