Security-as-code startup Jit comes out of stealth with $38.5M in seed funding

TechCrunch
|
06.23.2022

Jit, a startup that helps developers automate product security by codifying their security plans and workflows as code that can then be managed in a code repository like GitHub, today announced that it has raised a $38.5 million seed round led by boldstart ventures, with Insight Partners, Tiger Global, TeachAviv and a number of strategic angel investors also participating. The company was incubated by FXP, a Boston-Israel startup venture studio

With this announcement, Jit is also coming out of stealth and announcing the addition of former Puppet CTO and Cloud Foundry Foundation executive director Abby Kearns to its advisory board.

“Cybersecurity leaders are adding more tools, faster than their teams are able to implement, tune and configure them — increasing risk spend,” said Jit CTO David Melamed. “Creating a security plan or program is too time-consuming for high-velocity dev and product teams. Jit streamlines technical security for engineering teams over compliance checkboxes all while reducing spend. We deliver the simplest approach to implementing DevSecOps where product security is built into the software from the start along with a way to continuously maintain it in a language developers understand — code.”

The idea behind Jit is to offer what the company calls “minimal viable security” (MVS). Out of the box, the service offers developers MVS plans that have already codified a minimum set of tools and workflows that they’ll need to secure their apps and the infrastructure they run on.

“Instead of having to research, configure, implement and do the work to integrate open source security tools into your stacks and CI/CD pipelines, the security research team at Jit has taken the time to curate and select the tools that will provide the first line of defense for your applications, without having to figure it out yourself,” the company explains.

The company argues that its approach also means developers will only get alerts if there are important vulnerabilities they have to react to right away — and can then remediate them from inside their existing workflows. The tool will create automatic security reviews inside of pull requests or find AWS misconfigurations or issues with security controls for third-party services like npm-audit.