Legit Security's secret detection works. However, there are some limitations to its effectiveness. One issue is that engineering teams don't always embed secrets in the same way, making it difficult for the tool to consistently identify them. While I don't know of any other application that performs better, this inconsistency does lead to some false positives and occasional missed secrets.
Legit Security could do a little better with detecting publicly exposed keys. It's not bad. The detections that they are running get to everything eventually, but it would be great if they could increase some of that awareness.
I would like them to have their own static code scanner, and I'd like them to have their own open-source software scanners. I'm using it as a management plan; I still have to have licenses for other tools that do active scanning, and I would just prefer to consolidate that under one roof.
Legit Security offers comprehensive solutions for managing software security risks, ensuring efficient code integration, risk reduction, and policy adherence through centralized controls and robust integration with existing tools.Legit Security provides organizations with a powerful platform for enhancing software security. It offers a unified control panel that highlights high-risk findings and enhances security posture with risk scoring. By facilitating seamless integration with existing...
Legit Security's secret detection works. However, there are some limitations to its effectiveness. One issue is that engineering teams don't always embed secrets in the same way, making it difficult for the tool to consistently identify them. While I don't know of any other application that performs better, this inconsistency does lead to some false positives and occasional missed secrets.
Legit Security could do a little better with detecting publicly exposed keys. It's not bad. The detections that they are running get to everything eventually, but it would be great if they could increase some of that awareness.
I would like them to have their own static code scanner, and I'd like them to have their own open-source software scanners. I'm using it as a management plan; I still have to have licenses for other tools that do active scanning, and I would just prefer to consolidate that under one roof.