Legit Security's secret detection works. However, there are some limitations to its effectiveness. One issue is that engineering teams don't always embed secrets in the same way, making it difficult for the tool to consistently identify them. While I don't know of any other application that performs better, this inconsistency does lead to some false positives and occasional missed secrets.
Legit Security could do a little better with detecting publicly exposed keys. It's not bad. The detections that they are running get to everything eventually, but it would be great if they could increase some of that awareness.
I would like them to have their own static code scanner, and I'd like them to have their own open-source software scanners. I'm using it as a management plan; I still have to have licenses for other tools that do active scanning, and I would just prefer to consolidate that under one roof.
Legit Security provides application security posture management platform that secures application delivery from code to cloud and protects an organization's software supply chain from attack. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team...
Legit Security's secret detection works. However, there are some limitations to its effectiveness. One issue is that engineering teams don't always embed secrets in the same way, making it difficult for the tool to consistently identify them. While I don't know of any other application that performs better, this inconsistency does lead to some false positives and occasional missed secrets.
Legit Security could do a little better with detecting publicly exposed keys. It's not bad. The detections that they are running get to everything eventually, but it would be great if they could increase some of that awareness.
I would like them to have their own static code scanner, and I'd like them to have their own open-source software scanners. I'm using it as a management plan; I still have to have licenses for other tools that do active scanning, and I would just prefer to consolidate that under one roof.