Legit Security Reviews

Name: Legit Security
Brand: Legit Security
Rating: 5.0 (4 reviews)

Vendor: Legit Security

5.0 out of 5

4 reviews
100% willing to recommend

Leave a review

What is Legit Security?

Legit Security offers comprehensive solutions for managing software security risks, ensuring efficient code integration, risk reduction, and policy adherence through centralized controls and robust integration with existing tools.

Get the Legit Security Buyer's Guide and find out what your peers are saying about Legit Security, Snyk, Veracode and more!

Legit Security is the #13 ranked solution in top Application Security Posture Management (ASPM) solutions and #14 ranked solution in top Software Supply Chain Security solutions. PeerSpot users give Legit Security an average rating of 10.0 out of 10. Legit Security is most commonly compared to Snyk: Legit Security vs Snyk. Legit Security is popular among the large enterprise segment, accounting for 59% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 14% of all views.

Helped 893,221 peers since 2012

Featured Legit Security reviews

Tim Crothers

CISO at Mandiant / FireEye

Legit Security is a product that hyper-focuses on the various aspects of the software development pipeline. For example, if an engineer spins off a new project and stands up a new Git project, Legit automatically detects it, connects Snyk and other tools, and ensures the engineering team doesn't have to think about it. This way, we stay on top of security from the beginning. On the other hand, Legit provides a clear view of the controls around repositories. We have standards requiring code reviews and similar practices, and Legit shows us whether these are being followed. Additionally, Legit helps us identify unmaintained repositories, which often arise when engineering teams try something and leave it behind. This knowledge allows us to determine the appropriate action for these neglected projects. One area where Legit falls short is secret detection. While it functions well overall, the feature has a 10-20 percent false positive rate, requiring some manual intervention. Almost everything else works flawlessly. The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates. Unlike traditional programs that require security reviews at specific stages, hindering development flow, we strive to partner with the product engineering team to ship secure code seamlessly within their existing workflows. Legit plays a crucial role in this by automatically notifying us of new projects, eliminating the need for manual communication. This partnership approach, enabled by Legit, allows us to work much closer with our engineering teams than ever before.

Read full review

Rob Preta

Head of Cyber Security at ACV Auctions Inc.

Legit Security enables me to verify things like request checks and the installation of my SaaS. I can also verify that we're not publicly exposing our keys. Those are crucial features. Legit Security's visibility into our software development environment is excellent. The solution correlates information based on the integrations I have, which is extremely helpful. The unified security control panel is top-notch. It has helped us gain insight as the company has grown over the past couple of years. We used to have two different programs that did some of this, but now we're going to discontinue the other application and only use Legit. Centralization is one thing I always preach, and Legit helps us do that. The risk-scoring features are excellent, and their scoring methodology is aligned with mine. It's integrated with Snyk, GitHub, Jenkins, and Wizz. The integration with AppSec applications and tools is excellent. The performance is super-fast, and I haven't had any problems.

Read full review

reviewer1585341

Deputy Chief Information Security Officer at a tech vendor with 501-1,000 employees

The ability to roll up recordings, build dynamic teams, and then map observed controls to those things, has been very helpful. We also use Legit Security for secret management and validation to ensure that secrets are still getting into our codebase, as well as for infrastructure and code scans. These are the three main use cases for which I have been using Legit Security. There are a number of other areas in which it has also helped us, such as pipeline security, which involves the actual infrastructure and pipelines that we use to build and deploy our software. I wanted to make sure that these were secure, and Legit Security helped me with that as well.

