Automic VaultAutomic Vault

brew

Install legitify with Homebrew, Nix

Tool to detect/remediate misconfig and security risks of GitHub/GitLab assets. Version 1.0.11 via Homebrew; verified 2026-05-19.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install legitify

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#legitify

nixpkgs package indexes · pkgs/by-name/le/legitify/package.nix · source: api.github.com

overview

Package summary

Tool to detect/remediate misconfig and security risks of GitHub/GitLab assets

Commands and aliases

  • legitify

history

Project history and usage

Legitify is Legit Security's open-source CLI for finding and helping remediate security, compliance, and misconfiguration risks across GitHub and GitLab assets.

Project history

Legit Security announced Legitify on 2022-10-05 as an open-source GitHub configuration scanner for security, DevOps, and developer teams. The repository and project site later described the scope as source-code-management posture across GitHub and GitLab assets, with built-in policies and remediation-oriented output.

Adoption history

The project was packaged as a standalone CLI, GitHub Action, Homebrew formula, Nix package, and GitHub CLI extension. That mix made it fit both one-off audits from a workstation and scheduled checks in CI for organizations managing many repositories, members, teams, runners, branch protections, and tokens.

How it is used

Typical usage is to authenticate to GitHub or GitLab, run `legitify analyze`, and review policy findings against repositories, organizations, runners, webhooks, actions, branch protection, and other SCM resources. Its Homebrew packaging matters because security teams can hand developers a familiar install path instead of a vendor-only SaaS workflow.

Why package nerds care

Legitify is a package-nerd example of application-security posture management ideas escaping into a plain CLI. It packages policy checks and remediation hints as a tool that can live in local shells, CI jobs, and GitHub Actions, adjacent to linters and secret scanners.

Timeline

  • 2022-07-26: The GitHub issue tracker showed early public project activity.
  • 2022-10-05: Legit Security published the introductory Legitify announcement.
  • 2023-01-19: Public issues tracked expansion into third-party application policies.
  • 2023-02-06: Public issues tracked auto-remediation work.

Related projects

  • Related projects include the `gh-legitify` GitHub CLI extension, the Legitify GitHub Action, OpenSSF Scorecard, GitHub Advanced Security configuration checks, GitLab security scanners, and policy-as-code tools used for SCM governance.

security posture

Risk level: blue

broad file, network, media, or database tool signal.

Risk classifier

blue risk · medium confidence · tool

Why

  • broad file, network, media, or database tool signal

Signals

  • text:media

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
legitifycliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.0.11
manager updated2026-05-19
local dataok
upstreamcurrent
latest detectedv1.0.11

https://github.com/Legit-Labs/legitify

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:legitify
Version1.0.11
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/legitify
Homepagehttps://legitify.dev/
Repositoryhttps://github.com/Legit-Labs/legitify
Upstream docshttps://legitify.dev/
LicenseApache-2.0
Source archivehttps://github.com/Legit-Labs/legitify/archive/refs/tags/v1.0.11.tar.gz
Last updated2026-05-19T13:03:29-04:00
Pulseupdated
Build dependenciesgo@1.24
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namelegitify
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedyes
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

legitify

nix profile install nixpkgs#legitify
  • normalized package name match
  • Matched by: Legitify
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/le/legitify/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment