https://www.legitsecurity.com/legitify is an open source security tool from https://www.legitsecurity.com/ that scans server configuration monitor (SCM) servers and detects security misconfigurations. It also provides detailed remediation steps and integration with GitHub Actions to use within continuous integration (CI) processes.

In this blog post, I’ll show how to use https://www.legitsecurity.com/legitify to secure a GitHub/GitLab server.

Legitify allows running Scorecard on all your repositories with ease: GITHUB_TOKEN=your_token_here legitify analyze --org your_org_name --namespace repository --scorecard verbose

Another option is to run Legitify as a GitHub Action: name: Legitify Analyze on: workflow_dispatch: schedule: - cron: '0 11 * * 1-5' jobs: analyze: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Legitify Action uses: Legit-Labs/legitify@main with: github_token: ${{ secrets.LEGITIFY_PAT }}

Related Articles