BOSTON, Aug. 14, 2025 /PRNewswire/ —Â Legit Security, a global leader in AI-native application security posture management (ASPM) and security for AI-led application development, today announced expanded SCA and SAST capabilities within its ASPM platform that enable smarter decision-making, strengthen compliance, and deliver real risk reduction across modern application environments, while consolidating AppSec tools.
With advanced reachability and license detection, security and development teams can eliminate noise, focus on actionable risks, and remediate faster. These capabilities also position customers to better manage risk associated with AI-first development programs, including those leveraging vibe coding tools such as Cursor and Windsurf, or AI code assistants, including GitHub Copilot.
Legit’s enhanced SCA and SAST transform application security scanning by connecting code-to-cloud content with business criticality and a precise development ownership model. This unique approach filters out noise and pinpoints what is truly exploitable, ensuring that the highest-impact issues reach the right developers at the right time. In addition, these updates expand coverage to AI or LLM-specific vulnerabilities that generic SAST tools would miss, such as prompt injection, use of insecure models, and insecure AI third parties.
These developments come at a critical time. Right now, security teams are overwhelmed by high volumes of alerts, and at the same time, developers are expected to accelerate development with AI-assisted coding tools. Without the right guardrails, this shift introduces significant risk to organizations.
“SCA and SAST are critical parts of effective AppSec, especially with AI code generation, because they help identify vulnerable code anywhere,” says Liav Caspi, co-founder and CTO at Legit. “However, many traditional code scanning tools lack context, leading to too much noise, which ultimately blocks adoption by developers. Our advancements resolve the common pain points of existing tools and provide intelligent context that reduces false positives and the friction they create, positioning us to secure vibe coding.”
Key enhancements for Legit’s scanners include:
- SCA reachability: Analyzes whether vulnerable dependencies and functions are used by the application, helping teams focus only on exploitable risks
- SCA license risk analysis: Flags open-source license types and potential legal or policy violations to support governance and compliance
- AI-specific detections: Expands Legit’s static analysis (SAST) engine with new detection rules for OWASP Top 10 AI vulnerabilities and adds support for a range of scan engines to improve coverage across AI and LLM-integrated codebases
With these SCA and SAST enhancements, Legit has strengthened its core platform to meet the growing demands of modern application development, offering deeper visibility, smarter prioritization, and expanded protection against emerging AI-driven risks.
For more details on how Legit Security’s next phase of capabilities streamlines AppSec management, visit www.legitsecurity.com.
About Legit Security
The Legit Security AI-native ASPM platform is a new way to manage application security in a world of AI-first development, providing a cleaner way to manage and scale AppSec and address risks. Fast to implement, easy to use, and AI-native, Legit has an unmatched ability to discover and visualize the entire software factory attack surface, including a prioritized view of AppSec data from siloed scanning tools. As a result, organizations have the visibility, context, and automation they need to quickly find, fix, and prevent the application risk that matters most. Spend less time chasing low-risk findings and more time innovating.
Media Contact
PANBlast for Legit Security
legitsecurity@panblastpr.com
SOURCE Legit Security
Read More: The Role of AI in Threat Detection and Response