# Install legitify with Homebrew, Nix

Tool to detect/remediate misconfig and security risks of GitHub/GitLab assets. Version 1.0.11 via Homebrew; verified 2026-05-19.

## Install

```sh
sudo av install brew:legitify
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install legitify
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#legitify
```

  Evidence: nixpkgs package indexes: pkgs/by-name/le/legitify/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:legitify
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/legitify>
- **Version:** 1.0.11
- **Source summary:** Tool to detect/remediate misconfig and security risks of GitHub/GitLab assets
- **Homepage:** <https://legitify.dev/>
- **Repository:** <https://github.com/Legit-Labs/legitify>
- **Upstream docs:** <https://legitify.dev/>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/Legit-Labs/legitify/archive/refs/tags/v1.0.11.tar.gz>
- **Last updated:** 2026-05-19T13:03:29-04:00
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- legitify (cli)
- legitify (alias)

## Build dependencies

- go@1.24

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.0.11
- Package-manager updated: 2026-05-19
- Local data: ok
- Upstream repository: https://github.com/Legit-Labs/legitify
- Upstream latest detected: v1.0.11 (current)
## Project history and usage

Legitify is Legit Security's open-source CLI for finding and helping remediate security, compliance, and misconfiguration risks across GitHub and GitLab assets.

### Project history

Legit Security announced Legitify on 2022-10-05 as an open-source GitHub configuration scanner for security, DevOps, and developer teams. The repository and project site later described the scope as source-code-management posture across GitHub and GitLab assets, with built-in policies and remediation-oriented output.

### Adoption history

The project was packaged as a standalone CLI, GitHub Action, Homebrew formula, Nix package, and GitHub CLI extension. That mix made it fit both one-off audits from a workstation and scheduled checks in CI for organizations managing many repositories, members, teams, runners, branch protections, and tokens.

### How it is used

Typical usage is to authenticate to GitHub or GitLab, run `legitify analyze`, and review policy findings against repositories, organizations, runners, webhooks, actions, branch protection, and other SCM resources. Its Homebrew packaging matters because security teams can hand developers a familiar install path instead of a vendor-only SaaS workflow.

### Why package nerds care

Legitify is a package-nerd example of application-security posture management ideas escaping into a plain CLI. It packages policy checks and remediation hints as a tool that can live in local shells, CI jobs, and GitHub Actions, adjacent to linters and secret scanners.

### Timeline

- 2022-07-26: The GitHub issue tracker showed early public project activity.
- 2022-10-05: Legit Security published the introductory Legitify announcement.
- 2023-01-19: Public issues tracked expansion into third-party application policies.
- 2023-02-06: Public issues tracked auto-remediation work.

### Related projects

- Related projects include the `gh-legitify` GitHub CLI extension, the Legitify GitHub Action, OpenSSF Scorecard, GitHub Advanced Security configuration checks, GitLab security scanners, and policy-as-code tools used for SCM governance.

### Sources

- <https://github.com/Legit-Labs/gh-legitify>
- <https://github.com/Legit-Labs/legitify>
- <https://github.com/Legit-Labs/legitify/issues>
- <https://github.com/marketplace/actions/legitify-analyze>
- <https://legitify.dev/>
- <https://www.legitsecurity.com/blog/introducing-legitify>
- <https://www.legitsecurity.com/legitify>


## Security Notes

broad file, network, media, or database tool signal.

- **Geiger risk:** blue / medium
- broad file, network, media, or database tool signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** legitify
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** yes
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - legitify: normalized package name match | nixpkgs package indexes: pkgs/by-name/le/legitify/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [cfripper](https://www.automicvault.com/pkg/brew/cfripper/) - Shares av.db curated category or tags: cli, cloud-security, security.
- [lacework-cli](https://www.automicvault.com/pkg/brew/lacework-cli/) - Shares av.db curated category or tags: cli, cloud-security, security.
- [parliament](https://www.automicvault.com/pkg/brew/parliament/) - Shares av.db curated category or tags: cli, cloud-security, security.
- [s3scanner](https://www.automicvault.com/pkg/brew/s3scanner/) - Shares av.db curated category or tags: cli, cloud-security, security.
- [terraform-iam-policy-validator](https://www.automicvault.com/pkg/brew/terraform-iam-policy-validator/) - Shares av.db curated category or tags: cli, cloud-security, security.
- [trailscraper](https://www.automicvault.com/pkg/brew/trailscraper/) - Shares av.db curated category or tags: cli, cloud-security, security.
- [yatas](https://www.automicvault.com/pkg/brew/yatas/) - Shares av.db curated category or tags: cli, cloud-security, misconfiguration, security.
- [cliam](https://www.automicvault.com/pkg/brew/cliam/) - Shares av.db curated category or tags: cli, cloud-security, security.

## Combined YAML source

View the package source record on GitHub. [combined/legitify.yml](https://github.com/automic-vault/db/blob/main/combined/legitify.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
