Security-as-code startup Jit comes out of stealth with $38.5M in seed funding – Meczyki.Net

VictoryA startup that helps developers automate product security by coding their security plans and workflows as code that can then be managed in code repositories like GitHub, today announced that it has raised $38.5 million. Seed round has been raised. Boldstart Enterprises, along with Insight Partners, Tiger Global, TeachAviv and several strategic angel investors are also participating. was incubated by the company fxpA Boston-Israel startup venture studio

With this announcement, Jit is also coming out of stealth and announcing the addition of the former Puppet CTO and Executive Director of the Cloud Foundry Foundation. abby kirnso to your advisory board.

“Cybersecurity leaders are adding more tools, faster than their teams are able to implement, tune and configure them – increasing risk spending,” said Jit CTO David Melamed. “Creating a security plan or program is very time-consuming for high-velocity dev and product teams. Streamlines technical security for engineering teams on compliance checkboxes while minimizing costs. We are the best to implement DevSecOps provide a simple approach, where product security is embedded in the software from the start as well as a way to maintain it consistently in a language understood by developers – the code.”

image credit: Victory

The idea behind Jit is what the company calls “Minimum Viable Security” (MVS). Out of the box, the service offers developers MVS plans that have already codified minimum set of tools And the workflow that they’ll need to secure their apps and the infrastructure they run on.

“Instead of researching, configuring, implementing and working to integrate open source security tools into their stacks and CI/CD pipelines, the security research team Victory have taken Time To pick and choose the tools that will provide the first line of defense for your applications without having to figure it out yourself,” the company explains.

The company argues that its approach also means that developers will only receive alerts when there are critical vulnerabilities that they must respond to quickly — and can then overcome them from inside their existing workflows. The tool will generate automated security reviews inside pull requests or detect issues with AWS misconfiguration or security controls for third-party services such as npm-audit.

Additionally, the service can make it easier for businesses to start their gap analysis for multiple compliance programs such as SOC2 or ISO 27001 by giving them a dashboard that tells them their current status.

Ed Sim, founder and managing partner of Boldstart, said, “With the rapid increase in the number of applications being developed and managed, product security needs to be as simple and easy to use as code, as well as existing CI/CD pipelines.” Must work within.” Enterprise. “JIT ensures that modern engineering teams can build secure cloud-based applications by design while simplifying continuous security. JIT is unique in that it integrates a variety of open source security tools while seamlessly creating a whole Integrates security as a code experience into current developer workflows.

62A9C2B9A6Bbf6C4848B4Ae2 Du3Qhjscqpiq2Vt05Fm7Sfzzaobpfg7Z5 U12Hp9Hn5Vfhrbfoov Es4Iyhnxcpyt Ioeqhbih6 K6V1Gl Y0T94Bl3Xmoo16Gsl0I6G9Ifny2Ftmfmckfj Akezxyqxjmdd2Ouuddz Cyhmuw 1

image credit: Victory