Read full review

Legit Security mindshare

Product category:

As of May 2026, the mindshare of Legit Security in the Software Supply Chain Security category stands at 4.0%, down from 4.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Software Supply Chain Security Mindshare Distribution
Product	Mindshare (%)
Legit Security	4.0%
JFrog Xray	12.4%
Mend.io	8.5%
Other	75.1%

Software Supply Chain Security

PeerResearch reports based on Legit Security reviews

Type	Title	Date
Category	Software Supply Chain Security	May 9, 2026	Download
Product	Reviews, tips, and advice from real users	May 9, 2026	Download
Comparison	Legit Security vs Docker	May 9, 2026	Download
Comparison	Legit Security vs Qualys CyberSecurity Asset Management	May 9, 2026	Download
Comparison	Legit Security vs JFrog Xray	May 9, 2026	Download

Valuable Features

Legit Security enhances software development by focusing on high-risk findings, providing unified application security control and excellent visibility. It effectively integrates with various tools, supports shifting security left, and strengthens the security posture. Users appreciate its centralization, risk-scoring features, and integration capabilities. It aids in secret management, infrastructure scans, and pipeline security, while seamlessly notifying teams of new projects. Though secret detection may have false positives, its primary value is supporting smooth product security workflows.

"The true value proposition of Legit lies not in its features but in its ability to support our product security program's focus on creating guardrails instead of toll gates."
"We implemented Legit Security to gain visibility into all development teams and ensure that consistent controls are in place and accounted for on every route."
"Legit has increased my security posture to a level I couldn't achieve before. I don't need to worry as much about what's happening within my developer environments. I can rest assured that my vulnerabilities are being detected."

Room for Improvement

Legit Security could benefit from having its own static code scanner and open-source software scanners. Users desire improved detection of publicly exposed keys and more effective secret detection due to inconsistencies and false positives. They emphasize a need for dynamic rerun capabilities for development teams and suggest consolidating multiple tools under one platform. While the team's responsiveness is appreciated, enhancements in these areas are looked forward to for better overall functionality.

"One issue is that engineering teams don't always embed secrets in the same way, making it difficult for the tool to consistently identify them."
"The one we're working on right now is the ability to dynamically rerun development teams and groups."
"Legit Security could do a little better with detecting publicly exposed keys. It's not bad. The detections that they are running get to everything eventually, but it would be great if they could increase some of that awareness."

Pricing

"The pricing is reasonable."

Popular Use Cases

Legit Security is used primarily for managing the software development lifecycle by enforcing policies, ingesting results, creating SBOMs, and providing visibility, prioritization, and orchestration. It supports application security posture management, ensuring secure coding practices. Organizations deploy it for visibility into development teams, ensuring consistent controls and metrics. It secures the code pipeline, emphasizing security and agility. It was chosen to secure the software delivery pipeline, highlighted as necessary after the SolarWinds breach.

Deployment

Users found Legit Security's initial setup straightforward, with minimal maintenance required. Involving up to four team members, deployment often completed within two weeks. Teams highlighted the importance of integrating core solutions to enhance visibility. While users needed to ensure continuous assets enrollment and integration with resources like GitHub, they required few dedicated resources for maintenance or support. Users noted Legit Security's ease of setup and execution using familiar methods.

Scalability

Legit Security demonstrates exceptional scalability, accommodating environments as they grow significantly in size. Users with numerous repositories experience no strain on capacity, while others have successfully doubled their number of developers and infrastructure without issues. With its ability to seamlessly expand with user demand, Legit Security effectively meets the needs of diverse organizations.

Stability

Users express satisfaction with the stability of Legit Security, highlighting consistent service without outages. They mention an absence of downtime, reinforcing confidence in its reliability. Flawless performance is frequently noted by multiple individuals, indicating a strong emphasis on stable operation. The consistent theme across feedback confirms Legit Security’s robust and dependable nature. Every response emphasizes an uninterrupted experience, suggesting that any concerns related to stability are minimal or nonexistent.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Legit Security Buyer's Guide for additional reliable information.

Top industries

By visitors reading reviews

Financial Services Firm

14%

University

13%

Retailer

Government

Educational Organization

Computer Software Company

Insurance Company

Construction Company

Energy/Utilities Company

Real Estate/Law Firm

Comms Service Provider

Consumer Goods Company

Healthcare Company

Legal Firm

Performing Arts

Recreational Facilities/Services Company

Religious Institution

Wholesaler/Distributor

Renewables & Environment Company

Manufacturing Company

Logistics Company

Hospitality Company

Recruiting/Hr Firm

Wellness & Fitness Company

Compare Legit Security with alternative products

Learn more about Legit Security

Legit Security provides organizations with a powerful platform for enhancing software security. It offers a unified control panel that highlights high-risk findings and enhances security posture with risk scoring. By facilitating seamless integration with existing tools, it promotes a security shift-left approach. Centralized management helps enforce policy adherence while secret management capabilities add another layer of security. Despite some false positives in secret detection, Legit collaborates with engineering teams to ensure secure code integration.

