Jit, a startup that helps developers automate product security by codifying their security plans and workflows as code that can then be managed in a code repository like GitHub, today announced that it has raised a $38.5 million seed round led by boldstart ventures, with Insight Partners, Tiger Global, TeachAviv and a number of strategic angel investors also participating. The company was incubated by FXP, a Boston-Israel startup venture studio
With this announcement, Jit is also coming out of stealth and announcing the addition of former Puppet CTO and Cloud Foundry Foundation executive director Abby Kearns to its advisory board.
“Cybersecurity leaders are adding more tools, faster than their teams are able to implement, tune and configure them — increasing risk spend,” said Jit CTO David Melamed. “Creating a security plan or program is too time-consuming for high-velocity dev and product teams. Jit streamlines technical security for engineering teams over compliance checkboxes all while reducing spend. We deliver the simplest approach to implementing DevSecOps where product security is built into the software from the start along with a way to continuously maintain it in a language developers understand — code.”
The idea behind Jit is to offer what the company calls “minimal viable security” (MVS). Out of the box, the service offers developers MVS plans that have already codified a minimum set of tools and workflows that they’ll need to secure their apps and the infrastructure they run on.
“Instead of having to research, configure, implement and do the work to integrate open source security tools into your stacks and CI/CD pipelines, the security research team at Jit has taken the time to curate and select the tools that will provide the first line of defense for your applications, without having to figure it out yourself,” the company explains.
The company argues that its approach also means developers will only get alerts if there are important vulnerabilities they have to react to right away — and can then remediate them from inside their existing workflows. The tool will create automatic security reviews inside of pull requests or find AWS misconfigurations or issues with security controls for third-party services like npm-audit.
With this, the service can also make it easier for businesses to start their gap analysis for a number of compliance programs like SOC2 or ISO 27001 by giving them a dashboard that lays out their current status.
“With the rapid increase in the number of applications being developed and managed, product security needs to be simple and easy to use as code, as well as work within current CI/CD pipelines,” said Ed Sim, founder and managing partner at boldstart ventures. “Jit ensures that modern engineering teams can build secure cloud-based applications by design, all while simplifying continuous security. Jit is unique in that it unifies a variety of open source security tools while natively integrating the entire security as code experience into the current developer workflow.”