OpenSSF SCM Best Practices Guide Released With Contributions From Legitify

We’re thrilled to share that the OpenSSF SCM Best Practices working group has released its SCM Best Practices Guide. This guide is the result of collaborative efforts between Legit Security and several of the industry’s top security vendors under the OpenSSF banner to bring this guide to life.

The guide addresses the important task of securing Source Code Management (SCM) platforms. The goal is to promote safer, more resilient development environments, keeping vulnerabilities at bay. In today’s world, where software is at the heart of many businesses, ensuring a secure code management process is more crucial than ever.

The guide is comprehensive, covering a wide array of topics essential for organizations aiming for secure SCM practices. From setting up CI/CD pipelines, implementing branch protection rules, to configuring user access and permissions – this guide is designed to provide clear direction for every step. Its objective is to be the central hub of knowledge when it comes to SCM security policies and best practices.

It’s worth noting that the guide leans heavily on The Legit knowledge base. This is an extensive open-source resource provided by Legitify, our open-source SCM security scanner. For organizations and users who use Legitify, adopting the standards set in the SCM Best Practices Guide becomes seamless. In doing so, these organizations can effortlessly gain a clear picture of their SCM security standing.

At Legit Security, our commitment to the open-source community and knowledge-sharing remains unwavering. We firmly believe that by contributing to open-source knowledge, we pave the way for a more secure and integrated future. Working alongside OpenSSF has been a rewarding journey, enriched by the shared insights, dedication, and the collective expertise of its exceptional members. This collaboration has reinforced our belief in the power of community-driven initiatives, and we are deeply grateful for the opportunity to co-create with such a dynamic group. As we move forward, Legit Security pledges to continue partnering, innovating, and contributing to such commendable endeavors, ensuring that the digital landscape remains secure for all.


To learn more about Legitify and download this open-source security tool for Source Code Management systems, click here. To learn more about our commercial offering, the Legit Security platform, click here or book a demo.

*** This is a Security Bloggers Network syndicated blog from Legit Security Blog authored by Noam Dotan. Read the original post at:

Application Security Check Up