Legitify

Legitify is an open-source source code management (SCM) security scanner developed by Legit Security that detects misconfigurations, security risks, and policy violations across GitHub and GitLab implementations by analyzing organizations, repositories, members, GitHub Actions, and runner groups against security best practices and compliance frameworks. The tool provides automated security assessment with detailed remediation guidance for issues such as weak two-factor authentication enforcement, inadequate code review requirements, overly permissive workflow permissions, exposed secrets, and insecure branch protection settings, enabling security teams and DevOps engineers to enforce secure configurations at scale through CLI integration, GitHub Actions, and OSSF Scorecard support.