Jit, a startup that helps developers automate product security by codifying their security plans and workflows into code that can then be managed in a code repository like GitHub, announced today that it has raised a $38.5 million seed round led by boldstart ventures, with Insight Partners, Tiger Global, TeachAviv and a number of strategic angel investors also participating. The company was incubated by FXP, a Boston-Israel startup studio
With this announcement, Jit is also stepping out of the loop and announcing the addition of Abby Kearns, former CTO of Puppet and executive director of the Cloud Foundry Foundation, to its advisory board.
“Cybersecurity leaders are adding more tools, faster than their teams are able to implement, tune, and configure them, increasing risk spend,” said Jit’s CTO, David Melamed. “Creating a security plan or program takes too long for development and product teams at high speed. Jit streamlines technical security for engineering teams on compliance checkboxes while We offer the easiest approach to implementing DevSecOps, where product security is built into the software from the start, and a way to maintain it all the time in a language developers understand: coded.
The idea behind Jit is to offer what the company calls “Minimum Viable Security” (MVS). Out of the box, the service offers developers MVS plans that have already codified a minimum set of tools and workflows they will need to secure their applications and the infrastructure they run on.
“Instead of having to research, configure, implement and do the work to integrate open source security tools into your CI/CD stacks and pipelines, the security research team at jit took the time to organize and select the tools that will provide the first line of defense for your applications, without having to figure it out yourself,” the company explains.
The company says its approach also means developers will only receive alerts if there are significant vulnerabilities that they need to react to immediately – and can then patch them from within their existing workflows. The tool will create automatic security reviews inside pull requests or find AWS configuration errors or issues with security checks for third-party services like npm-audit.
With this, the service can also make it easier for companies to start their gap analysis for a number of compliance programs such as SOC2 or ISO 27001 by giving them a dashboard showing their current status.
“With the number of applications being developed and managed rapidly increasing, product security must be simple and easy to use as code, as well as work within current CI/CD pipelines,” said Ed Sim, Founder and managing partner of boldstart. businesses. “Jit ensures that modern engineering teams can build secure cloud-based applications by design, while simplifying ongoing security. Jit is unique in that it unifies a variety of open source security tools while natively integrating the entire security experience as code into the developer’s current workflow.