What are the key features of Legit Security?

Noise Reduction: Minimizes noise from scanning tools for increased efficiency.
Risk Scoring: Highlights high-risk findings to prioritize security efforts.
Unified Control Panel: Centralizes oversight for improved policy enforcement.
Seamless Integration: Works with existing tools to reduce security risks.
Secret Management: Ensures secure handling of sensitive information.

What benefits should be considered when evaluating Legit Security?

Comprehensive Visibility: Offers end-to-end insights into the software development lifecycle.
Security Shift-left: Facilitates early security integration for proactive risk management.
Partnership with Engineering Teams: Promotes collaborative secure code implementation.
Responsive Enhancement Requests: Reflects adaptability to user feedback for continuous improvement.

In industries dealing with sensitive data and complex code deliveries, Legit Security is implemented to manage the entire software development lifecycle. Organizations utilize it for compliance, integrating it with other scanning tools to bolster code supply chain security and application security management. In the wake of incidents like the SolarWinds breach, the importance of securing the software delivery pipeline has been underscored, positioning Legit Security as a crucial component in protecting against similar threats.

Legit Security customers

Google, NYSE, Kraft-Hienz, Takeda Pharmaceuticals, and many other large enterprise and Fortune 500 customers. Learn more by going to: https://www.legitsecurity.com/...

Product Categories

Software Supply Chain Security

Application Security Posture Management (ASPM)

Popular Comparisons

Snyk vs Legit Security

Veracode vs Legit Security

Mend.io vs Legit Security

Sonatype Lifecycle vs Legit Security

Aqua Cloud Security Platform vs Legit Security

Docker vs Legit Security

Wiz Code vs Legit Security

Apiiro vs Legit Security

Cycode vs Legit Security

Ox Security vs Legit Security

ArmorCode vs Legit Security

Chainguard vs Legit Security

Ivanti Neurons for ASPM vs Legit Security

Heeler vs Legit Security

See all alternatives

Legit Security Reviews Summary
Author info	Rating	Review Summary
CISO at Mandiant / FireEye	5.0	Legit Security uniquely secures our software delivery pipeline, complementing Snyk's code-focused approach. It seamlessly integrates into workflows, enhancing team collaboration and maintaining security. Despite some secret detection issues, its pipeline focus addresses critical needs highlighted by the SolarWinds breach.
Head of Cyber Security at ACV Auctions Inc.	5.0	We use Legit Security for application security posture management, benefiting from excellent visibility and integration with tools. It centralizes our security efforts, delivers quick performance, and offsets costs despite needing improved detection of exposed keys.
Deputy Chief Information Security Officer at a tech vendor with 501-1,000 employees	5.0	I use Legit Security for our application security program, enhancing visibility, secret management, and infrastructure scans. It improves our security posture and cost-efficiency, though we seek dynamic team rerun capabilities. Previously, we used no pipeline security solutions.
CISO at Noname Security	5.0	We use Legit Security to manage our SDLC, ensuring policy enforcement and prioritizing remediation of high-risk findings. Its integration capabilities and visibility enhance security posture, despite needing other scanners for complete coverage, aiming to eventually consolidate tools.

Title	Rating	Mindshare	Recommending
Snyk	4.1	N/A	100%	51 interviews Add to research
Veracode	4.0	N/A	89%	207 interviews Add to research

Legit Security Reviews

What is Legit Security?

Featured Legit Security reviews

Legit Security mindshare

PeerResearch reports based on Legit Security reviews

Valuable Features

Room for Improvement

Pricing

Popular Use Cases

Deployment

Scalability

Stability

Top industries

Compare Legit Security with alternative products

Learn more about Legit Security

Legit Security customers

Related questions

Product Categories

Popular Comparisons