CLI for detecting and remediating GitHub and GitLab misconfigurations, security, and compliance issues
- Stars874
- Forks77
- Open Issues16
Apache-2.0
- Go
- Open Policy Agent
- JavaScript
About Legitify
Legitify strengthens the security posture of your source-code management. It is a command-line tool that detects and remediates misconfigurations, security issues, and compliance gaps across your GitHub and GitLab assets, checking organizations, repositories, members, actions, and runner groups.
You can scope analysis by namespace, organization, repository, or enterprise, and archived repositories are skipped by default. Results print as human-readable text, JSON, or SARIF, and can be grouped by namespace, resource, or severity. Flags let you show only failed checks and ignore selected policies. Optional OSSF Scorecard support alerts on GitHub repositories scoring below 7.0.
It works against both GitHub and GitLab, with --scm gitlab required for GitLab. Install it with Homebrew, as a GitHub CLI extension, or from source, and run it in CI with the official GitHub Action.
Key features
- Audits GitHub and GitLab organizations, repositories, members, actions, and runner groups
- Outputs human-readable text, JSON, or SARIF
- Groups results by namespace, resource, or severity
- Supports policy filtering and failed-only output
- Scorecard support for GitHub server and cloud repositories
Details
- First released
- 2022
- Platforms
- macOS · Linux · CLI
- Deployment
- offline-first
- SCM
- GitHub · GitLab
- Output
- Human-readable · JSON · SARIF
- Maintainer
- Legit Security